Jump to content
Not connected, Your IP: 3.138.175.10
Mr_MIagi

Prevent leaks from Diskstation

Recommended Posts

Hi all,

 

I followed the suggested how to guide and set up Synology DiskStation to connect to AirVPN.  It was a convoluted set-up but this was not fault of the guide or author, it was a just a pain and a little over my head.

 

Anyway, I am successfully connected, but is there a way to prevent leaks if they occur, and secondly, other that viewing connections in client area of the AiVPN website, is there anyway to confirm that I am actually connected?

 

Thanks MM

Share this post


Link to post

Hey where did you find the guide ??

 

Maybe that one. Found by searching for synology, but no offense.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

If someone is still looking for a script...i found this one but it has to be changed for airvpn...

 

#!/bin/ash

# wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
# chmod 755 ipredator-iptables.sh
# and modify your local ip in the script

enableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        echo "Ipredator iptables rules already enabled!"
    else
        if [ ! -d /etc/ipredator ]; then
            mkdir /etc/ipredator/
        fi
        iptables-save > /etc/ipredator/iptables.orig

        # Flush iptables and add tunnel and localhost
        iptables -F
        iptables -A INPUT -i tun+ -j ACCEPT
        iptables -A OUTPUT -o tun+ -j ACCEPT
        iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
        iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

        # Add local subnet for LAN access
        # Modify these ips for your local network
        iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT
        iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT

        # Add Ipredators IP's
        iptables -A INPUT -s 46.246.32.0/19 -j ACCEPT
        iptables -A OUTPUT -d 46.246.32.0/19 -j ACCEPT
        
        # Add current IP, in case currently connected server IP isn't in server list for some reason
        # Also allows script to handle individual servers from other VPN providers
        #CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
        #iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
        #iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

        # Drop everything else
        iptables -A INPUT -j DROP
        iptables -A OUTPUT -j DROP
        echo "Ipredator iptables rules activated"
    fi
}

disableRules() {
    if [ -f /etc/ipredator/iptables.orig ]; then
        iptables-restore /etc/ipredator/iptables.orig
        rm /etc/ipredator/iptables.orig
        echo "Ipredator iptables rules deactivated"
    else
        echo "Ipredator iptables rules already disabled!"
    fi
}

help () {
echo "Ipredator iptables"
echo "  Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
echo "  and on scripts created by ShadowSpectre (PIA Iptables Manager)"
echo "  and Windom (iptables-vpnon-update)"
echo ""
echo "Usage: $0 [OPTION]"
echo "  start      Replace current iptables rules to accept Ipredator servers and LAN, dropping all other connections"
echo "  stop       Reset iptables rules to original values"
echo "  {no option}  Display this help text"
}

if [ $# -gt 1 ]; then
    echo "Too many arguments"
elif [ $# -eq 1 ]; then
    case $1 in
        start) enableRules;;
        stop) disableRules;;
        *) echo "Invalid option: $1"
    esac
else
    help
fi
 

Share this post


Link to post

I'f tested the script and it prevents the ip leak, but only there is no traffic working at all...[/size]
It looks like this at the moment:

#!/bin/ash

# wget https://gist.githubusercontent.com/aelveborn/e0faab9185256eeb86ad/raw/ -O ipredator-iptables.sh
# chmod 755 airvpn-iptables.sh
# and modify your local ip in the script

enableRules() {
    if [ -f /etc/airvpn/iptables.orig ]; then
        echo "AirVPN iptables rules already enabled!"
    else
        if [ ! -d /etc/airvpn ]; then
            mkdir /etc/airvpn/
        fi
        iptables-save > /etc/airvpn/iptables.orig

        # Flush iptables and add tunnel and localhost
        iptables -F
        iptables -A INPUT -i tun+ -j ACCEPT
        iptables -A OUTPUT -o tun+ -j ACCEPT
        iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
        iptables -A OUTPUT -d 127.0.0.0/8 -j ACCEPT

        # Add local subnet for LAN access
        # Modify these ips for your local network
        #iptables -A INPUT -s 10.0.0.0/24 -j ACCEPT
        #iptables -A OUTPUT -d 10.0.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s 10.8.0.0/24 -j ACCEPT
        iptables -A OUTPUT -d 10.8.0.0/24 -j ACCEPT
        
        iptables -A INPUT -s MY.LOCAL.NETWORK.RANGE/24 -j ACCEPT
        iptables -A OUTPUT -d MY.LOCAL.NETWORK.RANGE/24 -j ACCEPT

        # Add AirVPNs IP's
        iptables -A INPUT -s AIR.VPN.SERVER.IP -j ACCEPT
        iptables -A OUTPUT -d AIR.VPN.SERVER.IP -j ACCEPT
        
        # Add current IP, in case currently connected server IP isn't in server list for some reason
        # Also allows script to handle individual servers from other VPN providers
        #CURRENT_SERVER_IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
        #iptables -A INPUT -s $CURRENT_SERVER_IP -j ACCEPT
        #iptables -A OUTPUT -d $CURRENT_SERVER_IP -j ACCEPT

        # Drop everything else
        iptables -A INPUT -j DROP
        iptables -A OUTPUT -j DROP
        echo "AirVPN iptables rules activated"
    fi
}

disableRules() {
    if [ -f /etc/airvpn/iptables.orig ]; then
        iptables-restore /etc/airvpn/iptables.orig
        rm /etc/airvpn/iptables.orig
        echo "AirVPN iptables rules deactivated"
    else
        echo "AirVPN iptables rules already disabled!"
    fi
}

help () {
echo "AirVPN iptables"
echo "  Based on PIA IPTables Leak Blocker 0.5 - coded by Colonel Panic"
echo "  and on scripts created by ShadowSpectre (PIA Iptables Manager)"
echo "  and Windom (iptables-vpnon-update)"
echo ""
echo "Usage: $0 [OPTION]"
echo "  start      Replace current iptables rules to accept AirVPN servers and LAN, dropping all other connections"
echo "  stop       Reset iptables rules to original values"
echo "  {no option}  Display this help text"
}

if [ $# -gt 1 ]; then
    echo "Too many arguments"
elif [ $# -eq 1 ]; then
    case $1 in
        start) enableRules;;
        stop) disableRules;;
        *) echo "Invalid option: $1"
    esac
else
    help
fi
 

 

 

Do i miss something?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...