Jump to content
Not connected, Your IP: 44.200.182.101
cheapsheep

VPN IP addresses: trying to preserve them o not?

Recommended Posts

Posted ... (edited)

I have recently noticed that i always get assigned the same internal IP address on my tun0.
In my specific case, i have a docker mapped to the internal tun0 IP which is used by bluetit. I was stunned that i was still able to connect the docker externally after i rebooted and reconnected to the Air server.

Specs:

Software: 1.1.0 RC4
Connection: bluetit
OS: Ubuntu 21 / Linux 5.11.0-18-generic #19-Ubuntu SMP Fri May 7 14:22:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

bluetit.rc:

airconnectatboot: server
airserver: xxx
tunpersist: yes
networklock: nftables

Is this intended because i have forwarded ports activated? Is this a privacy concern?

Regards

Edited ... by cheapsheep

Share this post


Link to post
4 hours ago, cheapsheep said:

airconnectatboot: server


This. Because the IP address you get assigned is not deleted right away but after some minutes (default max 10, no idea how AirVPN configured it but clearly longer than your reboot needed). Change the server, port or protocol to force another subnet, ergo, another IP.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
23 minutes ago, OpenSourcerer said:

This. Because the IP address you get assigned is not deleted right away but after some minutes (default max 10, no idea how AirVPN configured it but clearly longer than your reboot needed). Change the server, port or protocol to force another subnet, ergo, another IP.

Actually i expect to get a new inet assigned every time i connect - irrespective of the fact that it is the same server or the even the same ISP IP.
In my case the TTL has to be measured in hours (at least). The first time i noticed it was yesterday evening. I just rebooted and still get the same ip assigned.

//EDIT:

I just rebooted my router. Thus my ISP IP changed and i got assigned a new inet.
Btw: I have no problem being assigned the same inet since it makes my life easier. Especially when using docker containers with forwarded ports, there is no need to let them run in host mode. However, i was wondering why the TTL for the inet is (probably) dependent on the assigned ISP IP. I think this might be a privacy concern (like Wireguard), although all logs are deleted when the connection is closed.

Regards.

Share this post


Link to post

Well… disappointment is largely a product of unmet expectations. :)
In any case, there is no real sense in shifting the internal IP address like this – your external IP does not change, anyway, so there are no benefits for privacy or something.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
21 hours ago, cheapsheep said:

I have recently noticed that i always get assigned the same internal IP address on my tun0.


Hello!

This happens by explicit configuration server side. We opted for this solution because we received a large amount of requests to do so. It makes binding of specific processes which can bind only to IP addresses and not to interfaces (from inner settings) so much easier. This configuration can be changed (try Xuange server for example) but currently it will be not, because the requests to do so have been very many.

Anyway this is unrelated to AirVPN Suite testing so we will split the messages to a different thread in Suggestions, therefore any user can write what he or she prefers.

Kind regards


 

Share this post


Link to post
17 hours ago, cheapsheep said:
I think this might be a privacy concern (like Wireguard), although all logs are deleted when the connection is closed.
 

Hello!

Well, of course Wireguard is catastrophic in this sense, because it is very poor in options, but luckily it's not the same thing with OpenVPN, because in Wireguard by default you have

1) a permanent bijection between private IP address and client KEY (we will delete the link periodically when we offer Wireguard and re-create it when a connection is required), because Wireguard does not support any other method to dynamically handle clients (this feature might be implemented in the future) This dangerous pre-prepared static link does not exist at all in OpenVPN.

2) your real IP address is permanently stored by Wireguard even after you turn off your software or machine, because Wireguard is extremely limited and does not have any explicit-exit-notify or ping-timeout option (we will therefore force deletion and disconnections after some time there is no communications by the clients, even though this will cause some unexpected disconnections). OpenVPN does not need to do so because it realizes when one of the peers is no more there, even in UDP of course, so the real IP address for the socket etc. is immediately lost at disconnection.

3) Wireguard requires that the mentioned data is stored in files (we will keep them in RAM as usual, to mitigate the problem)

But yes, we will re-consider the whole matter, just in case. Additional re-checks in security fields are always good

Kind regards
 

Share this post


Link to post
Posted ... (edited)

Edit: See above response by Staff I overlooked.
Windows ipconfig /all reports a 1-year long DHCP lease on the internal VPN addresses. I've recently changed the OpenVPN access keys (and regenerated new configs) in Client Area and then I was assigned new internal IPs.
I agree that it's good to have because really a lot of programs only offer the option to bind to a specific IP, i.e. you need to have a static internal IP. However I fail to see what privacy concerns there are if the internal IP (DHCP lease) is tied to the access key?

Edited ... by Stalinium

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...