Jump to content
Not connected, Your IP: 18.208.126.130
Iron_Mike

ANSWERED Network Lock does NOT lock Network

Recommended Posts

Hi guys,

 

just noticed this today that network lock does not lock anything... I thought it was supposed to lock all internet connections and route them through the VPN tunnel (if a tunnel was established to a server)... (?)

 

this is not working... I'm writing this message with network lock enabled, but NOT connected to a server... shouldn't I not have any internet connection at all... ?

 

when I connect to a server, it seems it's then using the VPN connection, but when I disconnect and then just let it sit there with Network lock still enabled, 2 mins later I got internet from my standard connection...

 

this is not good and not secure at all.

 

is this a known bug ? do you guys have the same issue ?

 

 

 

This is on Win 8.1 x64.

 

Thanks.

Share this post


Link to post

Hi Zhang,

 

I got SEP running here as anit-virus...

 

here's the log:

 

 

I 2016.03.28 19:24:29 - AirVPN client version: 2.10.3 / x64, System: Windows, Name: Microsoft Windows NT 6.2.9200.0 / x64
. 2016.03.28 19:24:29 - Reading options from C:\Users\****\AppData\Local\AirVPN\AirVPN.xml
. 2016.03.28 19:24:29 - Data Path: C:\Users\****\AppData\Local\AirVPN
. 2016.03.28 19:24:29 - App Path: C:\Program Files\AirVPN
. 2016.03.28 19:24:29 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe
. 2016.03.28 19:24:29 - Command line arguments (1): path="home"
. 2016.03.28 19:24:29 - Operating System: Microsoft Windows NT 6.2.9200.0
. 2016.03.28 19:24:29 - Updating systems & servers data ...
I 2016.03.28 19:24:29 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.1
I 2016.03.28 19:24:29 - OpenVPN - Version: OpenVPN 2.3.8 (C:\Program Files\AirVPN\openvpn.exe)
I 2016.03.28 19:24:29 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)
I 2016.03.28 19:24:29 - SSL - Version: stunnel 5.17 (C:\Program Files\AirVPN\stunnel.exe)
! 2016.03.28 19:24:29 - Ready
. 2016.03.28 19:24:30 - Systems & servers data update completed
! 2016.03.28 19:24:33 - Activation of Network Lock - Windows Firewall
I 2016.03.28 19:26:12 - Session starting.
I 2016.03.28 19:26:12 - IPv6 disabled.
I 2016.03.28 19:26:13 - Checking authorization ...
! 2016.03.28 19:26:13 - Connecting to Mimosa (Canada, Vancouver)
. 2016.03.28 19:26:13 - OpenVPN > OpenVPN 2.3.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Aug 13 2015
. 2016.03.28 19:26:13 - OpenVPN > library versions: OpenSSL 1.0.2d 9 Jul 2015, LZO 2.08
. 2016.03.28 19:26:13 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2016.03.28 19:26:13 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2016.03.28 19:26:13 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.28 19:26:13 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.28 19:26:13 - OpenVPN > Socket Buffers: R=[65536->131072] S=[65536->131072]
. 2016.03.28 19:26:13 - OpenVPN > UDPv4 link local: [undef]
. 2016.03.28 19:26:13 - OpenVPN > UDPv4 link remote: [AF_INET]71.19.251.247:443
. 2016.03.28 19:26:14 - OpenVPN > TLS: Initial packet from [AF_INET]71.19.251.247:443, sid=7bdc1d9b a0b9e217
. 2016.03.28 19:26:14 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2016.03.28 19:26:14 - OpenVPN > Validating certificate key usage
. 2016.03.28 19:26:14 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2016.03.28 19:26:14 - OpenVPN > VERIFY KU OK
. 2016.03.28 19:26:14 - OpenVPN > Validating certificate extended key usage
. 2016.03.28 19:26:14 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2016.03.28 19:26:14 - OpenVPN > VERIFY EKU OK
. 2016.03.28 19:26:14 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2016.03.28 19:26:14 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.03.28 19:26:14 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.28 19:26:14 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.03.28 19:26:14 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.28 19:26:14 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2016.03.28 19:26:14 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]71.19.251.247:443
. 2016.03.28 19:26:17 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2016.03.28 19:26:17 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.0.186 255.255.0.0'
