dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
5128
share rss forum feed


Five5tar

join:2012-11-24
RU

How can I protect ISP IP/Location if VPN drops

If I lose connection to my VPN (OpenVPN or L2TP), how can I protect myself from revealing my location and actual ISP IP.

I was told to use a VPS or something, but I have no idea how I could use a program on a VPS.

Thanks for your help or suggestions.

Happy Holiday's!


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1

broccoli

join:2007-11-29
Portland, OR
reply to Five5tar
said by Five5tar:

If I lose connection to my VPN (OpenVPN or L2TP), how can I protect myself from revealing my location and actual ISP IP.

Many routers allow you to define firewall rules to allow or block traffic. If yours is one of those, create rules to block all traffic to all hosts except for the VPN server.

I was told to use a VPS or something, but I have no idea how I could use a program on a VPS.

Most VPS hosts run UNIX-like OSs (Linux distributions such as Ubuntu), although a few hosting companies let you use Microsoft OSs if you pay more. You'll need to use Wine to run Windows programs under Linux.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Five5tar
said by Five5tar:

If I lose connection to my VPN (OpenVPN or L2TP), how can I protect myself from revealing my location and actual ISP IP.

If OpenVPN / L2TP is the only way protecting your traffic, then you're SOL. The two previous posters have
posted some valid suggestions on possible solutions.

Otherwise, keep in mind that VPN is about secure communications over an insecure medium,
and that ANY concept of concealing / hiding IP addresses is fundamentally incompatible with the
nature of TCP/IP communication, and the internet in general.

Regards


Five5tar

join:2012-11-24
RU
reply to Packeteers
Thanks, finally got to check up on this thread.

A little bit of reading there, I'll have to get better read later tonight.


Five5tar

join:2012-11-24
RU
reply to broccoli
Is using a VPS similar to a remote connection to another computer?

broccoli

join:2007-11-29
Portland, OR
said by Five5tar:

Is using a VPS similar to a remote connection to another computer?

Not just 'similar'. It is a remote connection to another computer, albeit a virtual one. The connection is usually through VNC, NX (X over SSH) or simply SSH. Many hosting companies give you a SolusVM control panel that allows management tasks such as usage monitoring, powering on and off, restarting, disk re-imaging, etc.

jaymzrsa

join:2012-12-18

1 edit
reply to Five5tar
Depending on your your provider you can do something called binding. I use have done thins when I used to use Hide My Ass VPN. You can bind certain applications to use the VPN and if the VPN drops essentially your connection drops. I bind my downloading software and a single browser.

burger eater

join:2011-05-20

2 edits
reply to Five5tar
I've had this problem before, and have now found a very solid solution. Here's how you protect your IP from VPN drops, and clog DNS leaks, without any extra software, not even a firewall. It's assumed you are behind a router connected to the internet.

1. Get the IP addresses of the VPN servers you want to connect to using a simple "nslookup" from CMD.

2. Manually set your network card to a static private IP, with NO valid DNS server(for dns leak protection) and NO valid default gateway.
example: normally, the router's IP(192.168.1.1) is the DNS server's IP. Set it to 192.168.1.254. The same for the default gateway.

3. At CMD, type "route delete 0.0.0.0".

4. At CMD, type "route -p add VPN_SERVER_IP mask 255.255.255.255 192.168.1.1 metric 1", without the qoutes. Do that for every VPN server.

The ONLY IPs your computer can connect to is the VPNs' IPs and your ONLY default gateway will be the private IP you get from the VPN when it's connected. If the VPN drops, no traffic will escape to the INET since there's no route for them to go and the normal default gateway is fake. Plus no DNS leaks. This works for any VPN type.

