You can buy special purpose mini-PCs and install OPSense on them to act as a dedicated, external VPN box that sits between your computer and your existing router/switch or modem/internet service provider. Your computer will not even know it is communicating with the internet through a VPN tunnel. Because you’re setting up your VPN traffic as a NAT rule, OPSense cannot send traffic outside of the VPN tunnel, regardless if the VPN servers are up or down.
Note that OPSense is not meant to be a software switch. If you want more than one device to go through this VPN box/router, you will also need a normal network switch.
You can put this VPN box between your computer and your existing router/switch/modem, and that way you can have only the computer go through VPN (without even knowing) and everything else not go through the VPN.
I place the system on a separate VLAN (configured in my router, you need a good router for this). Then, on that VLAN I block every IP address using the firewall rules except for the IP address of the VPN server. Voila, I have a safety net, only my VPN’s IP address can be reached. It has worked well for me for a few years now.
Mullvad’s VPN app, at least for the Mac, has the features, where you can stipulate what apps must go via VPN and you can also set it to prohibit any traffic from going other than via VPN.
Awesome! This is exactly what I’m looking for. Thank you!
However, I’m unable to completely understand how to add them to network adapter properties. Do you happen to know any website/video that shows instructions?
So far, what I understand is.
Control Panel > Network connections > right click on Ethernet or WiFi > Properties
I’m lost here. In the list, which items should I select? Where can I add the dns entries?
Lockdown mode won’t allow your device to connect to internet if the VPN is not connected. Enable VPN on startup also. So it automatically turns on whe. You boot up computer
Thank you! I left the option “Obtain IP address automatically”, and added the DNS to 100.64.0.3 (for ad and tracker blocking).
What about IP6? Does it needs changes too? Does it also connect to internet?
(apologies if my question doesn’t make sense, I don’t know much about these things).
By the way, I still didn’t get the VPN. I wanted to gain knowledge and I’ll subscribe once I know how to activate all the settings… Hopefully by end of today!!
You can just set ipv6 to static but just put nonsense into it. This would prevent the PC from ever trying to use ipv6.
Outside of massive companies you only really see ipv4, so getting rid of it like this is a benefit.
(Most equipment SUPPORTS ipv6, but doesn’t use it, to be clear lol)
Edit: also for quick information on these subjects I really suggest TechQuickie (YouTube) as they give quick summaries that are easily understood by a layperson.
I just set the IPv6 address to 2001:0:0:0:0:0:0:0, subnet prefix to 2.
I hope nothing of that sort exists indeed for internet to connect lol. If it does, please let me know, and I’ll create some other random number.
So if I understand it right, here’s the entire cycle.
Get a VPN and activate “Lockdown Mode” (this is from VPN software side).
Network connections > Properties (ethernet/wifi) > IPv6 to dummy values… IPv4 > Obtain IP address automatically > Use the following DNS server > Preferred > 100.64.0.3 (for Ad & tracker blocking)
By doing the above 2, there’s no way for internet to be connected to anything on PC - unless it’s connected to VPN + the DNS server.
Am I right?
What happens if the VPN is disconnected? Would the internet still be connected to 100.64.0.3 without VPN thereby exposing my actual info?
You’ve basically got it yeah! You should also put in a secondary DNS , and both 100.64.0.3 & the other DNS need to be for your specific VPN.
Test connecting without a VPN to make sure the DNS(s) isn’t publicly forwarded as well (which would cause your network to work, just providing you the DNS features of ad / tracker blocking)