cheapsheep 6 Posted ... (edited) I have recently noticed that i always get assigned the same internal IP address on my tun0. In my specific case, i have a docker mapped to the internal tun0 IP which is used by bluetit. I was stunned that i was still able to connect the docker externally after i rebooted and reconnected to the Air server.Specs: Software: 1.1.0 RC4 Connection: bluetit OS: Ubuntu 21 / Linux 5.11.0-18-generic #19-Ubuntu SMP Fri May 7 14:22:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linuxbluetit.rc: airconnectatboot: server airserver: xxx tunpersist: yes networklock: nftables Is this intended because i have forwarded ports activated? Is this a privacy concern? Regards Edited ... by cheapsheep Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 4 hours ago, cheapsheep said: airconnectatboot: server This. Because the IP address you get assigned is not deleted right away but after some minutes (default max 10, no idea how AirVPN configured it but clearly longer than your reboot needed). Change the server, port or protocol to force another subnet, ergo, another IP. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
cheapsheep 6 Posted ... 23 minutes ago, OpenSourcerer said: This. Because the IP address you get assigned is not deleted right away but after some minutes (default max 10, no idea how AirVPN configured it but clearly longer than your reboot needed). Change the server, port or protocol to force another subnet, ergo, another IP. Actually i expect to get a new inet assigned every time i connect - irrespective of the fact that it is the same server or the even the same ISP IP. In my case the TTL has to be measured in hours (at least). The first time i noticed it was yesterday evening. I just rebooted and still get the same ip assigned. //EDIT: I just rebooted my router. Thus my ISP IP changed and i got assigned a new inet. Btw: I have no problem being assigned the same inet since it makes my life easier. Especially when using docker containers with forwarded ports, there is no need to let them run in host mode. However, i was wondering why the TTL for the inet is (probably) dependent on the assigned ISP IP. I think this might be a privacy concern (like Wireguard), although all logs are deleted when the connection is closed. Regards. Quote Share this post Link to post
OpenSourcerer 1435 Posted ... Well… disappointment is largely a product of unmet expectations. In any case, there is no real sense in shifting the internal IP address like this – your external IP does not change, anyway, so there are no benefits for privacy or something. Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 9973 Posted ... 21 hours ago, cheapsheep said: I have recently noticed that i always get assigned the same internal IP address on my tun0. Hello! This happens by explicit configuration server side. We opted for this solution because we received a large amount of requests to do so. It makes binding of specific processes which can bind only to IP addresses and not to interfaces (from inner settings) so much easier. This configuration can be changed (try Xuange server for example) but currently it will be not, because the requests to do so have been very many. Anyway this is unrelated to AirVPN Suite testing so we will split the messages to a different thread in Suggestions, therefore any user can write what he or she prefers. Kind regards Quote Share this post Link to post
Staff 9973 Posted ... 17 hours ago, cheapsheep said: I think this might be a privacy concern (like Wireguard), although all logs are deleted when the connection is closed. Hello! Well, of course Wireguard is catastrophic in this sense, because it is very poor in options, but luckily it's not the same thing with OpenVPN, because in Wireguard by default you have 1) a permanent bijection between private IP address and client KEY (we will delete the link periodically when we offer Wireguard and re-create it when a connection is required), because Wireguard does not support any other method to dynamically handle clients (this feature might be implemented in the future) This dangerous pre-prepared static link does not exist at all in OpenVPN. 2) your real IP address is permanently stored by Wireguard even after you turn off your software or machine, because Wireguard is extremely limited and does not have any explicit-exit-notify or ping-timeout option (we will therefore force deletion and disconnections after some time there is no communications by the clients, even though this will cause some unexpected disconnections). OpenVPN does not need to do so because it realizes when one of the peers is no more there, even in UDP of course, so the real IP address for the socket etc. is immediately lost at disconnection. 3) Wireguard requires that the mentioned data is stored in files (we will keep them in RAM as usual, to mitigate the problem) But yes, we will re-consider the whole matter, just in case. Additional re-checks in security fields are always good Kind regards 1 1 cheapsheep and dIecbasC reacted to this Quote Share this post Link to post
Stalinium 44 Posted ... (edited) Edit: See above response by Staff I overlooked. Windows ipconfig /all reports a 1-year long DHCP lease on the internal VPN addresses. I've recently changed the OpenVPN access keys (and regenerated new configs) in Client Area and then I was assigned new internal IPs. I agree that it's good to have because really a lot of programs only offer the option to bind to a specific IP, i.e. you need to have a static internal IP. However I fail to see what privacy concerns there are if the internal IP (DHCP lease) is tied to the access key? Edited ... by Stalinium Quote Share this post Link to post