DNS leak?

[volkerpispers 1]

Hello =)

SInce im havingh issues with my regular VPN provider PerfectPrivacy i just got the 1 euro trial here.

One thing im wondering about; on PP they had an option to protect you against the such called DNS Leak, does the Airvpn Client takes anti DNS Leak actions too?

Sorry for my rather bad english :S

 

Have a nice day

[stupidcats 14]

Hey there,

 

AirVPN does provide support for DNS leaks.. It's called "Network lock". You can activate it by going to "Preferences" then "Advanced" and finally "Network Lock" in the AirVPN client.

[volkerpispers 1]

Hey Epsilon, thanks for you8r answer!

I found it, however should i choose ''automatic'' or ''windows firewall'' ?

[SlyFox 10]

You are on windows correct? I would also recommend you go to Eddie Client, Advanced --> General, and select "Force DNS" "Check if tunnel use air dns" and "check if tunnel works"

 

After, visit ipleak.net to check you are OK.

[volkerpispers 1]

Windows yes!

I did all you said and this is the result:

Your IP Address

103.10.197.187

Hong Kong 

Pacswitch Colocation & Datacentre - AirVPN Server (Exit) 

Wed, 19 Nov 2014 21:30:59 +0000

 

Detected DNS Address

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

103.10.197.187

Hong Kong 

Pacswitch Colocation & Datacentre - AirVPN Server (Exit) 

 

 

 

 

I suppose this is correct?

 

 

Another thing,ive read that my ISP can see that im using a VPN,however i can avoid this by ''laying an SSL tunnel around the regular VPN Tunnel'' Is that possible here too?

[Guest JWW]

 

You are on windows correct? I would also recommend you go to Eddie Client, Advanced --> General, and select "Force DNS" "Check if tunnel use air dns" and "check if tunnel works"

 

After, visit ipleak.net to check you are OK.

 

SlyFox's post is the correct answer to prevent DNS leaks. Network Lock is used to ensure that no IPv4 connection to the internet is possible if the VPN disconnects (unless you specify exceptions).

[Guest JWW]

 

 

Another thing,ive read that my ISP can see that im using a VPN,however i can avoid this by ''laying an SSL tunnel around the regular VPN Tunnel'' Is that possible here too?

 

Your DNS looks good. Yes, your ISP may well be able to see that you're using a VPN. If you believe that your ISP is throttling your connection for that reason or if you want to prevent that possibility you can use an SSL tunnel. It's easy to set up - read here https://airvpn.org/ssl/ You may suffer a performance hit but, in my case, it's the only way I can achieve good speeds as my ISP does throttle.

[Staff 9972]

 

Windows yes!

I did all you said and this is the result:

Your IP Address

103.10.197.187

Hong Kong 

Pacswitch Colocation & Datacentre - AirVPN Server (Exit) 

Wed, 19 Nov 2014 21:30:59 +0000

 

Detected DNS Address

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

103.10.197.187

Hong Kong 

Pacswitch Colocation & Datacentre - AirVPN Server (Exit) 

 

 

 

 

I suppose this is correct?

 

 

Another thing,ive read that my ISP can see that im using a VPN,however i can avoid this by ''laying an SSL tunnel around the regular VPN Tunnel'' Is that possible here too?

 

Hello!

 

The screenshot shows that there are no DNS leaks from your Windows machine.

 

In order to activate OpenVPN over SSL, in our client Eddie go to "AirVPN" -> "Preferences" -> "Protocol", select "SSL Tunnel - Port 443", click "Save" and connect to a VPN server.

 

Kind regards

[volkerpispers 1]

So it worked good =)

Ive changed the settings in order to activate OpenVPN over SSL.

However im wondering, is there any possibility to see if it actually worked, like a website test for IP/DNS?

 

Also i just noticed, after installing the SSL tunnel suddenly IP leak shows me that im a TOR exit node and an AIR VPN node.

However im not running tor

Is that normal?

 

Thx for all the answers!

[Guest JWW]

So it worked good =)

Ive changed the settings in order to activate OpenVPN over SSL.

However im wondering, is there any possibility to see if it actually worked, like a website test for IP/DNS?

 

Also i just noticed, after installing the SSL tunnel suddenly IP leak shows me that im a TOR exit node and an AIR VPN node.

However im not running tor

Is that normal?

 

Thx for all the answers!

 

Yes, that's normal. The server you're connected to happens to be a TOR exit node which it's telling you. Doesn't mean you're using TOR.

 

If you go to the Stats tab in the AirVPN client and scroll down you should see 'VPN Protocol - SSL'

[volkerpispers 1]

Thx JWW thats good to hear !

So by now i should have everything together.

I was proceeding this way, using chromee without VPN to server the internet revealing my real identity.

I thaught its not a good idea to use the same browser when using a VPN

My thaughts were the following:

When i surf on a site with mandatory registration it is possible that they log and store IPs.

So if i browse the site logged in without VPN and afterwards logged in with VPN the Site owner, if he logs and stores IPs, is able to identify me, right?

So i proceded to use another browser and no accounts Opera/firefox, with any plugins deactivted, no java(-script) nor flash player

Now in firefox there is the option to open a new tab in privacy mode, so that no data is locally stored from any Traffic in that tab.

My question is, can/will firefox access any data (cookies,saved paswords etc) from chrome which brings me back to the initial problem.

And if FF does so, is there any way to stop that?

