I remember reading about some hardware solutions that were a firewall between the router, external network, and the internal network. It was an always on, hardware device that the Ethernet flowed thru.
They solved the problem of VPNs leaking IP data during startup.
I can’t find them any longer.
Anyone know the name of this tech, and/or where it can be found?
The main principle is that it is your router that establishes VPN connection, not your computer.
On top of that, the routing table on the router is configured such that the only packets to be routed via your ISP are packets to the VPN provider’s public endpoints. No other packets addressed anywhere in the wild are to be routed through your ISP: they are to be routed through the VPN’s default gateway regardless of whether VPN connection is on. That is, if VPN connection is off, you won’t be able to browse the internet: the packets will be sent to a private network address which does not exist.
That is all configurable via a router which allows it. No special/separate hardware required.
Maybe what you are thinking of is a switch (or bridge) that does Layer 3 filtering.
So you could use
The exact details of the rules would depend on the type of VPN i.e. you need to understand what is legitimate traffic that sets up or operates the VPN, so that you can allow that traffic while blocking unexpected traffic (leakage traffic).
I expect that the third option would be the most expensive.
Check out the BraxRouter which uses BytzVPN and/or Tor at the Rob Braxman Store. You can either by the hardware (Raspberry Pi) or just the software and install it yourself. See Brax Software User Guide and videos below for more details.
My Dope Advanced Home Network Setup for Privacy and Security!