Jump to content
Not connected, Your IP: 18.224.136.125
AirVPN
Sign in to follow this  
Followers 0
uldch

ipleak.net can expose airvpn tunneled via ssl or ssh?

By uldch, ... in Troubleshooting and Problems

Recommended Posts

uldch    0

uldch
Posted ...

Hello,

 

i wonder why ipleak.net is able to show that i am using the airvpn service although my vpn protocol is set to SSH / SSL.

 

so is this statement wrong -> "OpenVPN typical fingerprint can not be detected anymore. Useful if you live in a country which tries to disrupt OpenVPN connections when detected." or do i miss something?

 

Best regards

 

 

Share this post

Link to post

Staff    9783

Staff
Posted ...

Hello,

 

i wonder why ipleak.net is able to show that i am using the airvpn service although my vpn protocol is set to SSH / SSL.

 

so is this statement wrong -> "OpenVPN typical fingerprint can not be detected anymore. Useful if you live in a country which tries to disrupt OpenVPN connections when detected." or do i miss something?

 

Best regards

 

It compares your system IP address with all the Air VPN servers exit-IP addresses.

 

Kind regards

Share this post

Link to post

Staff    9783

Staff
Posted ...

If I remember well, http://www.browserleaks.com/whois always exposed that I was using Openvpn too, when using ssh or ssl. But I can´t be totally sure, you can test it.

 

 

That's based on the detected "fingerprint" by the final service, when packets are all out of the tunnel. It is a different issue than hiding OpenVPN between your node and the VPN server (typically where your ISP observes you). See WITCH for the original code http://witch.valdikss.org.ru/

 

At the moment you can make WITCH unable to recognize OpenVPN usage in UDP by selecting unusual mssfix parameters.

 

Interesting to compare with this:

https://airvpn.org/topic/17709-netflix-how-to-accessuse-it-when-vpn-is-connected/

 

Kind regards

Share this post

Link to post

uldch    0

uldch
Posted ...

It compares your system IP address with all the Air VPN servers exit-IP addresses.

 

so if you live in a country which tries to disrupt vpn technology, the state just needs to cache all exit ip adresses of popular vpn services and you are done, right?

Share this post

Link to post

zhang888    1065

zhang888
Posted ...

 

It compares your system IP address with all the Air VPN servers exit-IP addresses.

 

so if you live in a country which tries to disrupt vpn technology, the state just needs to cache all exit ip adresses of popular vpn services and you are done, right?

 

Explain what do you mean by that. They can probably buy accounts on most popular VPN services and scrape their IP and block them.

This never happened before and I am not aware of any country that permanently blocks access to Air's servers on a country scale.

Some ISPs tamper with the OpenVPN protocol using DPI, and this is why SSL/SSH comes to help.

Nevertheless, they are not able to decrypt your traffic in any mode, even without using SSL/SSH.

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

uldch    0

uldch
Posted ...

Explain what do you mean by that. They can probably buy accounts on most popular VPN services and scrape their IP and block them.

This never happened before and I am not aware of any country that permanently blocks access to Air's servers on a country scale.

Some ISPs tamper with the OpenVPN protocol using DPI, and this is why SSL/SSH comes to help.

Nevertheless, they are not able to decrypt your traffic in any mode, even without using SSL/SSH.

 

I agree. Thank you all for your responses

Share this post

Link to post

Staff    9783

Staff
Posted ...

 

It compares your system IP address with all the Air VPN servers exit-IP addresses.

 

so if you live in a country which tries to disrupt vpn technology, the state just needs to cache all exit ip adresses of popular vpn services and you are done, right?

 

No: blocking exit-IP addresses would have an impact only on services inside that country, but would allow a citizen to connect to our VPN servers and go out on the rest of the world. They would need to harvest different IP addresses (entry-IP addresses of course, and many other ones that of course we will not mention here). Additionally, you can easily imagine a way to circumvent even this block if you think about all the connection abilities of OpenVPN, even cited in this thread...

 

Kind regards

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...