[volkerpispers 1]

Since i have enabled SSL i do3es not show my real IP in client area anymore lol. How that? i thaught thats only possible when im using me->TOR->VPN->WEB

But im not using tor

[Guest JWW]

You don't have to use TOR to mask your real IP. If you are connected to Air your public IP is the one allocated by the VPN server you're connected to, so of course that's what you see in the client area. That IP is anonymous and is in no way publicly linked to your real one so regardless of what you were doing & how you were connected before you connected to the VPN, your ISP cannot link the AIR provided IP to you. It's good practice in any case to clear the cache etc.. before changing connection methods. Chrome provides the ability clear all cookies and site data when you close the browser anyway, or you could use CCleaner between sessions. On top of that you are now using SSL so all the ISP sees is encrypted traffic.

 

FF doesn't use Chrome data and vice-versa. FYI, Chrome has a 'privacy mode' called 'Incognito' - https://support.google.com/chrome/answer/95464

[volkerpispers 1]

Alright thats cool =)

I now moved to my 2nd flat for 10 days and on here i have DNS leaks D:

When connected to a netherland Server the IP is correctly netherland

however im getting 3 DNS Reports, 2 of em revealing my identity

Your IP Address

95.211.138.225

Netherlands 

LeaseWeb B.V. - AirVPN Server (Exit) 

Thu, 20 Nov 2014 21:23:35 +0000

 

Detected DNS Address

Now whenever i try to connect to a german or Netherlands server it redirects me to riguel NL server O_O Its getting spooky

 

Privacy.nope

Luxembourg 

Entreprise des Postes et Telecommunications - Residential 

Privacy.nope

Luxembourg 

Entreprise des Postes et Telecommunications - Residential 

95.211.138.225

Netherlands 

LeaseWeb B.V. - AirVPN Server (Exit) 

If you are now connected to a VPN and between the detected DNS you see your ISP DNS, then your system is leaking DNS requests

 

Edit: I solved t it using ipconfig /flushdns so all good ^.^

 

Edit: When reloading the page its showing my ISPs DNS again =(

Hm, when im realoding it sometimes show Air VPN dns then it shows my ISPs dns again. different results when reloading the site

[Gollum 0]

Is ipleak.net the best test, because I've found that it would not show leaks that are present when running both GRC's and dns-oarc's tests.

 

Sidenote:

 

I was getting leaks, but having now unchecked the IPv6 option in both my main network adapter and the TAP adapter, there doesn't appear to be any leaks showing so far.

 

I've read elsewhere that this step only disables IPv6 on my LAN interfaces and connections, but does not disable IPv6 on tunnel interfaces or the IPv6 loopback interface. I would have to make a change in the Windows registry in order to disable the IPv6 on tunnel interfaces. Is this necessary, if my DNS leaks have stopped?

 

If so, happy days and I will now extend my subscription (currently using the 3 day plan to test the service).

[SlyFox 10]

Gollum are you sure that grc was showing leaks that ipleak wasnt? Because grc will often show one or two of the airvpn backup servers: (54.225.156.17, compute-1.amazonaws.com)

[Gollum 0]

Gollum are you sure that grc was showing leaks that ipleak wasnt? Because grc will often show one or two of the airvpn backup servers: (54.225.156.17, compute-1.amazonaws.com)

Both GRC and dns-oarc tests revealed 5 results. Two from my ISP, two backup air servers and the main air server I'm connected to. Ipleak would only show the main air server I was connected to.

 

I ran 4 different tests. The extended test from https://www.dnsleaktest.com/, http://ipleak.net/, https://www.dns-oarc.net/oarc/services/dnsentropy and https://www.grc.com/dns/dns.htm.

 

The last two were still showing leaks that the first two didn't until I disabled IPv6 in both my primary and the TAP adapter settings. Now no leaks are showing for any of the tests.

[zimwebob 7]

​​In addition to what others have suggested you could also download DNSCrypt.

​Basically, you put it in a folder somewhere and run the GUI, show hidden adapters and check everything in the list, choose a server (non-OpenDNS, non-IPv6), and after testing, choose "Install as Service." You can then close the GUI, and the service will run these settings automatically when you start up. Make sure you set your primary network adapter DNS server to 127.0.0.1 and allow dnscrypt-proxy.exe outbound through your firewall if applicable.

This way even if there IS a DNS leak, it will still be falling back on encrypted DNS that doesn't leak your real IP.

[Andy Wirus 0]

What I did was to manually configure the dns addresses for my wifi/Local Area Network adapter.

This is what you can try:

Method 1 (cmd):

• Type the following into cmd:

1. ipconfig /flushdns 
2. netsh interface IPv4 set dnsserver "Wi-Fi" static 8.8.8.8 both (8.8.8.8 is google dns server, or 1.1.1.1 which is cloudflare dns server) 

• To revert back:

1. ipconfig /flushdns
2. netsh interface IPv4 set dnsserver "Wi-Fi" dhcp

• Or if you are using openvpn, type the following into the configuration file: block-outside-dns

Method 2 (control panel):

• Go to control panel (win+r, then type in control panel)
• Click Network and Internet --> Network and Sharing Center --> Change adapter settings
• Right click on Wifi, or the virtual adapter you are connected to (NOTE: this does not work for IKEv2 WAN miniports, I tried)
• Click properties
• Navigate to the tab called "Internet Protocol Version 4 (TCP/IPv4)" or something like that, and click properties
• You will probably see the settings obtaining a DNS address automatically. We don't want that, so click on the "use the following DNS server addresses".
• For google, enter 8.8.8.8 as preferred DNS server, and 8.8.4.4 as alternate DNS server. For cloudflare, enter 1.1.1.1 as preferred server, and 1.0.0.1 as alternate DNS server
• Click ok, and you should be set

Hope I helped