trekkie.forever 6 Posted ... To prevent leaks on accidental disconnections (without a packet filter), it would be nice to have the option of the AirVPN client become a SOCKS server similar to TOR so connections drop rather than continue on the regular internet connection on accidental disconnections. Possible? Quote Share this post Link to post
rchunter 1 Posted ... I would love to see Airvpn offer a separate socks5 proxy that is not part of the airvpn client. There are other vpn services that are offering it. No reason you guys can't also. I would definitely subscribe to your vpn service if you had it. 1 malcolminthemiddle reacted to this Quote Share this post Link to post
Staff 9973 Posted ... To prevent leaks on accidental disconnections (without a packet filter), it would be nice to have the option of the AirVPN client become a SOCKS server similar to TOR so connections drop rather than continue on the regular internet connection on accidental disconnections. Possible? Hello, if you run Linux you have the option of a much more elegant solution which has the same effect, does not need packet filtering, but at the same time does not put you under the performance and protocols limitations of a proxy: http://daniel-lange.com/archives/53-Binding-applications-to-a-specific-IP.html Just like you need to configure every single application to be tunneled over a proxy, you will need to launch every application you want to secure with an LD_PRELOAD shim to bind it to the VPN IP address. With Windows you can use ForceBindIP, unfortunately it does not work with every Windows version. Some more options (already available natively on every Air server): https://airvpn.org/sslhttps://airvpn.org/ssh Of course all of the above does not make sense in comparison to securing the connection with a packet filtering tool. Also, SSL/SSH services are aimed against OpenVPN connections disruptions. @rchunterAbout providing an external, pure SOCKS5 server... why do you need it, what would it be useful for? Kind regards Quote Share this post Link to post
rchunter 1 Posted ... Staff, I use it with utorrent. My main vpn connection is set up via tomato router with a gateway in the usa. But it would be nice to have access to a offshore socks5 sever that way when i'm running utorrent i'm protected from any disconnects while torrenting. There's a certain vpn company. I won't name names but they have socks5 Netherlands access. I'm sure you know who i'm refering to. Anyway, i'm just saying it would be nice if you guys did also. Something I hope you consider some day. Quote Share this post Link to post
Staff 9973 Posted ... Hello, for your purpose just bind uTorrent to your VPN IP address or write a couple of rules with a firewall and use a VPN, not a proxy. If privacy is your concern, a SOCKS proxy for p2p is not the appropriate tool. A SOCKS proxy by itself is a tool for circuit-level gateways and also for circumvention, it has nothing to do with privacy or data stream protection. First, there are several real IP addresses leak problems to be considered. These attacks: http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf and also the problem with UDP packets (through which a torrent client may communicate the real IP address to UDP trackers and/or to peers via DHT). Second, but maybe more important, your traffic is not encrypted, so your ISP and any Man In The Middle can see very well the whole p2p traffic you send out and receive and can profile your p2p activities, inspect the contents you share, inject forged packets, send you warnings etc. etc. It seems strange that a company advertises a SOCKS proxy as a privacy measure for torrent (or for anything else). Maybe it's a different service, in conjunction with SSH? Kind regards Quote Share this post Link to post
trekkie.forever 6 Posted ... I have seen a VPN company that uses a program that opens an SSH connection and the program opening the SSH connection also serves as a local SOCKS proxy so a BT client (or any program that can be) is now configured to use the local proxy (say 127.0.0.1) so connections in/out of the BT client are not routable if the SSH connection goes down. Seems to me an interesting way to protect from leaks. Quote Share this post Link to post
NaDre 157 Posted ... I have seen a VPN company that uses a program that opens an SSH connection and the program opening the SSH connection also serves as a local SOCKS proxy so a BT client (or any program that can be) is now configured to use the local proxy (say 127.0.0.1) so connections in/out of the BT client are not routable if the SSH connection goes down. Seems to me an interesting way to protect from leaks. I looked into these ideas a few months ago. I thought it might provide a convenient way to use the VPN/proxy only for bit torrent traffic. I looked in particular at the idea of running a SOCKS server(such as Dante) on my PC that was bound to the VPN IP address. I believe that neither uTorrent nor Vuze accept incoming connections through SOCKS5 when configured to use SOCKS5. They still listen for incoming connections via IP. So you still need to block these from coming in on the real interface. I also believe that few SOCKS servers support receiving incoming connections, even though this is specified in the protocol. If you are concerned at all about seeding back effectively, I believe you would be concerned about receiving incoming connections? In the end I decided that it would actually be simpler and more reliable to configure the bit torrent clients to use the VPN IP, block traffic on the real IP with the firewall and put back the real gateway by configuring the routing table appropriately. Quote Share this post Link to post
trekkie.forever 6 Posted ... Vuze states Proxy limitations here: http://wiki.vuze.com/w/Proxy_support so yes, as you state the SSH/SOCKS combination is not ideal in a P2P model. However, isn't SSH/SOCKS still a feasible way to prevent leaks for a broswer or chat client without a packet filter and without binding to interface? Quote Share this post Link to post
