Windows has a very powerful application-level firewall, which can be used to block any application from using an insecure connection. The process is described in this post. I've also solved the problem in Ubuntu, although I'd have to do some digging to find out how (leave a comment if you want to know).
The last couple of days I have tried to find a way to block torrent downloading over insecure connections for MacOS, and encountered a couple of challenges:
- The application level firewall of MacOS is a complete joke. (Found under System Preferences / Security & Firewall)
- ipfw, the ip-based firewall that comes with a mac can only be used to block ALL non-VPN traffic.
- There seem to be no free application level firewalls for MacOS, although if you have the money to spare Little Snitch seems to be a decent piece of software. (edit: I'm not sure if Little Snitch is powerful enough)
- My torrent clients of choice, µTorrent and Transmission are not very configurable.
After a lot of searching I finally found a solution using the highly configurable torrent client Vuze (formerly called Azureus).
Step-by-step guide to forcing your torrent downloads to only use VPN on MacOS:
- Download and install Vuze. Make sure you do not install the additional software they push on you during the installation process.
- Connect to your VPN service
- Open Vuze
- Go to Vuze / Preferences / Mode and activate advanced mode. (See picture below.)
- In the preferences, go to Connection / Advanced Network Settings. Find the name of your VPN network interface in the text box (e.g., "ppp0"). Enter the name of the interface into the text box "Bind to local ip address or interface". (See picture below,)
- Tick the option "Enforce IP bindings ..."
- Click save and exit the configuration screen
- Try out whether it works: Start downloading some torrent for testing purposes in Vuze, e.g., a Ubuntu installer disk image. The download should only work if your VPN is enabled. If you disconnect the VPN, the connections should fail, and the download should cease.
- Success. You have now configured your torrent client to securely download over VPN.
The above procedure is not ideal since it forces you to use Vuze, which is a big fat piece of bloatware, but it will at least make sure that you do not inadvertently expose your IP address when loading a torrent. If you know of a way to force µTorrent and Transmission to only use a VPN in MacOS, let me know.
As an aside, if you use a pptp based VPN you should also consider disabling ip6 to ensure security.