Jump to content
Not connected, Your IP: 3.231.212.98
yepper

[Mac/Viscosity] Romania AirVPN servers don't play well with Google email

Recommended Posts

I usually use Netherlands AirVPN servers, and sometimes Romania servers when there's some (very infrequent) glitch with Netherlands.

 

I have my Mac Viscosity v1.4.10 VPN client:

Preferences > Connections > Networking > Routing

...for both Netherlands & Romania set to allow all my Google email servers' IP addresses to go through my regular ISP, and everything else to go through the VPN. Here is my Viscosity settings for both:

 

IP    Route                 Mask/Bits               Gateway
4    74.125.196.109  255.255.255.255    net_gateway
4    74.125.196.108  255.255.255.255    net_gateway
4    107.x.x.x    255.255.255.255    net_gateway
4    74.125.137.108  255.255.255.255    net_gateway
4    74.125.137.109  255.255.255.255    net_gateway
4    107.x.x.x    255.255.255.255    net_gateway
4    0.0.0.0                0.0.0.0                    vpn_gateway

 

This works fine when connected to a Netherlands exit server, but I always get Google's "unusual location" security block to trigger when connected to a Romania exit server.

 

Why one, but not the other? Any Mac Viscosity users set up this way here? (If this is better asked over on the Viscosity forums, please say so.) Thanks!

Share this post


Link to post

– I know what the Google "unusual location" security mechanism is.

– The 107.x.x.x addresses were not my "real IP" addresses; they were public Time-Warner ISP email server addresses, accompanying my 74.x.x.x Google public email server addresses.

 

To repeat, my question is, I have set those seven email server addresses to route through my regular Time-Warner ISP, and everything else to go through AirVPN; why does the same configuration work when using my Netherlands AirVPN exit server (doesn't trigger the Google "unusual location" alert), but not when using my Romania AirVPN exit server?

Share this post


Link to post

– I know what the Google "unusual location" security mechanism is.

– The 107.x.x.x addresses were not my "real IP" addresses; they were public Time-Warner ISP email server addresses, accompanying my 74.x.x.x Google public email server addresses.

 

To repeat, my question is, I have set those seven email server addresses to route through my regular Time-Warner ISP, and everything else to go through AirVPN; why does the same configuration work when using my Netherlands AirVPN exit server (doesn't trigger the Google "unusual location" alert), but not when using my Romania AirVPN exit server?

 

That's actually a question to Google and their policies.

When you use your Google account from many locations, they lift this warning and treat you as a "nomad".


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Nobody is understanding what I'm asking. Google shouldn't be seeing me using my Google account from another location in the first place, because I've configured my Viscosity VPN client to route my Google email servers normally, through my regular ISP, while all other internet activity is routed through my foreign AirVPN exit server. The point is that it works (I don't get Google "unusual location" alerts) when connecting to my Netherlands AirVPN server, but I do when connecting to my Romania AirVPN server. I have both of my Viscosity connection settings otherwise set identically, but the Romania one acts like my routing exceptions for my listed email server IP addresses isn't working, and, unlike with my Netherlands settings, they're leaking through, and going unwanted through the VPN tunnel.... Are any of you guys using Viscosity?

Share this post


Link to post

The point is that it works (I don't get Google "unusual location" alerts) when connecting to my Netherlands AirVPN server, but I do when connecting to my Romania AirVPN server

 

Maybe it works because it doesn't work with Netherlands, either, but Google already marked you as "living in the Netherlands"... which renders your rules ineffective. Did you try connecting to at least another server in a completely different country to test the rules? Google is big, they have many IPs...


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

^ Thanks, giganerd, that's certainly a logical possibility. However, I've just now pored over my Google account settings, and searched the Google account Help, and I cannot seem to find a link to a Google account setting that lists my "marked as living in..." items. Does anyone know how to see those, and edit them?

 

Also, I renew my appeal to anyone here using AirVPN with the Viscosity VPN client on a Macintosh, who might also be using the "IP addresses to exclude from the VPN tunnel" feature, and might be able to confirm whether it indeed works, and whether my configuration shown in this thread's first post is correct in:

Preferences > Connections > Networking > Routing

Share this post


Link to post

I think your problem is that the IP address for Google's email servers change very frequently.  I haven't worked with gmail servers in a while, but I think their time-to-live is only 300 seconds.  Essentially, every 5 minutes they could change the IP address. 

 

You are only routing two of their IPs, but they have many, many more.  Try querying the DNS for gmail.com over a period of time.  I suspect you will see the IP changing frequently. 

 

When gmail resolves to one of the IPs you have specified it goes through your normal ISP connection, but when gmail resolves to a different IP address, it routes through your VPN.  Google sees this frequent location changing as suspicious. 

Share this post


Link to post

^ Thanks, giganerd, that's certainly a logical possibility. However, I've just now pored over my Google account settings, and searched the Google account Help, and I cannot seem to find a link to a Google account setting that lists my "marked as living in..." items. Does anyone know how to see those, and edit them?

 

You cannot see them, you cannot edit them. It's an algorithm working under the hood. And about that mark, it's not quite "living in the Netherlands", more like "you frequently connect with Dutch IPs". You do it long and frequent enough, the algorithm will classify every other connection attempt with a NL IP from that one ISP as legitimate.

I wonder if it'd have any impact on this "decision" if you created a Google+ account and change your place of residence...


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Thanks, diver3923 and giganerd, I guess you guys must be right. Too bad there's no way to enter a URL web address instead of IP addresses. I just wish there were a VPN client that's application-specific, instead of taking over your whole computer's networking. (Little Snitch managed to create an application-specific firewall; seems like a VPN is somewhat similar and ought to be able to do that — it would solve so many problems!)

Share this post


Link to post

As a crude workaround, I used the ability of my Viscosity VPN client to execute AppleScripts before and after VPN connections, e.g.,

 

tell application "Mail" to set enabled of account "Gmail" to false

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...