[SOLVED] DNS leak other than Comodo

[zaphod323 0]

Hi,

I've read the sticky about configuring Comodo and I tried to basically do that with ESET but it's too complicated in ESET and I can't seem to make it work. I haven't read anything good about Comodo's antivirus/antispam and I doubt I should just disable ESET's firewall and use the Comodo one because then I'd have two high level things running at once.

I note in one forum response you reply that if one wants to prevent DNS leaks one could set the primary and alternate dns to 10. something. Can you give directions on how to do that? I have Local Area Connection 1 which is my regular card and router, and Local Area Connection 2 which is the VPN one. I tried setting alternate configuration in IPv4 in the Local Area Connection but that didn't seem to work because I don't know which subnet mask to put or IP.

This is all pretty confusing. I have VPN watcher running but that just stops programs if the VPN disconnects, which does happen fairly often. VPnetmon doesn't work very well, and VPNCheckPro which plugs leaks automatically, evidently doesn't work with airVPN, even if I save some ovpn files and put them in the config of openVPN.

Basically I want to make sure I can securely connect without leaks to airVPN and use uTorrent. I've already read the Comodo huge list of instructions but I don't particularly want to download another whole security suite to use the VPN, unless you think the antivirus/spam/malware is good, too, in which case I suppose I could, if that's the easiest way to do this. I've already spent way too much time trying to make sure this thing doesn't leak. I like the feeling of security but am afraid it is a false feeling.

I have Windows 7 32 bit. Thanks for any help you can give me.

[Staff 9972]

Hi,

I've read the sticky about configuring Comodo and I tried to basically do that with ESET but it's too complicated in ESET and I can't seem to make it work. I haven't read anything good about Comodo's antivirus/antispam and I doubt I should just disable ESET's firewall and use the Comodo one because then I'd have two high level things running at once.

I note in one forum response you reply that if one wants to prevent DNS leaks one could set the primary and alternate dns to 10. something. Can you give directions on how to do that? I have Local Area Connection 1 which is my regular card and router, and Local Area Connection 2 which is the VPN one. I tried setting alternate configuration in IPv4 in the Local Area Connection but that didn't seem to work because I don't know which subnet mask to put or IP.

This is all pretty confusing. I have VPN watcher running but that just stops programs if the VPN disconnects, which does happen fairly often. VPnetmon doesn't work very well, and VPNCheckPro which plugs leaks automatically, evidently doesn't work with airVPN, even if I save some ovpn files and put them in the config of openVPN.

Basically I want to make sure I can securely connect without leaks to airVPN and use uTorrent. I've already read the Comodo huge list of instructions but I don't particularly want to download another whole security suite to use the VPN, unless you think the antivirus/spam/malware is good, too, in which case I suppose I could, if that's the easiest way to do this. I've already spent way too much time trying to make sure this thing doesn't leak. I like the feeling of security but am afraid it is a false feeling.

I have Windows 7 32 bit. Thanks for any help you can give me.

Hello!

In order to change DNS on Windows 7 please see here:

http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html

The DNS IP addresses you need to set on your physical interface after the connection to the VPN are:

10.4.0.1

10.5.0.1

About ESET, if you just wish to block ONLY your torrent client, maybe you can replicate a block rule for your p2p client, blocking for it any connection NOT coming from the IP range 10.4.0.0-->10.9.255.255.

Kind regards

[zaphod323 0]

Hello!

In order to change DNS on Windows 7 please see here:

http://www.sevenforums.com/tutorials/15037-dns-addressing-how-change-windows-7-a.html

The DNS IP addresses you need to set on your physical interface after the connection to the VPN are:

10.4.0.1

10.5.0.1

About ESET, if you just wish to block ONLY your torrent client, maybe you can replicate a block rule for your p2p client, blocking for it any connection NOT coming from the IP range 10.4.0.0-->10.9.255.255.

Kind regards

So...in this instance each time I connect to the VPN I'd have to go into the IPs and add those DNS IPs manually? I suppose in the place where they are putting the openDNS IPs. If I just put in the openDNS IPs in the first place, then use the VPN, would any DNS leaking just leak to openDNS IPs which would then be secure anyway? Sorry I'm a noob once we get into routing and what not.