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: route options modified
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2016.03.28 19:26:17 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2016.03.28 19:26:17 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2016.03.28 19:26:17 - OpenVPN > open_tun, tt->ipv6=0
. 2016.03.28 19:26:17 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{E465FA33-9EC3-4950-ADEE-54986FBDA201}.tap
. 2016.03.28 19:26:17 - OpenVPN > TAP-Windows Driver Version 9.21
. 2016.03.28 19:26:17 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.4.0.0/10.4.0.186/255.255.0.0 [SUCCEEDED]
. 2016.03.28 19:26:17 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.4.0.186/255.255.0.0 on interface {E465FA33-9EC3-4950-ADEE-54986FBDA201} [DHCP-serv: 10.4.255.254, lease-time: 31536000]
. 2016.03.28 19:26:17 - OpenVPN > Successful ARP Flush on interface [22] {E465FA33-9EC3-4950-ADEE-54986FBDA201}
. 2016.03.28 19:26:22 - OpenVPN > TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
. 2016.03.28 19:26:22 - OpenVPN > C:\Windows\system32\route.exe ADD 71.19.251.247 MASK 255.255.255.255 192.168.2.1
. 2016.03.28 19:26:22 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
. 2016.03.28 19:26:22 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2016.03.28 19:26:22 - OpenVPN > C:\Windows\system32\route.exe ADD 192.168.2.1 MASK 255.255.255.255 192.168.2.1 IF 3
. 2016.03.28 19:26:22 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4
. 2016.03.28 19:26:22 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2016.03.28 19:26:22 - OpenVPN > C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.4.0.1
. 2016.03.28 19:26:22 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2016.03.28 19:26:22 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2016.03.28 19:26:22 - OpenVPN > C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.4.0.1
. 2016.03.28 19:26:22 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2016.03.28 19:26:22 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2016.03.28 19:26:22 - Starting Management Interface
. 2016.03.28 19:26:22 - OpenVPN > Initialization Sequence Completed
I 2016.03.28 19:26:22 - DNS of a network adapter forced (Intel(R) Dual Band Wireless-AC 7260)
I 2016.03.28 19:26:22 - DNS of a network adapter forced (TAP-Windows Adapter V9)
I 2016.03.28 19:26:22 - Flushing DNS
I 2016.03.28 19:26:23 - Checking route
I 2016.03.28 19:26:23 - Checking DNS
! 2016.03.28 19:26:24 - Connected.
. 2016.03.28 19:26:24 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100
. 2016.03.28 19:26:24 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info
! 2016.03.28 19:27:56 - Disconnecting
. 2016.03.28 19:27:56 - Management - Send 'signal SIGTERM'
. 2016.03.28 19:27:56 - OpenVPN > MANAGEMENT: CMD 'signal SIGTERM'
. 2016.03.28 19:27:56 - OpenVPN > SIGTERM received, sending exit notification to peer
. 2016.03.28 19:28:01 - OpenVPN > C:\Windows\system32\route.exe DELETE 71.19.251.247 MASK 255.255.255.255 192.168.2.1
. 2016.03.28 19:28:01 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]
. 2016.03.28 19:28:01 - OpenVPN > C:\Windows\system32\route.exe DELETE 192.168.2.1 MASK 255.255.255.255 192.168.2.1
. 2016.03.28 19:28:01 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]
. 2016.03.28 19:28:01 - OpenVPN > C:\Windows\system32\route.exe DELETE 0.0.0.0 MASK 128.0.0.0 10.4.0.1
. 2016.03.28 19:28:01 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]
. 2016.03.28 19:28:01 - OpenVPN > C:\Windows\system32\route.exe DELETE 128.0.0.0 MASK 128.0.0.0 10.4.0.1
. 2016.03.28 19:28:01 - OpenVPN > Route deletion via IPAPI succeeded [adaptive]
. 2016.03.28 19:28:01 - OpenVPN > Closing TUN/TAP interface
. 2016.03.28 19:28:01 - OpenVPN > SIGTERM[soft,exit-with-notification] received, process exiting
. 2016.03.28 19:28:01 - Connection terminated.
I 2016.03.28 19:28:01 - DNS of a network adapter restored to original settings (Intel(R) Dual Band Wireless-AC 7260)
I 2016.03.28 19:28:01 - DNS of a network adapter restored to original settings (TAP-Windows Adapter V9)
I 2016.03.28 19:28:01 - IPv6 restored.
! 2016.03.28 19:28:01 - Session terminated.

