我很快就会到一个自由言论法律不太宽松的国家旅行。
我有一台Windows 10机器。 我想阻止这台机器的可能性,除了通过VPN隧道(有一个networking端口和WiFi)之外的所有接口进行通信。 如果因任何原因导致VPN隧道closures,则不允许networking通信。 甚至没有在局域网上。
如果使用Windows服务器更容易做到这一点,我将很乐意切换。
我已经find了几个关于Windows防火墙的post,我尝试过,但是根据我的经验,它没有捕获任何东西(尽pipe可能是我的错误)。
我也有Windington VPN这样的软件,但是我设法绕过它的防火墙,所以我不信任它,它似乎并没有阻止DNS查询(我在PiHole中捕获了大量的dns查询当Windscribe被阻止时)
这可以用一些聪明的电源shell来完成吗?
谢谢您的帮助!
最简单的方法是使用Windows 10上的LockDown VPNfunction。通过此function,所有通信必须只能通过VPN,不能通过其他接口(除了build立基本连接所需的通信以及VPN连接)更多信息在部署此function是@ https://docs.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp
用于这种configuration的VPNconfiguration文件XML示例如下所示:
<VPNProfile> <LockDown>true</LockDown> <RememberCredentials>true</RememberCredentials> <DnsSuffix>enter.dnsSuffix.forVPNInterface</DnsSuffix> <NativeProfile> <Servers>enterserveraddress.com</Servers> <Authentication> <UserMethod>Eap</UserMethod> <MachineMethod>Eap</MachineMethod> <Eap> <Configuration> <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><DifferentUsername>false</DifferentUsername><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName></EapType></Eap></Config></EapHostConfig> </Configuration> </Eap> </Authentication> </NativeProfile> </VPNProfile> 提供此VPN Profile XML的Powershell脚本也将如下所示。 请注意,要运行此操作,您需要使用PSexec从以下位置运行PS脚本作为系统: https ://technet.microsoft.com/sysinternals/bb897553.aspx,通过运行Psexec.exe -i -s cmd.exe
Param( [string]$xmlFilePath, [string]$ProfileName ) $a = Test-Path $xmlFilePath echo $a $ProfileXML = Get-Content $xmlFilePath echo $XML $ProfileNameEscaped = $ProfileName -replace ' ', '%20' $Version = 201606090004 $ProfileXML = $ProfileXML -replace '<', '<' $ProfileXML = $ProfileXML -replace '>', '>' $ProfileXML = $ProfileXML -replace '"', '"' $nodeCSPURI = './Vendor/MSFT/VPNv2' $namespaceName = "root\cimv2\mdm\dmmap" $className = "MDM_VPNv2_01" $session = New-CimSession try { $newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", 'String', 'Key') $newInstance.CimInstanceProperties.Add($property) $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", 'String', 'Key') $newInstance.CimInstanceProperties.Add($property) $property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", 'String', 'Property') $newInstance.CimInstanceProperties.Add($property) $session.CreateInstance($namespaceName, $newInstance) $Message = "Created $ProfileName profile." Write-Host "$Message" } catch [Exception] { $Message = "Unable to create $ProfileName profile: $_" Write-Host "$Message" exit } $Message = "Complete." Write-Host "$Message"
您可以find有关Windows 10 VPN选项的更多信息@ https://docs.microsoft.com/en-us/windows/access-protection/vpn/vpn-security-features