ltguillaume
commented
6 years ago So what I'm basically asking is whether an extra WFP can be handled correctly by another app while simplewall is running.
Closed ltguillaume closed 1 year ago
ltguillaume
commented
6 years ago So what I'm basically asking is whether an extra WFP can be handled correctly by another app while simplewall is running.
ltguillaume
commented
6 years ago I just tried to block Internet Explorer from within simplewall, while Windscribe VPN was running. It. Did. Nothing. Internet Explorer was happy to load any page. It's as if simplewall's UI gets completely disconnected from WFP. When I shut down Windscribe, the firewall still wouldn't respond to my blocking of IE, even after retrying. When I restarted simplewall, all of a sudden stuff responded again and I could block and unblock IE instantly.
@henrypp I think this might be a serious problem with ANY software that also tries to use the WFP API, not just Windscribe or OpenVPN. Feels a lot like a keyboard hook: whichever application comes last has full authority and previous either have to "rehook" or they won't work anymore. I realize I'm speculating here, and if I had more experience with C++ and WFP I'd be more helpful, but this should definitely be addressed for the sake of simplewall's reliability.
ltguillaume
commented
6 years ago I can now confirm that restarting simplewall after a VPN connection has been made seems to fix the delays of popups, and the problem of the firewall not responding to checking/unchecking applications in simplewall's list.
It seems that there has to be some "reinitialization" of simplewall after Windscribe has (re)connected (which could be at any time). This is only speculation, as it might still be that this reinitialization would be necessary without Windscribe in the mix.
@henrypp can/should I provide any more information in order to resolve this?
ltguillaume
commented
1 year ago For completeness, I have been using Windscribe (primarily using WireGuard) and simplewall together for years now without any issues. I simply forgot this issue wasn't closed yet.
When Windscribe VPN's Windows application loses the connection to the server somehow, it has Windows firewall entries in place to prevent any leaking traffic outside of the VPN connection. Traffic should be stopped by it until reconnected.
A short Wireshark test showed a lot of (unprotected) DNS requests as soon as the connection got cut off briefly.
My question is whether simplewall is completely compatible with programs that try to add temporary firewall rules. I used to think it is, as I can see rules in simplewall's log like
OpenVPN [Out],WindscribeFirewall [Out]andWindscribeFirewall [Out-Loopback], but after the Wireshark test, I'm not so sure anymore. Could these rules also be made visible in simplewall?