 

 

Share this post


Link to post

Im on linux, same problem. Network lock does NOT lock the network even though it says it does. Log says its activated, i tried setting it from automatic to iptables, iptables is installed as is iptables-save and iptables-restore. Firewall is deactivated, relevant output:

 

iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

 

Before and after running airvpn, or activating deactivating network lock.

 

Log of your client, **** is obfuscated by me:

 

I 2016.03.30 18:00:24 - AirVPN client version: 2.10.3 / x64, System: Linux, Name: Welcome to openSUSE Leap 42.1 - Kernel \r (\l). / x64
. 2016.03.30 18:00:24 - Reading options from /home/myown/.airvpn/AirVPN.xml
. 2016.03.30 18:00:24 - Data Path: /home/myown/.airvpn
. 2016.03.30 18:00:24 - App Path: /usr/lib64/AirVPN
. 2016.03.30 18:00:24 - Executable Path: /usr/lib64/AirVPN/AirVPN.exe
. 2016.03.30 18:00:24 - Command line arguments (1): path="/home/****/.airvpn"
. 2016.03.30 18:00:24 - Updating systems & servers data ...
. 2016.03.30 18:00:24 - Operating System: Unix **** GNU/Linux
I 2016.03.30 18:00:24 - OpenVPN Driver - Found, /dev/net/tun
I 2016.03.30 18:00:24 - OpenVPN - Version: OpenVPN 2.3.8 (/usr/sbin/openvpn)
I 2016.03.30 18:00:24 - SSH - Version: OpenSSH_6.6.1p1, OpenSSL 1.0.1i-fips 6 Aug 2014 (/usr/bin/ssh)
I 2016.03.30 18:00:24 - SSL - Version: stunnel 5.06 (/usr/lib64/AirVPN/stunnel)
! 2016.03.30 18:00:24 - Activation of Network Lock - Linux IPTables
. 2016.03.30 18:00:25 - Systems & servers data update completed
I 2016.03.30 18:00:25 - Session starting.
W 2016.03.30 18:00:25 - Unable to understand if IPV6 is active.
I 2016.03.30 18:00:32 - Checking authorization ...
! 2016.03.30 18:00:32 - Connecting to Miram (Netherlands, Alblasserdam)
. 2016.03.30 18:00:32 - OpenVPN > OpenVPN 2.3.8 x86_64-suse-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on Aug  4 2015
. 2016.03.30 18:00:32 - OpenVPN > library versions: OpenSSL 1.0.1i-fips 6 Aug 2014, LZO 2.08
. 2016.03.30 18:00:32 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2016.03.30 18:00:32 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2016.03.30 18:00:32 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.30 18:00:32 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.30 18:00:32 - OpenVPN > Socket Buffers: R=[212992->262144] S=[212992->262144]
. 2016.03.30 18:00:32 - OpenVPN > UDPv4 link local: [undef]
. 2016.03.30 18:00:32 - OpenVPN > UDPv4 link remote: [AF_INET]****
. 2016.03.30 18:00:32 - OpenVPN > TLS: Initial packet from [AF_INET]****, sid=****
. 2016.03.30 18:00:32 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2016.03.30 18:00:32 - OpenVPN > Validating certificate key usage
. 2016.03.30 18:00:32 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2016.03.30 18:00:32 - OpenVPN > VERIFY KU OK
. 2016.03.30 18:00:32 - OpenVPN > Validating certificate extended key usage
. 2016.03.30 18:00:32 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2016.03.30 18:00:32 - OpenVPN > VERIFY EKU OK
. 2016.03.30 18:00:32 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2016.03.30 18:00:33 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.03.30 18:00:33 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.30 18:00:33 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2016.03.30 18:00:33 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2016.03.30 18:00:33 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2016.03.30 18:00:33 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]213.152.162.88:443
. 2016.03.30 18:00:35 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2016.03.30 18:00:35 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.56.24 255.255.0.0'
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: route options modified
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2016.03.30 18:00:35 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2016.03.30 18:00:35 - OpenVPN > ROUTE_GATEWAY **** IFACE=eth0 HWADDR=****
. 2016.03.30 18:00:35 - OpenVPN > TUN/TAP device tun0 opened
. 2016.03.30 18:00:35 - OpenVPN > TUN/TAP TX queue length set to 100
. 2016.03.30 18:00:35 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2016.03.30 18:00:35 - OpenVPN > /bin/ip link set dev tun0 up mtu 1500
. 2016.03.30 18:00:35 - OpenVPN > /bin/ip addr add dev tun0 10.4.56.24/16 broadcast 10.4.255.255
. 2016.03.30 18:00:40 - OpenVPN > /bin/ip route add 213.152.162.88/32 via ****
. 2016.03.30 18:00:40 - OpenVPN > /bin/ip route add 0.0.0.0/1 via 10.4.0.1
. 2016.03.30 18:00:40 - OpenVPN > /bin/ip route add 128.0.0.0/1 via 10.4.0.1
. 2016.03.30 18:00:40 - Starting Management Interface
. 2016.03.30 18:00:40 - OpenVPN > Initialization Sequence Completed
I 2016.03.30 18:00:40 - /etc/resolv.conf renamed to /etc/resolv.conf.airvpn as backup
I 2016.03.30 18:00:40 - DNS of the system updated to VPN DNS (Rename method: /etc/resolv.conf generated)
I 2016.03.30 18:00:40 - Flushing DNS
I 2016.03.30 18:00:40 - Checking route
I 2016.03.30 18:00:41 - Checking DNS
! 2016.03.30 18:00:41 - Connected.
. 2016.03.30 18:00:41 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100
. 2016.03.30 18:00:41 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