How would I set a "block rule" in eset? I tried to set up a global rule that basically says to not allow anything, then set up another rule to let airvpn.exe work but run into problems trying to set up airvpn with that range into a trusted zone.

I'm also concerned I'm going to somehow break my home network messing with all this stuff. I have some fundamental gaps in my knowledge and am surprised I even have my home network running at all, wirelessly.

[zaphod323 0]

OK, I figured I'd try the Comodo thing and followed all the instructions. It doesn't seem to block anything whatsoever. I'm guessing that I made some mistakes where in your forum post you say things like:

6) Define a "Global Rule" which blocks everything:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any

The logging is important for troubleshooting if necessary.

And I am uncertain which MAC address you're talking about. I tried for global rule to block the MAC to my normal adapter.

Then for things like:

10) Do the same for any entry-IP address of the VPN servers you wish to connect to. For example for Leporis:

Allow TCP or UDP In/Out From IP 95.211.191.33 To MAC Any Where Source Port Is Any And Destination Port Is Any

Allow TCP or UDP In/Out From MAC Any To IP 95.211.191.33 Where Source Port Is Any And Destination Port Is Any

I used the MAC address for the VPN.

I am uncertain how to make Comodo generate a log or I'd post it. I did check that box.

DNSleaktest still just shows all my normal IPs. The really annoying thing is that when I first got the VPN and had eset I could swear that nothing had been leaking, and I hadn't changed anything. May just be a problem with Windows 7.

What is the next step? I feel like I need to be a network engineer to use this service; it's frustrating.

[Staff 9972]

OK, I figured I'd try the Comodo thing and followed all the instructions. It doesn't seem to block anything whatsoever. I'm guessing that I made some mistakes where in your forum post you say things like:

6) Define a "Global Rule" which blocks everything:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any

The logging is important for troubleshooting if necessary.

And I am uncertain which MAC address you're talking about. I tried for global rule to block the MAC to my normal adapter.

Then for things like:

10) Do the same for any entry-IP address of the VPN servers you wish to connect to. For example for Leporis:

Allow TCP or UDP In/Out From IP 95.211.191.33 To MAC Any Where Source Port Is Any And Destination Port Is Any

Allow TCP or UDP In/Out From MAC Any To IP 95.211.191.33 Where Source Port Is Any And Destination Port Is Any

I used the MAC address for the VPN.

Hello!

As you may have seen from the linked instructions, Comodo says "MAC Any" when you select "Any IP Address".

I am uncertain how to make Comodo generate a log or I'd post it. I did check that box.

Yes, that's the way to tell Comodo to generate logs for a rule when that rule is fired.

DNSleaktest still just shows all my normal IPs. The really annoying thing is that when I first got the VPN and had eset I could swear that nothing had been leaking, and I hadn't changed anything. May just be a problem with Windows 7.

Yes, DNS leaks are a typical Windows problem, because Windows lacks the concept of global DNS.

What is the next step? I feel like I need to be a network engineer to use this service; it's frustrating.

Maybe you need to re-read the global rules tutorial and guide?

Also, please send us the screenshots of your Comodo global rules and network zones.

Kind regards

[zaphod323 0]

OK, so I went back through and followed every instruction exactly, and double checked them. I made sure to put all the new rules above my Global Rule. Everything ends up being blocked. I can't browse the web or see anything. I try to connect to through the Air VPN client and I get a failed connection to remote host. I have all those rules you specified about connecting via the Air client and I added airvpn.org to my hosts file.

What's bizarre is that if I change the policy while I'm already connected for the Global Rule to "block" instead of doing it before hand, I can sometimes browse and even find 0 leaks at dnsleaks if I'm already on the page.

I tried using your contact form to send you screen shots but there doesn't seem to be a space for attachments. Hmm, the attachments link here lets me browse but I can't attach anything. I'm not normally this computer illiterate. Sorry.

[Staff 9972]

Hello!

The Network Zones look fine, please now attach also a Global Rules screenshot.