PS: to use the Internet normally, set the LAN card's settings back to automatic. Problem sniped!

specialk9

join:2013-01-21
reply to Five5tar
If you've got a spare pc sitting around, you can install pfsense on it, have it establish the connection to your VPN provider and in the event that the VPN disconnects, it wont automatically fall back to your regular internet connection. Here's what you'd need:

1. An old PC with 2 NICs

2. A copy of pfSense

3. 2 spare switch ports on your modem/router

You will then plug both NICs into your modem/router/switch, install pfSense, disable the DHCP server on your LAN, give it a different IP Address to your router (say your router is 10.0.0.1, you could give it the IP Address of 10.0.0.2) and then configure pfSense to connect to your VPN provider. The pfSense router will use your main router as its gateway (hence why you've plugged it into your home network twice).

The point of this is that when you want your PC, media player or whatever to go via the VPN, you would assign the PC or whatever a static IP Address on your LAN with the gateway of 10.0.0.2. If the VPN drops out, the particular PC or device will lose connectivity.

I was testing a similar configuration out today and I found the following guide very helpful:

»swimminginthought.com/pfsense-ro···openvpn/

ProVPNDude

join:2013-01-25
Fairfield, NJ

1 edit
reply to Five5tar
A number of VPN providers automatically have this functionality built into their software so your internet connection will severed if your vpn connection should fail (you can turn this option on/off). The two vpn providers I know for sure offer this built-in feature are HideMyAss and PrivateInternetAccess VPN
--


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
Reviews:
·Time Warner Cable
the problem is most serious security/privacy nuts do not want to use a proprietary VPN client of any kind. they would rather use something like OpenVPN so they are sure the VPN provider itself isn't messing with their computer in some other nefarious way. i didn't even want to use the OpenVPN installer my provider gave me - rather i installed it separately from OpenVPN's sight, then used my VPN providers /config files - most of the better VPN providers are sensitive to this level of paranoia, and will support it. i once tried a VPN provider that required i download a GIGAbyte of .NET patches before their client would work - sorry, but no thanks

ProVPNDude

join:2013-01-25
Fairfield, NJ
reply to Five5tar
VPN Netmon would help alot. Basically it allows you to specify which programs to close in the event your VPN disconnects. The programs will be closed even before your Network adapter can send a packet through your ISP.

»vpnetmon.webs.com/

I would also make sure your VPN is not leaking DNS information:
»www.vpntopten.com/security/what-···security

cptmikey

join:2013-02-14
Annapolis, MD
reply to Five5tar
We use OpenVPN and route all network traffic through the VPN. When the VPN connects it creates a default route that looks like "0.0.0.0 128.0.0.0" if you execute "route print". There is also a default route "0.0.0.0 0.0.0.0" that is your regular default route. If the VPN fails traffic will be routed back to your regular default route. If you remove the default route your connection will simply drop. So you can just execute a "route delete" to get rid of it. Don't worry about reconnecting. Look further down the route table and you will find that OpenVPN has already setup a direct route to the VPN server. You can read more at »portdefender.net


fearlessfosdick

join:2001-08-22
Stamford, CT
reply to Five5tar
I use VPN Watcher (»www.ugdsoft.com/products/vpnwatcher)

It's inexpensive and works.

FF


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
fearless; since that program uses the exact same approach as the free VPNetMon, why did you choose it?
at the time you paid for VPNWatcher - did you know VPNetMon existed? or does Watcher seem better and if so exactly how?


fearlessfosdick

join:2001-08-22
Stamford, CT
reply to Five5tar
Frankly, I did some googling at the time (about a year ago) and that's all I could find.

But I'm not sorry. It was inexpensive and it works nicely. I believe it was under $4 when I bought it.

FF


Packeteers
Premium
join:2005-06-18
Forest Hills, NY
kudos:1
Reviews:
·Time Warner Cable
fearless, when you have nothing better to do, try VPNetmon as I'm curious how they compare. many people notice VPNetmon goes into "not responding" mode in Win7/8 even though it continues to work properly. I wonder if that's native to this type VPN monitor to shutdown and app approach, or perhaps VPNetmon could be coded better.
Expand your moderator at work