Share this post


Link to post

u are on some serious crack... anybody with constructive advice how to lock the network for good on Windows ?

 

Network Lock works perfectly on tens of thousands Windows machines and what you report is normally impossible. It could be explained if you have concurrent firewalls running or malware. Check the firewall rules when Network Lock is enabled.

 

Kind regards

Share this post


Link to post

Network Lock works perfectly on tens of thousands Windows machines and what you report is normally impossible. It could be explained if you have concurrent firewalls running or malware. Check the firewall rules when Network Lock is enabled.

 

Kind regards

 

well, that post doesn't help at all... I turned off SEP completely, network lock still does not lock the network... there is no other firewall installed... when you say "malware" are you referring to malware affecting the computer or anti-malware software ?

 

Thanks.

Share this post


Link to post

Staff is quite correct though, normally it should be impossible. The AirVPN client supposedly is just calling /sbin/iptables and issuing various commands, which it plainly doesn't. Even an failed attempt or conflict would atleast show up in the systemlog, yet there is nothing. Also manually entering the iptables rules works fine, i have taken to just executing a bash script with them, it works fine.

 

Yet this is clearly not entirely a problem with our machines. The software should never report a successful network lock that hasn't ocurred, no excuses. There may be people using this software living in countries where you can literally face jail or worse for saying your mind on the internet. Also the logging of that particular part is lacking, its actually not logging anything apart from informing you what it should have done.

 

 

Now don't get me wrong, im sure the error is somewhere in our distributions, settings(though im running stock with disabled firewalls) or something. What i take issue with is the false positive. Its very easy to check wether or not firewall rules have taken, you literally just have to query iptables and compare the output to what you expect it to be.