Kind regards

[zaphod323 0]

Please note that the GLobal Rule is green in the screenshot because I changed it to "Allow," as if I set it to "Block" I wouldn't even be posting here.

globalrules.gif

[Staff 9972]

Please note that the GLobal Rule is green in the screenshot because I changed it to "Allow," as if I set it to "Block" I wouldn't even be posting here.

Hello!

Unfortunately you renamed the rules, so it's impossible to see what they really state. You should restore all the original names (re-define the rules and do not rename them) in order to allow us to give you proper support.

Kind regards

[zaphod323 0]

Oops.

[Staff 9972]

Oops.

Hello!

Thank you.

The rule:

Allow And Log TCP or UDP In/Out From MAC Any To MAC Any...

must be deleted: it allows all TCP and UDP connections from/to anything.

The blocking rule is wrong, it must be:

Block IP In/Out From MAC Any To MAC Any Where Protocol Is Any

This will block anything that does not match the higher allow rules.

The rule

Allow All Incoming Requests If The Sender Is In [Home #1]

must be deleted.

The Allow rules from/to 69.163.36.106 will allow connections to Octantis.

Did you modify your hosts file?

Kind regards

[Staff 9972]

Please note that the GLobal Rule is green in the screenshot because I changed it to "Allow," as if I set it to "Block" I wouldn't even be posting here.

Hello!

Yes, that's correct, you must lose connectivity when you're not connected to the VPN. Your computer should be able ONLY to connect to Octantis. That's the purpose, in this way you prevent any leak. Now, if the connection to the VPN is impossible, maybe you did not modify properly your hosts file, can we see it?

Kind regards

[zaphod323 0]

Hi, well the rules you mentioned that needed changing:

The one that says allow actually gets turned to block, it's the global rule. (Allow and Log TCP and UDP In/out Mac to Mac). The other ones are just default rules that came with the install and are actually below that global rule so shouldn't be whitelisted per your instructions and would be ignored anyway, no? All the instructions said to put all the other stuff above the global rule. Should I delete all the ones below it, then?

[zaphod323 0]

I bet the problem was that my block rule said TCP/UDP not IP. I'll test it.

[Staff 9972]

Hi, well the rules you mentioned that needed changing:

The one that says allow actually gets turned to block, it's the global rule. (Allow and Log TCP and UDP In/out Mac to Mac). The other ones are just default rules that came with the install and are actually below that global rule so shouldn't be whitelisted per your instructions and would be ignored anyway, no? All the instructions said to put all the other stuff above the global rule. Should I delete all the ones below it, then?

Hello!

No, it's not necessary, those rules can never be evaluated.

Kind regards

[zaphod323 0]

Hmm, will let me connect to AirVPN but no web connectivity or anything else.

[Staff 9972]

I bet the problem was that my block rule said TCP/UDP not IP. I'll test it.

Hello!

That's unlikely, what about the hosts file?

Kind regards

[zaphod323 0]

Here's the hosts

[Staff 9972]

Hmm, will let me connect to AirVPN but no web connectivity or anything else.

Hello!

Can you please send us also the client logs?

Kind regards

[Staff 9972]

Here's the hosts

Hello!

The forum will not accept files without extension, please just copy & paste in a message the content of the hosts file.

Kind regards

[zaphod323 0]

Here are the event logs

[zaphod323 0]

hosts:

# Copyright © 1993-2009 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

85.17.207.151 airvpn.org

[Staff 9972]

Hello!

The hosts file is just fine. The event logs show that your system tries repeatedly to leak DNS queries sending them to 192.168.1.1 (your router DNS address), as if it could not resolve names through the tunnel. Once you're connected to the VPN, can you please try to:

- browse to https://airvpn.org

- open a command prompt and issue the following commands:

ping google.com

ping 8.8.8.8

ping 10.4.0.1

ping airvpn.org

and send us their output? Also, can you please send us your client logs?

Kind regards

[zaphod323 0]

It won't let me browse to airvpn.org.

My dos prompt stuff is attached.

I attached the client logs in the previous message, if the client logs are the output from COmodo.

EDIT: Forgot to ping airvpn.org first time, tried it and it is successful when block is on.

[zaphod323 0]

Oh you probably mean from event viewer. I'm not sure how to export them or which portions you need.