How to shutdown programs if the VPN is not on, in Windows 10
If you never want to expose your actual underlying IP address when online, use a VPN such as offered by Sonic.net (and fix "DNS Leak" as below). But sometimes when using a torrent program, if the VPN fails your actual IP is exposed. Also, email can go out with your IP exposed, signups to newsletters expose it, and other website tricks. In this day and age, every packet you send should be encrypted and your real IP obscured, just on principle.
To prevent your IP from being exposed, you need to shut down the connection immediately. There are some wonky programs that do it, but Windows 10 has the innate ability to do so via Windows Firewall Rules (maybe other versions also, I haven't tried it).
1) Go to Settings>Windows Firewall>Advanced Settings>Outbound Rules>New Rule.
2) Then Program>Next, then "this Program Path", browse to the program you want to apply this Rule to (only 1 per Rule). Let's say it's uTorrent, select utorrent.exe, then Next. (It could be Chrome so you don't expose your IP, or Thunderbird so email recipients or tracking pixels can't see your IP.)
3) Select "Block the connection" then Next.
4) Apply to all domains then Next.
5) Give the Rule a name and a description if you want, to remind yourself later perhaps.
6) Then click Finsh.
7) Now, select that Rule and double-click it get to Properties.
8) Click the Scope tab, "These IP addresses:" then Add.
9) Select "This IP address range:" and type your LAN's addresses except the Gateway, because you will never ever have your Gateway's IP as your computer's IP if DHCP is enabled, which it usually is. My "From:" is "192.168.1.2" then "To:" is 192.168.1.255".
10) Click OK, then OK again.
The Dialog should now be closed and have you back at the Windows Firewall Outbound Rules screen. Make sure the Rule is enabled. Now what happens is this: if your computer's IP address is within the range you specified, the firewall blocks whichever program you told it to block, such as uTorrent or Chrome browser. That means when your VPN is not on, it blocks the connection immediately. How? Your VPN gives your computer a different IP when the VPN is on. When the VPN is off, my IP address is 192.168.1.12 and thus the connection through the Firewall is blocked by the Rule, but when it is on my IP is 184.23.191.147, thus the connection is allowed. I have a diferrent Rule each for uTorrent, Chrome, and Thunderbird.
DNS Leak
When your browser or other program loads a link, image, file, or whatever, it needs to resolve the DNS address of it in order to load it. That DNS query, in the default state, is to your ISP, your Internet Service Provider. That's whomever you get your internet from, whether Comcast or AT&T or Time-Warner or whomever. Undobtedly they can and do log every DNS query you make, thereby allowing anyone to see what you were looking, where, and when. That's your entire browser and email history available to any yahoo with a warrant or not, even if you use the VPN for 100% of your traffic (hence the name "DNS Leak"). Congress was even going to mandate logging and tracking everything, recently. The workaround? Go into your adapters and your router advanced settings and point DNS to 3rd parties such as Google (8.8.8.8/8.8.4.4) or OpenDNS (208.67.222.222/208.67.222.220). Google doesn't save the log of your DNS queries for longer than 48 hours, thus it's harder to track you. And if they do get a warrant to see your activity, they try to tell you, perhaps except a FISA warrant you little terrorist you. OpenDNS is owned by Cisco, so...
If you never want to expose your actual underlying IP address when online, use a VPN such as offered by Sonic.net (and fix "DNS Leak" as below). But sometimes when using a torrent program, if the VPN fails your actual IP is exposed. Also, email can go out with your IP exposed, signups to newsletters expose it, and other website tricks. In this day and age, every packet you send should be encrypted and your real IP obscured, just on principle.
To prevent your IP from being exposed, you need to shut down the connection immediately. There are some wonky programs that do it, but Windows 10 has the innate ability to do so via Windows Firewall Rules (maybe other versions also, I haven't tried it).
1) Go to Settings>Windows Firewall>Advanced Settings>Outbound Rules>New Rule.
2) Then Program>Next, then "this Program Path", browse to the program you want to apply this Rule to (only 1 per Rule). Let's say it's uTorrent, select utorrent.exe, then Next. (It could be Chrome so you don't expose your IP, or Thunderbird so email recipients or tracking pixels can't see your IP.)
3) Select "Block the connection" then Next.
4) Apply to all domains then Next.
5) Give the Rule a name and a description if you want, to remind yourself later perhaps.
6) Then click Finsh.
7) Now, select that Rule and double-click it get to Properties.
8) Click the Scope tab, "These IP addresses:" then Add.
9) Select "This IP address range:" and type your LAN's addresses except the Gateway, because you will never ever have your Gateway's IP as your computer's IP if DHCP is enabled, which it usually is. My "From:" is "192.168.1.2" then "To:" is 192.168.1.255".
10) Click OK, then OK again.
The Dialog should now be closed and have you back at the Windows Firewall Outbound Rules screen. Make sure the Rule is enabled. Now what happens is this: if your computer's IP address is within the range you specified, the firewall blocks whichever program you told it to block, such as uTorrent or Chrome browser. That means when your VPN is not on, it blocks the connection immediately. How? Your VPN gives your computer a different IP when the VPN is on. When the VPN is off, my IP address is 192.168.1.12 and thus the connection through the Firewall is blocked by the Rule, but when it is on my IP is 184.23.191.147, thus the connection is allowed. I have a diferrent Rule each for uTorrent, Chrome, and Thunderbird.
DNS Leak
When your browser or other program loads a link, image, file, or whatever, it needs to resolve the DNS address of it in order to load it. That DNS query, in the default state, is to your ISP, your Internet Service Provider. That's whomever you get your internet from, whether Comcast or AT&T or Time-Warner or whomever. Undobtedly they can and do log every DNS query you make, thereby allowing anyone to see what you were looking, where, and when. That's your entire browser and email history available to any yahoo with a warrant or not, even if you use the VPN for 100% of your traffic (hence the name "DNS Leak"). Congress was even going to mandate logging and tracking everything, recently. The workaround? Go into your adapters and your router advanced settings and point DNS to 3rd parties such as Google (8.8.8.8/8.8.4.4) or OpenDNS (208.67.222.222/208.67.222.220). Google doesn't save the log of your DNS queries for longer than 48 hours, thus it's harder to track you. And if they do get a warrant to see your activity, they try to tell you, perhaps except a FISA warrant you little terrorist you. OpenDNS is owned by Cisco, so...