Share this post


Link to post

 

 

Network Lock works perfectly on tens of thousands Windows machines and what you report is normally impossible.

I'm afraid it's happened to me several times, as a matter of fact i'm having same problem as i type.

So once in a while after a restart network-lock doesn't do what it's supposed to.

I've been able to fix it with altering DNS settings in the past, i'll have another go with https://www.opennicproject.org/ and get back to you.

 

and come back to you.

Share this post


Link to post

Check the firewall rules when Network Lock is enabled.

 

what are the exact instructions to do this and what should the firewall rules be in order for the network to be locked ?

Share this post


Link to post

I've been able to fix it with altering DNS settings in the past

Afraid i haven't been able to fix it this time. I saw on activating it, it says:

 

24zhw94.jpg

and its not true! it doesn't matter if it's on or not! Any url i want opens up, Airvpn as well.

Share this post


Link to post

You are the only one here so far who experiences this. Check all and everything, something resets your firewall rules. It doesn't need to be a antivirus suite.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

You are the only one here so far who experiences this. Check all and everything, something resets your firewall rules. It doesn't need to be a antivirus suite.

 

the only one here ?

 

there are 3 people in this thread alone who are reporting this... can someone please answer this:

 

what are the firewall rules and network adapter settings under Windows when a successful network lock has been done by the sw ?

Share this post


Link to post

You are the only one here so far who experiences this. Check all and everything, something resets your firewall rules. It doesn't need to be a antivirus suite.

 

One hell of a coincidence if its affecting windows and linux systems of different peop... oops. Apparently we are the same person, but you know, two can play this game. YOU are the only one in this thread claiming its not a common problem that everyone experiences, maybe its some other software running on your system accidently locking your network?

 

Anyway, im out. Said my part, reported my issue for those that will come after me via google foo or something, as did you.

 

No offense to the awesome people operating this service, you and your goals are truly great, but i don't feel your VPN software client is quite on the same level as the rest of this awesome project. Even IF some piece of software would reset my firewall settings(it doesn't, they don't get set in the first place), your client should inform me of the conflict. Otherwise why even pretend your client knows wether my network is locked or not, its just guessing isn't it?

Share this post


Link to post

Even IF some piece of software would reset my firewall settings(it doesn't, they don't get set in the first place), your client should inform me of the conflict. Otherwise why even pretend your client knows whether my network is locked or not, its just guessing isn't it?

 

x 1000

 

can somebody from the company make an official statement what the firewall rules should be after a successful network lock ? (so that we can set them manually)

 

if we don't get this sorted out ASAP we'll have to cancel our 20+ accounts... support seems to be very slow around here...

Share this post


Link to post

https://github.com/AirVPN/airvpn-client/blob/master/src/Platforms.Windows/NetworkLockWindowsFirewall.cs

 

netsh advfirewall firewall add rule name=\"AirVPN - ICMP V4\" dir=in action=allow protocol=icmpv4"
netsh advfirewall firewall add rule name=\"AirVPN - IpV6 Block - Low\" dir=out remoteip=0000::/1 action=allow"
netsh advfirewall firewall add rule name=\"AirVPN - IpV6 Block - High\" dir=out remoteip=8000::/1 action=allow"
netsh advfirewall firewall add rule name=\"AirVPN - In - AllowLocal\" dir=in action=allow remoteip=LocalSubnet"
netsh advfirewall firewall add rule name=\"AirVPN - Out - AllowLocal\" dir=out action=allow remoteip=LocalSubnet"
netsh advfirewall firewall add rule name=\"AirVPN - In - AllowVPN\" dir=in action=allow localip=10.4.0.0/16,10.5.0.0/16,10.6.0.0/16,10.7.0.0/16,10.8.0.0/16,10.9.0.0/16,10.30.0.0/16,10.50.0.0/16"
netsh advfirewall firewall add rule name=\"AirVPN - Out - AllowVPN\" dir=out action=allow localip=10.4.0.0/16,10.5.0.0/16,10.6.0.0/16,10.7.0.0/16,10.8.0.0/16,10.9.0.0/16,10.30.0.0/16,10.50.0.0/16"
netsh advfirewall firewall add rule name=\"AirVPN - Out - DHCP\" dir=out action=allow protocol=UDP localport=68 remoteport=67 program=\"%SystemRoot%\\system32\\svchost.exe\" service=\"dhcp\""
netsh advfirewall set allprofiles firewallpolicy BlockInbound,BlockOutbound"

 

Together with the AirVPN IP list that is refreshed dynamically after the client is bootstrapped.

