Author Topic: How foolproof is a VPN? (Read 14449 times)

skippy · « **on:** March 11, 2013, 10:49:54 PM »

Since I'm based in the U.S., I've stayed away from bit torrent for the last couple of weeks after they phased in new penalties for file sharers. I do have Vuze configured so that in theory it won't operate unless the VPN is connected, but how foolproof is that? I have heard conflicting advice from people who say that in some situations my IP address can still be leaked. The reason I am so concerned is that I am using the free wifi in my building and the landlord has declared bit torrent off limits. If this gets traced back to me I will almost certainly get kicked out. So what do you all think? Do I have any reason to worry?

Chris · « **Reply #1 on:** March 12, 2013, 01:45:15 AM »

If you're concerned about your privacy, we recommend using Comodo firewall to force applications to only use the VPN and not your normal connection in the event the VPN goes down. Check out http://www.bolehvpn.net/forum/index.php?topic=6621.0

skippy · « **Reply #2 on:** March 12, 2013, 04:18:46 AM »

Well, I'm on a Mac, and it looks like Comodo is Windows exclusive. I was able to configure Vuse to only use the proxy, but is that foolproof?

Chris · « **Reply #3 on:** March 12, 2013, 12:57:49 PM »

Having Vuze proxied should cut down on a lot of risk, however having a firewall configured would increase your security. You may also wish to check out a program such as VPNCheck, or attempt to configure the base Mac firewall so it's setup similarly to the Comodo firewall.

Just to double check, you setup Vuze as per our guide correct? http://bolehvpn.net/vuze.php?

skippy · « **Reply #4 on:** March 13, 2013, 04:50:46 AM »

Yeah, Vuze is configured correctly. I did a test and when the Boleh application shuts down it does indeed stop all Vuze traffic. I have just heard that during that process identifying information can still slip through. I don't know if that's true or not. Is it possible to use the Mac firewall and Vuze proxy with a single Boleh account? As I said, I'm more worried about my landlord than the ISP. This is a touchy situation.

Chris · « **Reply #5 on:** March 13, 2013, 01:34:51 PM »

Yeah it should be possible. I'm not completely familiar with the Mac firewall, but feel free to post screenshots of the settings and I'll see if I can help.

Slacker · « **Reply #6 on:** March 13, 2013, 02:15:33 PM »

Hi Skippy have you checked out before Viscosity VPN client for Mac?

http://www.sparklabs.com/viscosity/

I've used it in the past and you can set it up so if the VPN goes down you can't get back online;

http://www.sparklabs.com/forum/viewtopic.php?f=3&t=443&hilit=DasFox

P.S. Sorry Chris, Reuben and the rest of the gang, don't mean to not promote the BolehVPN gui, just thought I'd mention this as a nice alternative too.

Reuben · « **Reply #7 on:** March 13, 2013, 05:24:53 PM »

You suggest it, you support it

blakkout · « **Reply #8 on:** March 14, 2013, 12:26:16 AM »

Didn't read through the Viscosity links but I'm sure what I use is similar in theory to one of those. I use Tunnelblick and added a route delete line in its tunnelblick.sh script file so if the VPN disconnects my internet dies everywhere. The downside is since I've deleted a route I can't use the internet or auto-reconnect to the VPN until I add the route back in using Terminal or restart the computer.

ctmk · « **Reply #9 on:** March 14, 2013, 02:07:31 AM »

I think the full proof solution is to tinkle with the routing table of your OS, VPN is a great tool for your privacy but it is up to you on how to patch your holes.
e.g.

delete the 0.0.0.0 Destination with netmask 0.0.0.0
add route to the openvpn server IP with netmask 255.255.255.255 with your router's ip as gateway

that way NO connection can slip out from your computer directly.

sample of routing table

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
~~0.0.0.0 0.0.0.0 192.168.1.2 192.168.1.1 50~~ <--- delete your 0.0.0.0 route! so no connection can get out even bolehvpn fails!

46.165.197.36 255.255.255.255 192.168.1.2 192.168.1.1 10 <-- an example of added route, if 0.0.0.0 is deleted, only this ip are allowed to pass and to your internet connection (this ip is one of the bolehvpn server)

10.10.10.1 255.255.255.255 10.10.15.21 10.10.15.22 30 <--|
10.10.15.20 255.255.255.252 On-link 10.10.15.22 60 <--|
10.10.15.22 255.255.255.255 On-link 10.10.15.22 60 <--\
10.10.15.23 255.255.255.255 On-link 10.10.15.22 60 <----- After connected to a proxied server this will be added. these route you to 10.10.10.1

127.0.0.0 255.0.0.0 On-link 127.0.0.1 70 <--|
127.0.0.1 255.255.255.255 On-link 127.0.0.1 70 <--\
127.255.255.255 255.255.255.255 On-link 127.0.0.1 70 <----- Your own computer's loopback do not delete

i have no idea how to play with route on MAC, but google is your friend.

Slacker · « **Reply #10 on:** March 14, 2013, 07:48:29 AM »

Quote from: Reuben on March 13, 2013, 05:24:53 PM

You suggest it, you support it

Ok Boss hehe...

Slacker · « **Reply #11 on:** March 14, 2013, 07:51:36 AM »

Quote from: blakkout on March 14, 2013, 12:26:16 AM

Didn't read through the Viscosity links but I'm sure what I use is similar in theory to one of those. I use Tunnelblick and added a route delete line in its tunnelblick.sh script file so if the VPN disconnects my internet dies everywhere. The downside is since I've deleted a route I can't use the internet or auto-reconnect to the VPN until I add the route back in using Terminal or restart the computer.

Doesn't hurt to check it out and try it, worked great for me when I did and easy to set up...

I went with Viscosity over Tunnelblick because of the very active development and support, plus forum communication with the developers...

skippy · « **Reply #12 on:** March 14, 2013, 08:51:57 PM »

I appreciate the advice here on the routing table, but that is WAY beyond my level. I'm fairly comfortable with computers in general, but I need something that's a little more plug and play. From what I'm getting here, the answer to my original question is that indeed I do need to worry about the potential for identifying information being leaked. This stinks because I'm way behind on my episodes of "Girls" on HBO.

Reuben · « **Reply #13 on:** March 14, 2013, 09:11:35 PM »

Basically how you can test it if you're safe is use a proxied connection and then disconnect your vpn and see if the download halts.

If Vuze works like it should, there should be no problems.

Sent from my HTC Butterfly using Tapatalk 2

skippy · « **Reply #14 on:** March 14, 2013, 10:21:30 PM »

Well I guess I was just looking for reassurance. I think I'll probably just switch to iPtorrent for the time being. Which brings up a question about proxy settings and uTorrent, which just had a new version for Mac come out of beta. I did start a new post about that under general support.

http://www.bolehvpn.net/forum/index.php?topic=7297.0

BolehVPN Support

News:

Author Topic: How foolproof is a VPN? (Read 14449 times)

skippy

How foolproof is a VPN?

Chris

Re: How foolproof is a VPN?

skippy

Re: How foolproof is a VPN?

Chris

Re: How foolproof is a VPN?

skippy

Re: How foolproof is a VPN?

Chris

Re: How foolproof is a VPN?

Slacker

Re: How foolproof is a VPN?

Reuben

Re: How foolproof is a VPN?

blakkout

Re: How foolproof is a VPN?

ctmk

Re: How foolproof is a VPN?

Slacker

Re: How foolproof is a VPN?

Slacker

Re: How foolproof is a VPN?

skippy

Re: How foolproof is a VPN?

Reuben

Re: How foolproof is a VPN?

skippy

Re: How foolproof is a VPN?