rchunter 1 Posted ... Hello, for your purpose just bind uTorrent to your VPN IP address or write a couple of rules with a firewall and use a VPN, not a proxy. If privacy is your concern, a SOCKS proxy for p2p is not the appropriate tool. A SOCKS proxy by itself is a tool for circuit-level gateways and also for circumvention, it has nothing to do with privacy or data stream protection. First, there are several real IP addresses leak problems to be considered. These attacks: http://hal.inria.fr/docs/00/47/15/56/PDF/TorBT.pdf and also the problem with UDP packets (through which a torrent client may communicate the real IP address to UDP trackers and/or to peers via DHT). Second, but maybe more important, your traffic is not encrypted, so your ISP and any Man In The Middle can see very well the whole p2p traffic you send out and receive and can profile your p2p activities, inspect the contents you share, inject forged packets, send you warnings etc. etc. It seems strange that a company advertises a SOCKS proxy as a privacy measure for torrent (or for anything else). Maybe it's a different service, in conjunction with SSH? Kind regards A lot of people don't need their bittorent traffic encrypted. Just hiding the IP is all that's needed in some cases. That's fine if you don't plan on offering it. I just thought i'd ask. Quote Share this post Link to post
Staff 9973 Posted ... I have seen a VPN company that uses a program that opens an SSH connection and the program opening the SSH connection also serves as a local SOCKS proxy so a BT client (or any program that can be) is now configured to use the local proxy (say 127.0.0.1) so connections in/out of the BT client are not routable if the SSH connection goes down. Seems to me an interesting way to protect from leaks. Hello, yes, the problems we talked about are pertaining to SOCKS proxies alone. You can have an equivalent security against leaks already now with AirVPN, without the limitations of SOCKS + SSH. See also NaDre's messages. Kind regards Quote Share this post Link to post
Staff 9973 Posted ... A lot of people don't need their bittorent traffic encrypted. Just hiding the IP is all that's needed in some cases. That's fine if you don't plan on offering it. I just thought i'd ask. Hello, understood, but as we said a SOCKS proxy alone is not a safe solution to hide your real IP address in a p2p torrent swarm or against "p2p enemies". Offering an external SOCKS5 proxy may be or may be not a nice plus, anyway we can't advertise it for p2p and it should not be used for it. We would provide a technically inadequate service (see also NaDre's posts) for such purpose, which would be not only against our mission, but also a sort of hoax against our customers. We're not interested in providing gullible people with bad solutions, moreover deceptive advertising is something we look at with disgust. That's why we are inquiring about what a SOCKS proxy would be useful for, if there's anything that a SOCKS proxy can offer that isn't already provided (in a proper way) by AirVPN. Kind regards Quote Share this post Link to post
rchunter 1 Posted ... If you offered it, and opened up your service to more than one connection at a time people could have a choice of using vpn and proxy at the same time. Like I said it's nice to have my vpn traffic on a us gateway so I can do my banking and other things. And at the same time be on a Netherlands proxy with utorrent. Quote Share this post Link to post
NaDre 157 Posted ... If you offered it, and opened up your service to more than one connection at a time people could have a choice of using vpn and proxy at the same time. Like I said it's nice to have my vpn traffic on a us gateway so I can do my banking and other things. And at the same time be on a Netherlands proxy with utorrent. You can do that without SOCKS: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ That guide is for Windows and Windows firewall, by the ideas should be adaptable to Comodo on Windows as the firewall, or to Linux or Mac. You may need to configure the torrent client to use a fixed port for outgoing traffic in order to block outgoing traffic on the real IP though. Quote Share this post Link to post
rchunter 1 Posted ... If you offered it, and opened up your service to more than one connection at a time people could have a choice of using vpn and proxy at the same time. Like I said it's nice to have my vpn traffic on a us gateway so I can do my banking and other things. And at the same time be on a Netherlands proxy with utorrent. You can do that without SOCKS: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ That guide is for Windows and Windows firewall, by the ideas should be adaptable to Comodo on Windows as the firewall, or to Linux or Mac. You may need to configure the torrent client to use a fixed port for outgoing traffic in order to block outgoing traffic on the real IP though. Yeah, well i'm still limited to only one connection using this service. If I want to use utorrent on a foreign gateway i'm stuck shutting it all down and switching to US any time I want to do my banking and other things. Not to mention being on a USA gateway is nice for your gaming and ping time. With a vpn AND proxy I can set the vpn to a usa gateway in my router and forget about it. Fire up utorrent with socks5 proxy and be downloading from a foreign gateway at the same time. Real simple real easy. That's really OK if you guys don't see the need. I'm just glad there are choices, and I don't think I will be switching services until AirVPN offers it;. Quote Share this post Link to post
