VPN-Only connections - Android

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.
Posts: 2
Joined: Wed Oct 01, 2014 5:20 pm

VPN-Only connections - Android

Post by demario1289 » Thu Oct 02, 2014 11:33 pm

Hi there.

I've purchased 1 month token to test your service that I've just found on the internet, and I'm really impressed by it so far! Almost sure that I'll purchase 1-year token later.
The only thing I want to be 100% happy is to know if there is a way to only allow my mobile to reach the internet if I'm connected to Cryptostorm VPN.

I heard a feature called "Always-ON", but seems like you can only enable it if you setup your VPN in the native android vpn manager, not by third apps like OpenVPN.
Is there a solution for this? I tried to use DroidWall to block connections in case I'm not connected to the VPN (using some custom scripts I found on Google) but nothing worked so far.

I really need it because I'm always connecting my mobile in public hotspots, but when I connect on the wifi, before I even open the OpenVPN app, my mobile already download all its stuff quickly ... that's why I need to find a way to ONLY allow internet connection in my mobile if I'm connected to the VPN.

Thanks! you guys are amazing!

User avatar
Posts: 434
Joined: Mon Aug 05, 2013 11:39 am

Re: VPN-Only connections - Android

Post by marzametal » Fri Oct 03, 2014 9:48 am

It sounds to me like you should try out a firewall (hang on, you already have, DroidWall... not familiar with it) for your device. One has been already recommended by a dedicated user, along with a tutorial. It can be configured to only allow OpenVPN to use upstream/downstream, while the rest can be ticked to only run under the VPN. To double check if it works, enable your firewall log via this app and you will be surprised what is trying to communicate to the outside world. Hell, even TORCH does, you know... that app that friggin' turns your phone into a Disco Stu strobe light!!!

Give this a shot: AFWall+ (control network traffic)

If you have managed to successfully connect to the darknet with Post-Heartbleed files, then you can skip looking at this: 4 easy steps to connect your Android with OpenVPN
This one is for AFWall+: LEAKBLOCK HOWTO (Android and Ubuntu)
However, in Android (step 2), I keep ticks for OpenVPN (up/down + VPN) as shown, but for VPN networking have managed to see it work with only VPN category ticked (up/down not ticked as shown in picture).

See if that helps out your cause dude...

User avatar
Posts: 241
Joined: Tue Jan 28, 2014 12:38 am

Re: VPN-Only connections - Android

Post by Tealc » Sat Oct 04, 2014 12:39 am


Actually OpenVPN has an option under the settings profile called "Persistent TUN", if this is on and assuming that you automatically start the OpenVPN app, it will not connect to the internet without the VPN connection.

But has always I use AFWALL and just block all traffic outside the VPN app :-D
Btw just read the extensive topic from here: viewtopic.php?f=45&t=6174
We have discussed this very well :-D

Just to get a sense in something, you are actually running a VPN connection to CS with the default vpn manager from android? You are NOT using OpenVPN?

Posts: 2
Joined: Wed Oct 01, 2014 5:20 pm

Re: VPN-Only connections - Android

Post by demario1289 » Sat Oct 04, 2014 7:04 am


Thanks man, I'll take a look on this AFWALL


I'm using the OpenVPN app :)
I have the Persistent Tun ON ... so you're saying if BEFORE I connect to the Wifi network, if I first open the OpenVPN app and try to connect to the profile (of course it will not, it will hold until a usuable network appears), the OpenVPN app will block the connections until the VPN connects? If so, my problem is solved, I just need to run OpenVPN first and try to connect offline, and then turn on the Wifi network :-)


I could make it work using AFWall+ ... just enabled the VPN support and now with the firewall turned on, my connections will be established just when the VPN connects ... thanks for you all!