Block Local Networks

The BlockLocalNetwork feature allows you to block all local network connections during a VPN session. This is particularly useful in scenarios where you want to prevent potential attackers on the same local network from accessing your device or intercepting your network traffic.

Use Cases

Blocking local network connections is recommended in situations where you want to ensure that all network traffic is routed through the VPN tunnel and prevent any potential leaks. This is especially important when dealing with sensitive data or when operating in untrusted network environments.

Below are some examples:

Name	Description
Remote Workers	When employees are working remotely and accessing company resources through a VPN, blocking local network connections can prevent inadvertent data leaks through non-VPN channels.
Public Wi-Fi	When connecting to public Wi-Fi networks, such as those in coffee shops or airports, blocking local network connections ensures that all traffic is securely routed through the VPN tunnel, protecting against potential eavesdropping or man-in-the-middle attacks.
Healthcare Industry	In healthcare environments, where sensitive patient data is handled, blocking local network connections can help maintain compliance with privacy regulations and prevent unauthorized access to medical records.

Enabling Protection

You can enable the blocking of local networks only on starting VPN session. Unlike Killswitch and Prevent IP Leaks modules, you cannot enable or disable Block Local Networks module during the active VPN session. This ensures that all network traffic is forced through the VPN tunnel, preventing any potential leaks or unauthorized access.

Use LocalNetworks property of the StartVpnRequest or StartVpnSessionRequest to setup up local network protection. This property is of type RuleAction and can have one of the following values:

• Nothing - doesn't create any rules for local network module. This is the default value.

• Block - rules for blocking local networks traffic will be created.

• Permit - rules for permitting local networks traffic will be created.

LocalNetworks is introduced as a replacement for property BlockLocalNetworks of type bool.

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = false,
    LocalNetworks = RuleAction.Block,
};

var vpnResponse = sdk.StartVpn(startVpnRequest);

BlockLocalNetworks property of the StartVpnRequest can also be used to set local network protection. In the code snippet provided, the object is set to true. This instructs the VPN client to block all local network connections while the VPN is active.

BlockLocalNetworks property is marked as deprecated and will be removed in one of future releases. Use LocalNetworks property instead.

var startVpnRequest = new StartVpnRequest()
{
    AccessToken = loginResponse.AccessToken,
    Credentials = getCredentialsResponse.Credentials,
    EnableKillSwitch = false,
    BlockLocalNetworks = true,
};

var vpnResponse = sdk.StartVpn(startVpnRequest);

For a seamless transition from property BlockLocalNetwork to LocalNetworks, the two properties will coexist temporarily, with the SDK selecting which to use as described below:

• If LocalNetworks is set to Permit or Block, this value is used.

• If LocalNetworks is set to Nothing, value of BlockLocalNetwork will be used.