NaDre 157 Posted ... If you offered it, and opened up your service to more than one connection at a time people could have a choice of using vpn and proxy at the same time. Like I said it's nice to have my vpn traffic on a us gateway so I can do my banking and other things. And at the same time be on a Netherlands proxy with utorrent. You can do that without SOCKS: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ That guide is for Windows and Windows firewall, by the ideas should be adaptable to Comodo on Windows as the firewall, or to Linux or Mac. You may need to configure the torrent client to use a fixed port for outgoing traffic in order to block outgoing traffic on the real IP though. Yeah, well i'm still limited to only one connection using this service. If I want to use utorrent on a foreign gateway i'm stuck shutting it all down and switching to US any time I want to do my banking and other things. Not to mention being on a USA gateway is nice for your gaming and ping time. With a vpn AND proxy I can set the vpn to a usa gateway in my router and forget about it. Fire up utorrent with socks5 proxy and be downloading from a foreign gateway at the same time. Real simple real easy. That's really OK if you guys don't see the need. I'm just glad there are choices, and I don't think I will be switching services until AirVPN offers it;. I had assumed in my response that you were in the U.S.. I am in neither the U.S. nor the U.K.. I have two memberships at AirVPN. One I use for P2P and nothing else (in the Netherlands as you say). Most of the time I use my real IP for everything else (while teh first connection is running). I can switch back and forth between using the VPN connection or my real IP by just running short cut to a .bat file (see the guide). On occasion, when I want to use a geo-restricted site in the U.K. or the U.S. that is not available via AirVPN's automatic re-routing from the Netherlands servers, I use the second connection to get at it, while still running the first connection for P2P. See the edit at the end of this post: https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=10326 Quote Share this post Link to post
rchunter 1 Posted ... If you offered it, and opened up your service to more than one connection at a time people could have a choice of using vpn and proxy at the same time. Like I said it's nice to have my vpn traffic on a us gateway so I can do my banking and other things. And at the same time be on a Netherlands proxy with utorrent. You can do that without SOCKS: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ That guide is for Windows and Windows firewall, by the ideas should be adaptable to Comodo on Windows as the firewall, or to Linux or Mac. You may need to configure the torrent client to use a fixed port for outgoing traffic in order to block outgoing traffic on the real IP though. Yeah, well i'm still limited to only one connection using this service. If I want to use utorrent on a foreign gateway i'm stuck shutting it all down and switching to US any time I want to do my banking and other things. Not to mention being on a USA gateway is nice for your gaming and ping time. With a vpn AND proxy I can set the vpn to a usa gateway in my router and forget about it. Fire up utorrent with socks5 proxy and be downloading from a foreign gateway at the same time. Real simple real easy. That's really OK if you guys don't see the need. I'm just glad there are choices, and I don't think I will be switching services until AirVPN offers it;. I had assumed in my response that you were in the U.S.. I am in neither the U.S. nor the U.K.. I have two memberships at AirVPN. One I use for P2P and nothing else (in the Netherlands as you say). Most of the time I use my real IP for everything else (while teh first connection is running). I can switch back and forth between using the VPN connection or my real IP by just running short cut to a .bat file (see the guide). On occasion, when I want to use a geo-restricted site in the U.K. or the U.S. that is not available via AirVPN's automatic re-routing from the Netherlands servers, I use the second connection to get at it, while still running the first connection for P2P. See the edit at the end of this post: https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=10326 Thank you. I'll look into this. But I guess it still means buying 2 connections. That's not ideal by any means.... Quote Share this post Link to post
trekkie.forever 6 Posted ... I have seen a VPN company that uses a program that opens an SSH connection and the program opening the SSH connection also serves as a local SOCKS proxy so a BT client (or any program that can be) is now configured to use the local proxy (say 127.0.0.1) so connections in/out of the BT client are not routable if the SSH connection goes down. Seems to me an interesting way to protect from leaks. Hello, yes, the problems we talked about are pertaining to SOCKS proxies alone. You can have an equivalent security against leaks already now with AirVPN, without the limitations of SOCKS + SSH. See also NaDre's messages. Kind regards I am looking for a solution to prevent leaks without dealing with routing tables and firewall configuration. My suggestion is to implement your SSH solution in reverse. Instead of creating an SSH tunnel and tunnelling OpenVPN through that, the option is to create an Open VPN tunnel and then run an SSH tunnel through the OpenVPN tunnel. The SSH tunnel program creates the local proxy so individual programs that need to be protected from leaks can be set to use the proxy.This removes the onus from the user and does not create specialized firewall rules that need to be changed if connected to a different network. An extra layer somewhat similar in theory to your OpenVPN over TOR idea. Quote Share this post Link to post
Staff 9973 Posted ... @trekkie.forever Good idea. You can anyway achieve the same purpose more quickly without SSH, therefore without sacrificing performance, and without firewall (see our previous post in this thread https://airvpn.org/topic/9594-airvpn-client-as-socks-proxy/?do=findComment&comment=10948 ). We are also working to study a possible implementation of IP binding in Eddie (the next client release). Kind regards Quote Share this post Link to post