From your description, it looks you are missing netsh advfirewall set allprofiles firewallpolicy BlockInbound,BlockOutbound

cleanup rule, which is in charge of blocking all traffic that doesn't match the above rules.

 

Notice that I answered you within 3 minutes from your original post on Mar 29.

Then Staff answered you within 12 minutes from your second question on Apr 02,

which was pretty much the same answer since you have software that breaks the

Windows Firewall or doesn't allow it to function correctly.

So your "slow support" statement isn't exactly fair.
 


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Zhang,

 

let's be very clear: I posted 8 days ago - u responded asking for the log - which I provided and then ZERO form you... (!?!)

 

staff posted FIVE DAYS later an absolutely useless post (trying to talk down the fact), when already other peeps are now reporting issues... I can only assume u guys know about this problem, yet there is nothing u can do about it, which makes this a huge problem...

 

the minimum u need to do is - as suggested by a few other members here - have your sw report when it can NOT successfully lock the network, so that the user is aware of this security hole !

 

back to our problem here:

 

how do u know I have sw that "breaks" the Windows fw ? that's an assumption on ur end... I disabled SEP completely and Network lock still does not lock anything...

 

so, in regards to ur helpful post - been 8 days waiting on that - what exactly do I need to do to test ur solution ?

 

I just ran all of the commands from ur post in an elevated command prompt (as administrator)... but network is still NOT locked...

 

please provide exact instructions on what I need to do.

 

Thanks.

Share this post


Link to post

This is very surprising to read about such theories, that someone here is trying to hide a known

problem from you. The software is open source and everyone can know what it does, and thousands

of users have this software working fine for them with all supported Windows versions.

Real bugs are acknowledged and then fixed, while a changelog is later applied to explain the issue.

 

How do I "assume" that this is a software that breaks your Windows Firewall?

If you search the forums for top 3 reasons of broken network lock, you will be surprised that the

main reason for this will be 3d party software - which you confirmed to have.

Once again, the fact that the network lock is not compatible with 3d party firewalls is written

multiple times in the FAQ section.

 

You claim to "disable" SEP but there is no provable way of actually verifying what does it mean

under the hood. Does it means it also removes the network hooks and restores the windows firewall

service? No one can know for sure since only you have access to your own machine.

 

Which means, if you have any doubts that Network Lock is broken, and that it's not your system

causing the issue - why won't you install a clean Windows image on a VM, or try the client on another

clean machine without 3d party firewalls to make this a fair test?

 

When the Windows Firewall service is on, and the above rules are set, it should work. This is a longer

version of the same answer.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Zhang,

 

please answer the actual question from my last post: why did u post those commands ? Am I supposed to run them in command prompt ?

Share this post


Link to post

Is the Network Lock programmed to block the resetting of the DNS and block the internet connections??

 

Or is the Network Lock programmed to follow the rules set up in the firewall program???

Share this post


Link to post

Zhang,

 

please answer the actual question from my last post: why did u post those commands ? Am I supposed to run them in command prompt ?

 

You are not supposed to manually run them, you asked what the network lock rules look like and I quoted them from the source code.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

You are not supposed to manually run them, you asked what the network lock rules look like and I quoted them from the source code.

 

let me ask you in a different way:

 

what can I do to manually lock my network and force-route all traffic through the VPN tunnel ?

 

What are the exact steps ?

Share this post


Link to post

OK. Here you go.

