Hi, Frederic, I am using VPN to connect university resource (cisco VPN client). By checking this thread, VPN works smoothly (allowing the protocol, allowing 2 additional UDP ports). https://www.wilderssecurity.com/showthread.php?t=174040 But, (1) I have the same problem as Thomas described (LnS switches automatically to the VPN interface when VPN connects). In that thread, you mentioned that LnS SHOULD NOT change the binding interface. In my case, it always changes automatically. Is this normal? (2) When using a PPPoE connection, there are 3 interfaces, namely VPN interface (IP: 222.2.2.2) Wan Miniport Interface (IP:111.1.1.1) Ethernet (IP: 192.168.1.1) If LnS still binds to Miniport one, can it filter the traffic of VPN? (3) When VPN is connected, there are 3 IP addresses of my PC. If LnS binds to VPN one, does it mean that the wan miniport one is unprotected? (just ping from another pc, seems the wan miniport ons is invisible or deactived, because there is no reply) Thanks in advance.
Hi nuser, If you don't want Look 'n' Stop to switch on the VPN interface, just enter 222 (or 222.2 if you need to be more specific) in the exclusion list in the advanced options (; is a separator there). Yes, if Look 'n' Stop switches to the VPN interface the other ones are no longer monitored. And usually the VPN traffic is already secure, and doesn't need to be filtered. (if 2 adpaters really need to be filtered, then you need to start 2 instances of Look 'n' Stop). Frederic
thanks a lot, Frederic, I just tested on another Lan with VPN. Now I have 2 active interface, i.e., Ethernet and VPN. If Look'n'Stop binds to the Ethernet one and I add a "block ALL" rule on the top of ruleset, I can still access Internet! Theoretically, the traffic SHOULD pass through the Ethernet interface and Look'nStop Should block All with the above rule. However, nothing is blocked. confused. (if Look'n'Stop binds to the VPN one, every packet is blocked as expected)
Maybe on this specific configuration Look 'n' Stop doesn't see packets at all (for an unknown reason). Did you check the statistic on the Welcome tab ? It would be interesting to know if they were at 0 or increasing. Frederic
Hi, Frederic, The traffic shown in the welcome tab is still increasing when VPN connection is active and LnS binds to the Ethernet one (also with a rule "Block ALL' at the top of ruleset). I just tested with downloading a file ~10MB and found that the 'total received packets' is changed from 117.2MB to 118.0MB (only 0.8MB increased with the downloading of 10MB). Seems not very accurate. So, LnS can see traffic, but can't filter them. If this is not a special case of my environment, there might be a bug.
Maybe you can check your specific IP address for each network driver connected. I remember ones that LnS put the mark in front of one driver (e.g. LAN), however the actual IP address belonged to the other driver (WLAN with another IP range). And as far as I remember, LnS filtered only the traffic of the driver belonging to the correct IP. Somehow LnS did not mark the correct network driver Thomas
Hi nuser, So there are actually some filtering rules working, since the number of filtered packets are not at 0. Are you sure you created the right rule ? Is it exactly the same as the last rule of the ruleset ? Could put some screenshot of the ruleset and the rule you created ? Also you could check the per rule stats in the Console windows, to see which rules are used. Yes, the stats is usually more accurate and you should observe a 10MBytes difference if you really downloaded a 10 Mbytes file on this interface. Frederic
Hi, Frederic, Yes, I have duplicated the last rule and move it to the top. (see the attached). the procedure to reproduce the problem: 1, activate VPN connection 2, manually select the Ethernet Interface 3, active the top rule (block all), press "Apply" 4, Internet traffic is not filtered, I can still download file from www.looknstop.com 5, the log file shows no IP packets. VPN connection by server is closed after 3 minutes because I "block All", including some necessary communications between my pc and server (like ARP or EAPoL). But it doesn't matter in this problem. 6, conclusion (needs confirmation by others): On Ethernet interface, LnS can see traffic, but can't filter them. 7, of course, LnS works normally on the VPN interface. So this problem doesn't influence everyday usage of LnS.
Hi, Frederic, more snapshots for your reference. PS, I just consulted the help file. Maybe the reason is that the protocol used to pass through ethernet interface is not TCPIP and LnS only filters packets with TCPIP protocol.
Sorry nuser, But I can not reproduce what you are seeing! I sent my driver log file to Frederic and also my rule-logfile. When I put the last rule (block all) on top, there is no surfing possible during a VPN session, when the Ethernet card is selected! I have not tested with WLAN and VPN, though... Thomas
Thanks a lot, Thomas, Maybe there is some compatibility problem with other softwares. I will test it with a fresh installation on another pc.
Hi nuser, I don't think Look 'n' Stop sees the traffic. Seeing or filtering is actually the same, if Look 'n' Stop sees the traffic it is able to filter it. I think the traffic uses another path. This is also confirmed by the fact you said the stats in the welcome page was not in synch with the size of the you downloaded (0.8 / 10 MB). Are you sure the traffic is not simply using the VPN interface which is not monitored (since you selected the other interface) ? What happens if you do the same test and you let the selection on the VPN interface ? Also what you can try is to start 2 instances of Look 'n' Stop at the same time each one monitoring a specific interface. When doing that, be sure to not have the two instances monitoring the same nework interface (otherwise some problem/crash may happen). Frederic
Normally no, if Look 'n' Stop has detected the protocol it means it has seen packets using this protocol. However maybe this protocol is bound only to the VPN interface, and as soon as you select back the other interface the packets sent on it are no longer seen. Frederic
thanks, Frederic, Following your suggestion, I did more tests: If LnS binds to the Cisco VPN interface, everything works well as expected. The statistics on welcome tab is also shown exactly. But problems still remain when the Ethernet one is selected. So my question is: Is the Ethernet interface the final one for ALL packets? Since it's the only 'physical' interface. I meain: whatever protocol, encapsulations, ALL packets SHOULD pass through the Ethernet interface. Right? If so, LnS should see and filter on Ethernet one. Is there any other 'path' for the packets to pass 'stealthily', which LnS can't monitor?
Hi nuser, Yes, normally everything pass through the ethernet interface and any packet should be seen by Look 'n' Stop. However very often VPN are installing drivers at the same NDIS level as Look 'n' Stop driver is, and some conflict can happen. It is similar like installing 2 firewalls. Frederic