Jump to content
Not connected, Your IP: 3.147.6.176
Sign in to follow this  
wugamuga

Easiest method to Block all non-VPN traffic for Mac OSX?

Recommended Posts

I'm a newbie and realize that when osx sleeps, Tunnelblick disconnects. When OSX comes out of sleep mode, utorrent and all other programs begin to run ALTHOUGH Tunnelblick takes a while to connect. So there is definitely non-VPN traffic occurring. Same when I initially boot up before Tunnelblick is running and connected.

What is the easiest method to prevent this?

I looked at the thread "Prevent leaks with *BSD, MacOSX & ipfw (thanks to jessez)" but it has 24 pages! Isn't there a simple step by step procedure that a newbie can follow without spending hours wading through these 24 pages of messages?

Also I had no idea that non-VPN traffic would occur after going through the procedure of installing/running Air VPN outlined in Enter -- > Choose your Setup -- MAC OSX. Recall I'm new to this.

Since not blocking non-VPN traffic can have serious consequences (I hope it does not for me, but I don't know), shouldn't a warning be very conspicuously issued describing the most common non-VPN traffic scenarios to warn customers such as me?

Thanks.

Share this post


Link to post

I looked at the thread "Prevent leaks with *BSD, MacOSX & ipfw (thanks to jessez)" but it has 24 pages! Isn't there a simple step by step procedure that a newbie can follow without spending hours wading through these 24 pages of messages?

Hello!

You don't need to read the whole thread... only this post: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=42&Itemid=142#2756

Also I had no idea that non-VPN traffic would occur after going through the procedure of installing/running Air VPN outlined in Enter -- > Choose your Setup -- MAC OSX. Recall I'm new to this.

We strongly recommend that you spend a couple of minutes to read the welcome e-mail and the FAQ.

Besides sending an e-mail to everybody at the subscription explaining all the points to use our service at best (including how to prevent leaks in case of unexpected VPN disconnection), with relevant links, publishing FAQ which focus also on the issue of preventing leaks in case of unexpected VPN disconnection, keeping a forum open to everyone (although moderated to prevent spam and trolling), putting permanent links on how to prevent leaks in the announcement section and answering ten thousand times to the same ten thousand identical questions... no, we have not planned anything else to make you aware that a VPN connection can drop unexpectedly just like any packet switching based connection. :D

Humor mode suffered by this admin tonight apart, please do not hesitate to contact us for any further information or support.

Kind regards

Share this post


Link to post

I looked at the thread "Prevent leaks with *BSD, MacOSX & ipfw (thanks to jessez)" but it has 24 pages! Isn't there a simple step by step procedure that a newbie can follow without spending hours wading through these 24 pages of messages?

Hello!

You don't need to read the whole thread... only this post: https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&limit=6&limitstart=42&Itemid=142#2756

Also I had no idea that non-VPN traffic would occur after going through the procedure of installing/running Air VPN outlined in Enter -- > Choose your Setup -- MAC OSX. Recall I'm new to this.

We strongly recommend that you spend a couple of minutes to read the welcome e-mail and the FAQ.

 

I agree -- and I did exactly that. But I DID NOT consider that when OSX goes to sleep or I shut the cover of my laptop that upon opening it or rebooting that there is a window where non-VPN traffic occurs. It didn't occur to me, I only considered that VPN might cut out which does not happen with a good connectoin. And I would think that I am not the only one who is exposed to this vulnerability. This non-VPN traffic defeats the whole purpose of Air VPN. I think Air VPN should, in their suggestion to spend a couple of minutes reading the welcome e-mail and the FAQ as you say -- would do their newbie customers a great service by adding, "for instance, if you close and reopen your laptop, or reboot -- YOU WILL HAVE NON-VPN traffic if you don't follow the following instructions: link.

Share this post


Link to post

Well, it is not working. I followed the instructions to a tee and after running the script, and disconnecting from Tunnelblick I have full internet access unhindered.

Here is the output from sudo ipfw -a list. The last line looks suspicious--this is the only and very same line that was output when I ran ipfw -a list BEFORE running the script sudo sh ./AirVPN-script.sh :

01000 0 0 allow log logamount 5000 udp from 192.168.0.0/16 to 94.75.228.29 dst-port 53 keep-state

01002 0 0 allow log logamount 5000 udp from 192.168.0.0/16 to 62.141.58.13 dst-port 53 keep-state

01004 0 0 allow log logamount 5000 udp from 192.168.0.0/16 to 87.118.100.175 dst-port 53 keep-state

01006 0 0 allow log logamount 5000 udp from 192.168.0.0/16 to 87.118.104.203 dst-port 53 keep-state

01008 0 0 allow log logamount 5000 udp from 192.168.0.0/16 to 87.118.109.2 dst-port 53 keep-state

02000 0 0 allow ip from 192.168.0.0/16 to 46.165.208.65 keep-state

02004 0 0 allow ip from 192.168.0.0/16 to 95.211.169.3 keep-state

02008 0 0 allow ip from 192.168.0.0/16 to 178.248.29.132 keep-state

02012 0 0 allow ip from 192.168.0.0/16 to 108.59.8.147 keep-state

02016 0 0 allow ip from 192.168.0.0/16 to 69.163.36.66 keep-state

02020 0 0 allow ip from 192.168.0.0/16 to 89.149.226.185 keep-state

02024 0 0 allow ip from 192.168.0.0/16 to 146.185.25.170 keep-state

02028 0 0 allow ip from 192.168.0.0/16 to 62.212.85.65 keep-state

02032 0 0 allow ip from 192.168.0.0/16 to 85.17.123.26 keep-state

02036 0 0 allow ip from 192.168.0.0/16 to 95.211.98.154 keep-state

04000 102 6438 allow ip from 127.0.0.1 to any

05000 4745 622522 allow log logamount 5000 ip from 10.0.0.0/8 to any

05002 4937 5209193 allow log logamount 5000 ip from any to 10.0.0.0/8

65534 22 8274 deny log logamount 5000 ip from any to any

65535 0 0 allow ip from any to any

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...