Jump to content
Not connected, Your IP: 3.135.206.212
Sign in to follow this  
larky

PIA intentionally breaks Windows 10

Recommended Posts

Came across this over at the PIA forums

 

PIA intentionally breaks Windows 10

 

I have not checked and can't right now as my systems using AirVPN are off line for some hardware changes, and it never occurred to me until now, but does AirVPN also have this issue?

 

 

Share this post


Link to post

There is no issue, also there. The user is complaining that his ISP DNS is not working while he is connected to the VPN. This is what DNS leak protection should be doing.

Especially on Windows 10, where the block-outside-dns is doing the action he described. More here:

https://community.openvpn.net/openvpn/ticket/605

 

It's funny to read how he "resolved" the issue by setting a lower metric, causing himself a DNS leak, but that's upto the staff there to explain.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

His blog "case for the prosecution" is rather amusing.

"which I will not go into at this point because they are still being analyzed for a potential lawsuit against PIA by someone I know"

If he pays his lawyer and wins the case and gets a nice settlement, he can move on to Microsoft next and go for the really big bucks.

PIA sort of deserve all sorts of customers with their broad infotisement marketing, Air saves itself some resources by a rather more "word of mouth" / "recommend" diffusion through a more clued up crowd, and probably serves more security/privacy aware clients than Kodi junkies.

Share this post


Link to post

@ zhang888

 

 

I think you may have misread the post, the complaint is not "complaining that his ISP DNS is not working while he is connected to the VPN". Its about PIA breaking the nslookup function in Windows 10 to not function when it should when connected to VPN.

 

I was curious about it so I contacted him over there, the issue isn't actually his and he posted on behalf of someone else. The metric set to 1 didn't cause any DNS leaks and doesn't, in fact the metric setting came from a work around for the creators update issue and was posted here at AirVPN and was also given by staff at PIA. The complaint is not that the ISP dns is not working, its talking about the nslookup function not working when connected to the PIA VPN but it works if the tap adapter metric is set to 1 and one of the symptoms of the issue is that without the metric not set to 1 an nslookup will fail and display the isp dns in the failed lookup. That should not happen at all on the PIA VPN with the DNS leak protection enabled because with DNS leak protection enabled the only DNS that should show in any instance is the PIA DNS servers even for a failed nslookup  and the nslookup should not fail (this according to PIA). I understand the issue now. I use both PIA (on some systems), and AirVPN (on some other systems which are down right now for hardware changes). So I checked it out as well on PIA and see the complaint is correct after contacting him, the nslookup function is broken when connected to the PIA VPN. He showed me some of the emails the person got from PIA on the issue and PIA clearly acknowledges they break nslookup (and possibly a few other things) intentionally to make their client work and are essentially refusing to fix it. I see where the person is pissed and could sue them, a company causing intentional damage to ones computer OS (or any property) or intentionally causing something not to work and refusing to fix or replace is standing for a tort lawsuit in the U.S. 

Share this post


Link to post

Hello,

 

nslookup is a little tool that queries a nameserver. To frame correctly the problem you need to know how Windows DNS implementation is faulty. Windows never had a global DNS concept (source and core reason of the "DNS leaks") and things got worse with Windows 10, which started to query all the nameservers of all network interfaces at once and resolve the name with the first which answered.

 

Windows 10 "Creator" features an additional deterioration of the already rickety DNS implementation. Windows 10 Anniversary Update changed the way DNS works. It used to resolve a qualified name using all available adapters and IP addresses in parallel, now it still resolves names using all available adapters but in sequence, beginning with random adapter and waiting for the answer of each of them.

 

You can easily see how the above implementation will not work correctly in a variety of situations, including a system which is connected to a VPN with internal name servers and which does not want DNS queries outside the tunnel ("DNS leaks"), for example with the "block-outside-dns" directive of OpenVPN (emulated by Eddie for Windows to prevent DNS leaks, for example).

 

Lowering the metric of the tun adapter appears to be the correct solution at the moment. We don't know how the PIA software client deals with DNS leaks because it's a closed source software but from the description the observed behavior is just a rudimentary or clumsy DNS leak prevention which is not as effective as the one implemented in Eddie or in OpenVPN "block-outside-dns" by ValdikSS.

 

For additional information please see also:

https://airvpn.org/topic/22650-windows-10-creator-update-airvpn-dns-slow

 

Kind regards

Share this post


Link to post

Thanks for explaining all that.

 

From what I understand in communications with the guy over there this issue with PIA will probably not be fixed by PIA and its an issue that actually affects a whole subsystem of Windows 10 and causes other adverse issues as well.

Share this post


Link to post

been following this guy posting over at PIA, its interesting. Today he posted a scathing indictment (or what ever you want to call it) of PIA's tech support. He makes some good points. I especially like the part where he says "... PIA's so called "tech support" and "developers" are as screwed up as a soup sandwich. It made me spit coffee all over the monitor when I read that and started laughing.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...