demise 1 Posted ... How would I make myself anonymous to such softwares using OpenVPN? I've searched the web for information about what application protocol it uses, but I couldn't find out anything at all. In case you're curious, the reason I need to do this is because of censorship of online gambling in my country. Quote Share this post Link to post
iHabanCUeUtj 1 Posted ... That's next to impossible to answer without details to go on. If the thing you're trying to access is just a web application, the protocol is HTTP, with or without SSL. That and most other software you're likely to have probably communicates via Internet Protocol; IPv4 in this case. Assuming that, any applications you're using should be successfully anonymized via OpenVPN. If there are any question marks around the inherent security of the application you're trying to run, AirVPN can't help you. Even reasonably non-invasive software such as the Steam client gathers a fair amount of information about your machine and OS and sends it to Valve Software for statistical purposes. In theory, none of the information gathered is "personally identifying", but that's entirely up to whomever wrote the client. If you're not simply trying to access a web application via a browser, and you want to be absolutely sure what's going on, you're going to need a suitable network analysis tool, such as Wireshark, to observe any custom applications while they're in action. If you don't already have the expertise to operate Wireshark or other network inspection tools, it's not hard to teach yourself; preferably by analyzing lower-risk applications at work. Wireshark is freely available under an open-source license. Microsoft Network Monitor and its upcoming successor are free to download and use. There are many other free or paid applications and even hardware appliances along these lines. It's worth bearing in mind that, once you've successfully anonymized yourself via AirVPN or whatever other means, at least one party still knows who you are: the one you probably had to create an account with in order to use their application. When I create an account with some business to order a pizza, connecting through AirVPN no longer anonymizes me--for some purposes--whenever I log in to order a pizza. I've already identified myself to the operators of the website at the far end. If I didn't, no one would know where to deliver my pizza. I'm also creating records of what I'm doing if I pay for the pizza with a credit card. If you trust the remote site operators not to give you away, then, yes, you can anonymize yourself with AirVPN. Probably. You'll also need some sort of anomymous payment system, likely enough. Quote Share this post Link to post
demise 1 Posted ... So am I right in saying that OpenVPN affects the IP layer? Shouldn't it only affect either TCP or UDP? Quote Share this post Link to post
iHabanCUeUtj 1 Posted ... AirVPN, other OpenVPN providers, and generally most VPN software provide an IP-in-IP tunnel from somewhere to somewhere else, effectively replacing your ISP. This is useful if you do need some other protocol besides TCP or UDP. For instance, UDP-Lite is somewhat popular, and uses a different protocol number. See https://www.iana.org/assignments/protocol-numbers/protocol-numbers.txt for a full list of protocols operated over IP. I would be very startled to see anyone attempting to operate BGP over a VPN tunnel, but it's just possible you want to do something moderately unusual, such as IPv4-over-IPv4 (4), IPv6-over-IPv4 (41), DCCP (33), SCTP, (132), or GRE (Generic Routing Encapsulation) tunnels (47). GRE allows for some extremely unusual applications, like IBM's SNA--which is not routable. Quote Share this post Link to post
demise 1 Posted ... If most VPN software effectively acts as ISP, then why the the emphasis on DNS leaks? I understand the need to prevent disconnection leaks but not DNS leaks as the latter is very unlikely to take place. Is the prevention of DNS leaks on a "just in case" basis and usually application-specific? Quote Share this post Link to post
Staff 9972 Posted ... If most VPN software effectively acts as ISP, then why the the emphasis on DNS leaks? I understand the need to prevent disconnection leaks but not DNS leaks as the latter is very unlikely to take place. Is the prevention of DNS leaks on a "just in case" basis and usually application-specific?Hello!That's because Windows (the OS which suffers DNS leaks) lacks the concept of global DNS. Each interface in Windows can have different DNS servers IP addresses, which under some conditions can cause DNS leaks (i.e. DNS queries sent out unencrypted, outside the tunnel).Kind regards Quote Share this post Link to post
iHabanCUeUtj 1 Posted ... If most VPN software effectively acts as ISP, then why the the emphasis on DNS leaks? I understand the need to prevent disconnection leaks but not DNS leaks as the latter is very unlikely to take place. Is the prevention of DNS leaks on a "just in case" basis and usually application-specific? To amplify what the admin says: It's entirely possible to misconfigure Windows or else your <insert application here> to use DNS servers other than AirVPN's. It's also not inconceivable that Windows might cough up a bad DNS misconfiguration on its own. I've seen worse. (Disclaimer: the following is a somewhat unlikely scenario. --unless you get a malware infestation, in which case all bets are off.) Additionally, Windows software is under no requirement whatever to use Windows' own DNS resolution. Any application may carry its own DNS resolution library for performance or other reasons. Unfortunately, there's not much you can do about that without some time investment. It *is* possible to install BIND on Windows. (Or some other DNS service. Or run a local DNS resolver on another machine.) Then, configure BIND as a simple recursive--optionally, caching--resolver that always and only ever consults AirVPN's DNS servers. Set the resolver (again, BIND or whatever) as your nameserver for all interfaces. Then set firewall rules that prohibit applications other than BIND from establishing outgoing 53/tcp and 53/udp connections. (For the really paranoid: there's nothing at all preventing DNS queries against some port other than 53. It's just unlikely.) In theory, you can also accomplish this by mandating that all DNS queries are performed against your <cheap consumer router>'s DNS service, which is only ever configured to consult AirVPN's DNS servers. You'll lose DNS resolution if your VPN tunnel fails, though, and you'll have to be running OpenVPN (or similar) directly on the router. And, if you leave uPnP / DLNA / whatever enabled, any malware inside your perimeter can ask the <cheap consumer router> to please start using different DNS resolvers. And it will comply, because uPnP / DLNA do not implement any form of security at all. (Note that you may have other problems if there is malware inside your perimeter.) If you use the BIND solution, you can use a batch file or a PowerShell script or whatever sinks your ship to automate stopping BIND, swapping out config files, and restarting BIND. Then create a shortcut on your desktop so you can toggle DNS settings whenever you lose or purposely disconnect from AirVPN. Quote Share this post Link to post