 

 

netsh advfirewall firewall add rule name=\"AirVPN - Out - AllowAirIPS\" dir=Out action=allow remoteip=23.82.53.90/32,23.82.53.92/32,23.105.129.218/32,23.105.129.220/32,46.19.137.114/32,46.19.137.115/32,46.21.151.106/32,46.21.151.108/32,46.21.154.82/32,46.21.154.84/32,46.29.125.13/32,46.29.125.15/32,46.165.208.65/32,46.165.208.69/32,46.165.208.70/32,46.165.208.106/32,46.165.208.109/32,46.165.208.110/32,46.166.165.124/32,46.166.165.240/32,46.182.35.14/32,46.182.35.49/32,52.48.66.85/32,54.93.175.114/32,54.225.156.17/32,62.102.148.131/32,62.102.148.132/32,62.102.148.133/32,62.102.148.134/32,62.102.148.135/32,62.102.148.136/32,62.102.148.137/32,62.102.148.139/32,62.102.148.170/32,62.102.148.174/32,62.102.148.176/32,62.102.148.178/32,62.102.148.180/32,62.102.148.182/32,62.102.148.184/32,62.102.148.186/32,64.120.44.138/32,64.120.44.140/32,71.19.249.195/32,71.19.249.197/32,71.19.251.247/32,71.19.251.249/32,71.19.252.21/32,71.19.252.23/32,71.19.252.26/32,71.19.252.28/32,71.19.252.31/32,71.19.252.33/32,71.19.252.113/32,71.19.252.115/32,78.129.153.40/32,78.129.153.59/32,79.143.191.166/32,80.84.49.4/32,80.84.49.51/32,82.145.37.202/32,82.145.37.204/32,84.39.116.179/32,84.39.116.181/32,84.39.117.56/32,84.39.117.58/32,88.150.240.7/32,88.150.241.17/32,89.238.166.234/32,89.238.166.236/32,91.109.114.3/32,91.109.116.66/32,91.214.169.68/32,91.214.169.70/32,94.100.23.162/32,94.100.23.164/32,94.229.74.90/32,94.229.74.92/32,95.211.138.143/32,95.215.62.91/32,95.215.62.93/32,96.47.229.58/32,96.47.229.60/32,103.10.197.186/32,103.10.197.188/32,103.16.27.25/32,103.16.27.27/32,103.16.27.74/32,103.16.27.76/32,103.254.153.68/32,103.254.153.100/32,104.243.24.235/32,104.243.24.237/32,104.254.90.186/32,104.254.90.188/32,104.254.90.194/32,104.254.90.196/32,104.254.90.202/32,104.254.90.204/32,104.254.90.234/32,104.254.90.236/32,104.254.90.242/32,104.254.90.244/32,104.254.90.250/32,104.254.90.252/32,109.163.226.155/32,109.163.230.232/32,109.202.103.169/32,109.202.103.171/32,109.232.227.132/32,109.232.227.134/32,109.232.227.137/32,109.232.227.139/32,109.232.227.148/32,109.232.227.150/32,137.63.71.50/32,137.63.71.52/32,149.255.33.154/32,149.255.33.156/32,159.148.186.10/32,159.148.186.12/32,159.148.186.17/32,159.148.186.19/32,159.148.186.24/32,159.148.186.26/32,159.148.186.31/32,159.148.186.33/32,162.219.176.2/32,162.219.176.4/32,173.44.55.154/32,173.44.55.156/32,173.44.55.178/32,173.44.55.180/32,173.234.159.194/32,173.234.159.196/32,178.162.198.40/32,178.162.198.46/32,178.162.198.102/32,178.162.198.103/32,178.162.198.110/32,178.162.198.112/32,178.238.229.55/32,184.75.214.162/32,184.75.214.164/32,184.75.221.2/32,184.75.221.4/32,184.75.223.194/32,184.75.223.196/32,184.75.223.202/32,184.75.223.204/32,184.75.223.210/32,184.75.223.212/32,184.75.223.218/32,184.75.223.220/32,184.75.223.226/32,184.75.223.228/32,184.75.223.234/32,184.75.223.236/32,185.57.80.146/32,185.57.80.148/32,185.93.182.170/32,185.93.182.172/32,195.154.43.198/32,195.154.