Firewall blocking doesn't work when VPN is active


#1

Hello,
I tried to run NordVPN client and noticed, that apps selected to be blocked can connect to remote hosts.

How to reproduce:

  1. Make sure VPN is disabled
  2. Add your browser to blocked apps in Glasswire
  3. Confirm that you cannot load any remote sites in your browser
  4. Enable VPN
  5. Try to open any webpage

In my case everything can connect to the hosts in Internet and blocking list is ignored. After disabling VPN blocking works as intended.

Alek


#2

@alcho

If you go to the top left GlassWire menu and choose “About” what version does it say you have there?


#3

Oh sorry, I forgot to mention that :slight_smile:
It’s 2.0.80, and firewall is in “Ask to connect” mode.


#4

@alcho

Please try this update and use its “clean install” option along with its firewall reset option.
https://www.glasswire.com/download/


#5

Thanks Ken. It seems to work, although I saw two blocked browsers loading webpages. After short time they couldn’t access the Internet. It seemed like firewall rules were inserted with some delay. I need more time to test, because VPN behaves like it does lose network connection from time to time.
But definitely it helped at least a bit. I saw earlier that permanently blocked applications could upload their files onto remote sites while VPN was active. Now those apps can’t connect.
we’ll see, thanks :slight_smile:


#6

I managed to autoupdate my Firefox while blocked.


Microsoft Edge was also able to open webpages. VPN was active, system waked up for 15 minutes after suspend.


#7

@alcho

Did you install GlassWire with its clean install option with the installer and its firewall reset option also checked?

For Firefox, does it use a separate installer like Chrome? If so it’s probably correct behavior. With Chrome it auto-updates with “Google Installer” for example.


#8

Yes Ken, I did as you wrote earlier. Clean install and rules reset. Then I turned Firewall on and switched to “Ask to connect: mode. Microsoft Edge was explicitly blocked: two applications and Browser_Broker.” I did not allow any separate Firefox installer. I was able to browse Internet while blocked and VPN active, followed fresh links on webpages to not use local cache. It worked. Made fresh screenshot while opening info on privacy policy of Microsoft (who does read such pages? :wink: ). Glasswire FW shows Edge transferring data while blocked.


And, after switching VPN off, suddenly Edge couldn’t open any pages. Perhaps VPN has additional interface which has preference in rules enforcement. I don’t know. Probably you can try it with any software including OpenVPN under the hood.
When I switch Firewall to “block all” mode, there’s no access for browsers for sure.“Click to block” works like “ask to connect”. Blocked apps can connect anyway.
I can do additional reinstalls of Glasswire to confirm, but later :wink:


#9

Quick update. I made new clean profile in Glasswire firewall, switched to “Ask to connect” and it even doesn’t ask for allowing new apps when VPN is active…
OK, asked finally, but after denying the app still can connect.


#10

@alcho

I have another idea.

Uninstall GlassWire. Go to your “Windows Firewall” control panel and choose “restore defaults”.

Reboot.

Reinstall GlassWire with the firewall reset and clean install options both checked. Let me know if that solves it. If not let me know and I have another idea of what’s happening.


#11

@Ken_GlassWire
Ok, I’m after work and returned to troubleshooting. Thank you for your engagement. I did following steps:

  1. Uninstalled GlassWire
  2. Restored defaults in my firewall
  3. Rebooted
  4. Installed GlassWire
  5. Rebooted to be sure
  6. Switched to “Ask to connect” mode
  7. Tested explicitely blocked several apps. Every of these couldn’t access remote sites.
  8. Enabled VPN connection through NordVPN app
  9. Suddenly my blocked apps could connect to Internet sites

So nothing changed so far, but I went further.
10. I exported my firewall rules before and after connecting to VPN - nothing was different. Only one other thing changed: public profile became active. When I don’t use VPN, only private network profile was active. But those profiles have the same settings.
11. I got another idea: uninstalled NordVPN and installed pure OpenVPN app. After importing one NordVPN profile for OpenVPN I connected to their service.
12. Aaaaaaaand… GlassWire blocks every app which has “Block” setting turned on. So with pure OpenVPN access everything works smoothly.

:smiley:

Well. My reasoning is that NordVPN is messing somewhere in Windows setting. I cannot track it down, because I’m not too advanced Windows user/admin. One thing was interesting, that NordVPN app has the setting to drop any connections while VPN is not active and it works. But I don’t know what is then changed and where.

Maybe you are able to investigate it further, perhaps with NordVPN folks. You know Windows internals a lot better than me for sure.
For now I will stick with OpenVPN for a while, and probably will return to testing when I got some rest :smiley:
Thank you again.
Besides, I learned at least a bit about Windows Defender Firewall. :slight_smile:


#12

Another quick test. I installed other VPN app from different service provider. No problems at all. So, for now, I’m fully satisfied with this.


[SOLVED] NordVPN TAP Adapter Bypasses GlassWire
#13

@alcho

Thanks for the details, and sorry for the problem. We’ll look at signing up for those VPN services and test with them.


#14

Just to confirm I’m seeing the same as alcho. Blocked apps sending data when NordVPN active. Not what I’d expect to see happening!


#15

@normaluser123

If you go to the top left GlassWire menu and choose “About” what version are you using?

Did you try the recommendations given above yet? If not please try them and let me know your results.


#16

HI, so I’m on Glasswire pro 2.0.84.

I haven’t tried the open vpn route yet, or installed the firewall defaults etc. Will give it a go if necessary, but it didn’t seem like it had any positive result.

I also wonder if the change to the glasswire.conf (required, for me at least, to enable Nord to work at all) changing “hostname_enable_nslookup=true” to false has any influence.

Was just trying to add to the mix that it is not an isolated instance.

Thanks!


#18

If you check the Windows Firewall control panel, do you see that those apps have added their own rules there? If so you can delete them.

The previous version of GlassWire would clear all firewall rules, then add its own. Due to user feedback GlassWire 2 does not change your current firewall rules you set up so if you had this app add its own rules before then those rules will still be present.

You can go to the Windows Firewall control panel and block those apps and then GlassWire can have more control over them.