Jump to content
Not connected, Your IP: 3.237.2.4
BobbyTee

Asus AX3000 new router OpenVPN DNS leak question

Recommended Posts

Hi guys

Just setup a new router for use with Airvpn. Followed their website instructions and all seems well. All devices report back vpn ip. 

I did wonder though how likely is a DNS and ip leak? How best prevent these from happening? Do router settings needs configuring and if so which settings and what should they be?

Also is it worth using Eddie client using another VPN  as well as having it setup on the router for the extra layer of protection?

Thanks

Share this post


Link to post
37 minutes ago, BobbyTee said:

I did wonder though how likely is a DNS and ip leak?


It's not about probability, it's either "yes, there is" or "no, there isn't". Did you check IPLeak to see if there are leaks?
 
38 minutes ago, BobbyTee said:

Also is it worth using Eddie client using another VPN  as well as having it setup on the router for the extra layer of protection?


Nope. First, because it's just feeding your felling of security without actually providing it, second, Tor is a better software for that, third, the CPU in your router likely won't be able to handle two such connections if you aim for throughput.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
Posted ... (edited)

Thanks for getting back. I have attached to the msg here a screenshot of the ipleak test. Does that look ok to you? I don't need to add any additional entries to the router configuration at all then no? No 10.1 DNS addresses or anything?

I did wonder if I may suddenly get a DNS leak though if maybe the VPN would cut out suddenly would expose my normal ip?  Just wondered the best way to prevent that but still using the router method.

Thanks again😊

Screenshot_20210914-161507_Chrome.jpg

Edited ... by BobbyTee

Share this post


Link to post
50 minutes ago, BobbyTee said:

Does that look ok to you?


IPLeak tells you if it's okay or not:
Quote

If you are now connected to a VPN and between the detected DNS you see your ISP DNS, then your system is leaking […].


So, your IP address above is 217 in Austria, the only DNS server is 217 in Austria. Question: Are you leaking DNS requests?

What you are leaking is your ISP IP in the browser via WebRTC. Click on the link there for possible solutions.

Have some faith in what you do, and don't panic about trifles. Even if you accidentally leak one or two DNS requests, it's not the end of your freedom or something. You're not living in North Korea. Besides, an IP address leak does far more harm, so look into the WebRTC leak you have when browsing while being connected.
 
55 minutes ago, BobbyTee said:

No 10.1 DNS addresses or anything?


OpenVPN pulls the appropriate 10.x.x.x DNS server itself. You can set the v4 and v6 DNS servers written on the Specs page explicitly, but then you lose all DNS functionality if you're not connected.
 
1 hour ago, BobbyTee said:

I did wonder if I may suddenly get a DNS leak though if maybe the VPN would cut out suddenly would expose my normal ip?


I don't quite understand the question. You want to know if it's possible that DNS leaks can cause IP address leaks?

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
5 hours ago, OpenSourcerer said:

What you are leaking is your ISP IP in the browser via WebRTC. Click on the link there for possible solutions.
 

Probably not, the screenshot is not extremely clear but it seems WebRTC test displays the private IP address of @BobbyTee system network interface (192.168.50.61). @BobbyTee - the ipleak test thus seems completely fine but please check the above anyway

Kind reg
ards
 

Share this post


Link to post

Well, I'm concerned because it's showing the local address of the physical NIC. If it would've been the tun address, all good.
By the way, if I do this test, I'm shown the private v4, too, alongside the v6 UGA. Are you expecting this to show people's public v4?


» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
Posted ... (edited)

Sorry for late response people. I have since upgraded to Merlin. Thank you for your recommendations there guys. I was having trouble with activating the config file on OpenVPN Client. However after removing these 2 lines of text from the config file (push-peer-info
setenv UV_IPV6 yes) the setting of the VPN was successfully enabled.

I have since then done a test on a Swedish VPN. Here are the results. Do these look ok? Are there any leaks? If there are how do i stop them? Thanks again!

Clearer pic here: https://i.imgur.com/2xuXdvu.png

screencapture-ipleak-net-2021-09-15-13_55_18.png

Edited ... by BobbyTee

Share this post


Link to post
17 hours ago, OpenSourcerer said:

By the way, if I do this test, I'm shown the private v4, too, alongside the v6 UGA. Are you expecting this to show people's public v4?


Hello!

Of course. That's the risk with WebRTC: the disclosure of the "real" IP address when you don't want that. The "noble" purpose is allowing two or more peers to connect directly with each other for video chats and so on. Each peer must know the public IP address of the other ones to accomplish the task. WebRTC (when it is active) provides developers with an API which can disclose it. See
https://webrtc.org/getting-started/peer-connections
and following docs.

https://webrtc.org/getting-started/peer-connections
Quote

Well, I'm concerned because it's showing the local address of the physical NIC.


As long as the local address is private and assigned by your home router, that's the only case of no concern.
 
Quote

If it would've been the tun address, all good.


With OpenVPN, disclosure of the tun address is not a concern, right, because we are unable to correlate a VPN IP address to a user when the connection is over.

But it's not all good in general, unfortunately: with Wireguard, disclosure of the tun address (the VPN IP address) is risky too, because of the bijection between client keys and static VPN IP addresses which Wireguard also mandates to replicate in a file on every server. Under this respect we can only mitigate the problem by randomizing IP addresses assigned to keys and deleting periodically the file entries when we suppose a client is no more connected (Wireguard lacks even the disconnection notification feature by explicit design). But in the whole time between deletions, we know who is who, and we must provide this information for example after a court order, which could also include prohibition to delete relevant data whereas it is an ACTIVE action that we (and not some third-party app) perform in spite of lack of technical necessity.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...