188.113/32,195.154.194.18/32,198.203.28.42/32,198.203.28.44/32,199.19.94.12/32,199.19.94.18/32,199.19.94.19/32,199.19.94.61/32,199.19.94.65/32,199.19.94.132/32,199.19.94.137/32,199.19.94.195/32,199.19.95.187/32,199.19.95.189/32,199.21.149.44/32,199.21.149.70/32,199.241.146.162/32,199.241.146.164/32,199.241.146.178/32,199.241.146.180/32,199.241.147.34/32,199.241.147.36/32,212.129.42.171/32,213.152.161.4/32,213.152.161.6/32,213.152.161.9/32,213.152.161.11/32,213.152.161.14/32,213.152.161.16/32,213.152.161.19/32,213.152.161.21/32,213.152.161.24/32,213.152.161.26/32,213.152.161.29/32,213.152.161.31/32,213.152.161.34/32,213.152.161.36/32,213.152.161.39/32,213.152.161.41/32,213.152.161.44/32,213.152.161.46/32,213.152.161.68/32,213.152.161.70/32,213.152.161.73/32,213.152.161.75/32,213.152.161.84/32,213.152.161.86/32,213.152.161.100/32,213.152.161.102/32,213.152.161.116/32,213.152.161.118/32,213.152.161.132/32,213.152.161.134/32,213.152.161.137/32,213.152.161.139/32,213.152.161.148/32,213.152.161.150/32,213.152.161.164/32,213.152.161.166/32,213.152.161.169/32,213.152.161.171/32,213.152.161.180/32,213.152.161.182/32,213.152.162.68/32,213.152.162.70/32,213.152.162.73/32,213.152.162.75/32,213.152.162.78/32,213.152.162.80/32,213.152.162.83/32,213.152.162.85/32,213.152.162.88/32,213.152.162.90/32,213.152.162.93/32,213.152.162.95/32,213.152.162.98/32,213.152.162.100/32,213.152.162.103/32,213.152.162.105/32,213.152.162.108/32,213.152.162.110/32,213.152.162.113/32,213.152.162.115/32,213.152.162.148/32,213.152.162.150/32,213.152.162.153/32,213.152.162.155/32,213.152.162.164/32,213.152.162.166/32,213.152.162.169/32,213.152.162.171/32,213.152.162.180/32,213.152.162.182/32"
netsh advfirewall firewall add rule name=\"AirVPN - ICMP V4\" dir=in action=allow protocol=icmpv4"
netsh advfirewall firewall add rule name=\"AirVPN - IpV6 Block - Low\" dir=out remoteip=0000::/1 action=allow"
netsh advfirewall firewall add rule name=\"AirVPN - IpV6 Block - High\" dir=out remoteip=8000::/1 action=allow"
netsh advfirewall firewall add rule name=\"AirVPN - In - AllowLocal\" dir=in action=allow remoteip=LocalSubnet"
netsh advfirewall firewall add rule name=\"AirVPN - Out - AllowLocal\" dir=out action=allow remoteip=LocalSubnet"
netsh advfirewall firewall add rule name=\"AirVPN - In - AllowVPN\" dir=in action=allow localip=10.4.0.0/16,10.5.0.0/16,10.6.0.0/16,10.7.0.0/16,10.8.0.0/16,10.9.0.0/16,10.30.0.0/16,10.50.0.0/16"
netsh advfirewall firewall add rule name=\"AirVPN - Out - AllowVPN\" dir=out action=allow localip=10.4.0.0/16,10.5.0.0/16,10.6.0.0/16,10.7.0.0/16,10.8.0.0/16,10.9.0.0/16,10.30.0.0/16,10.50.0.0/16"
netsh advfirewall firewall add rule name=\"AirVPN - Out - DHCP\" dir=out action=allow protocol=UDP localport=68 remoteport=67 program=\"%SystemRoot%\\system32\\svchost.exe\" service=\"dhcp\""
netsh advfirewall set allprofiles firewallpolicy BlockInbound,BlockOutbound"

 


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...