Prevent data leak if VPN disconnects

 

Many VPN users require absolute security and never want their true IP revealed. However, due to internet issues a VPN connection can disconnect or drop. The following method will prevent any traffic from passing to the internet if your VPN disconnects.

 

1 - Place a router dedicated to the VPN between your computers and your main router. You can also do this on your main router but it will prevent access to the internet over your non VPN connection.

 

2 - In the router firewall settings block all ports both UDP and TCP except 53 and 1194

 

3 - Configure your VPN connection to only connect on UDP port 1194 for OpenVPN. For L2TP allow UDP ports 500 and 4500. For PPTP allow TCP port 1723.

 

4 - When using the VPN connect to the VPN only router. When not connected to the VPN no traffic will pass in web browsers, email programs and such.  Connect to the VPN and all traffic will pass until the VPN is disconnected.  If the VPN accidentally drops all traffic will immediately stop and your true IP will never be revealed.

 

Do not trust software solutions to prevent IP leaks offered by some vendors. They can fail leaving you completely exposed. The only 100% reliable method is to do it from your router described above.