Websites / exceptions for everyday use

[BubbleGirl 0]

Hallo, I've read about the kickasstorrents admin getting busted for stupid reasons and it got me thinking.

How do I specify everyday sites like https://amazon.com to NOT to use VPN tunnel.
So using same IP or number of IPs through AIRVPN will not become a problem.
And VPN is also useless since those sites have got your personal information.

ways to use it like I see it:

- network lock / adresses allowed (then https://amazon.com would be allowed by disconnect.) - bothersome
- routes (don't know how to use it)

So, like you see I don't know much

Other solutions I can think of:

- "misuse" tor browser for everyday sites (but then how does it stand to AIRVPN over TOR solution?)

I am rather a noob and not really out for a "tinkering" solution. Maybe it is that obvious that I dont see it?
Specifying web adresses espeacially such as amazon or youtube are probably problematic since they "outsource" their traffic through other domains.

Those did not get me very far
https://airvpn.org/faq/software_advanced/
https://airvpn.org/software/

Am I blowing some things out proportion, do not understand some things I saying? Possible. Tell me. Thanks for you help.

[Guest]

in the client Eddie, open the Routes tab and put amazon on the outside VPN tunnel

[BubbleGirl 0]

Thank you for answering.

 

Since the entry should be an IP address the "save" button stays inactive.

 

Besides, what is the way to prove that the entered site is actually being left out the vpn tunnel?

[Zaroad 26]

Adding Amazon's ip ranges on Routes Tab. What do you get when you try to run ' nslookup amazon.com ' on your CMD (Windows) /Terminal ?

 

I've tried here and I got

Servidor:  UnKnown
Address:  10.4.0.1

Respuesta no autoritativa:
Nombre:  amazon.com
Addresses:  54.239.25.192
          54.239.25.208
          54.239.25.200
          54.239.26.128
          54.239.17.6
          54.239.17.7 

 

and if I wanted to leave those IPs outside of my tunnel I would set ' 54.239.0.0/16 ' on the entry and recconect. In order to check if it's outside the tunnel or not I would do a traceroute (on CMD 'tracert amazon.com) and verify that the ip on first hop isn't 10.4.0.1 

[zhang888 1066]

This is harder than it seems in today's internet. Many big sites don't use single IPs, but a combination of various CDN solutions.

This creates 2 issues - huge routing table list of exclusions, and constant cat and mouse game to add new ranges. Bad.

Second issue - those ranges are also used by other websites which you do want to use VPNs for, i.e. torrent trackers.

 

So the only actual solution would be running a VM, bridge it to the host adapter without VPN, and use it for websites

and services you wish to be excluded from the main VPN connection.

[BubbleGirl 0]

@Zaroad: I get similar results with the exception of the first to IPs. Didn't run tracert on amazon.com because I don't understand what "/" in your suggestion "54.239.0.0/16" means. But otherwise it's a new cmd funtion I'm learning, thanks for that. But I guessed the same problem zhang888 describes in his following post.

 

54.239.25.20
54.239.17.7
54.239.25.192
54.239.26.128
54.239.17.6
54.239.25.200

 

@zhang888: How would it look like or where can I help myself to an instruction on bridging in regard to VM? I guess you mean the virtural bridge between adapters in windows settings "network, sharing center / adapters settings / ..."

 

Adressing future development: If AirVpn worked like a firewall, restrictions and exceptions could work on an app basis. E.g. all the traffic goes through the tunnel unless I add an app-exception that is allowed to use traffic outside the vpn tunnel. I remember the remedies using comodo firewall before AirVpn got the NetworkLock.

 

Funny though, today I've tried paypal website using tor browser (while vpn enabled) and it didn't work (blank screen), so so much for trying something new

[BubbleGirl 0]

@Zaroad: "I get similar results with the exception of the first two IPs"

[zhang888 1066]

This would look like this:

 

[Guest]

This is harder than it seems in today's internet. Many big sites don't use single IPs, but a combination of various CDN solutions.

This creates 2 issues - huge routing table list of exclusions, and constant cat and mouse game to add new ranges. Bad.

Second issue - those ranges are also used by other websites which you do want to use VPNs for, i.e. torrent trackers.

 

So the only actual solution would be running a VM, bridge it to the host adapter without VPN, and use it for websites

and services you wish to be excluded from the main VPN connection.

 

Or even better, use a different VPN server on the VM, that way at least they aren't the same servers/IPs making it more secure since you aren't exposing yourself outside of VPN

[BubbleGirl 0]

@zhang888 Ah ok, you mean VM. So, "bridged" means disregarding VPN tunnel/ client.

 

@EdensSpire Would you have a link to an instruction how to do this? 

 

Computing power. Even though VM seems like a stretch for a MBair (2011) or a regular lappy (everything gets heated up and works at full capacity), it is interesting in general how VM work as a server, where even multiple computers can connect and get an operating system version that is configurable before hand. Maybe that's what EdensSpire means, if one could configure two operating systems on the server then the client can connect to one or both OS, running different configurations. It would be the future, I guess, if the client laptop had only hardware with no "brains" and only upon connect it gets an OS. 

 

The easiest version would be, of course, just start one/ two VMs with not/ bridged adapter, but like I said my notebooks usually get all worked up to just one login on paypal (as an example)  

 

Just remembered, CIsco AnyConnect offers connection groups with options 

1-Full-Tunnel

2-Split-Tunnel

3-WLAN

4 ...

5 ...

 

Can something be done with those options? Right now I don't know if AirVpn client offers that. But those choices seem to be plausible and look like what I'm trying to achieve.

 

That client seems not to offer an import of the config file, so I guess that's a NO on AirVpn service using AnyConnect. 

[BubbleGirl 0]

edit: not resolved