Jump to content
Not connected, Your IP: 18.218.127.141
AirVPN
Sign in to follow this  
Followers 0
aoeirntt

AirVPN, leak protection with Comodo settings, and the ability to access websites using IP assigned by ISP

By aoeirntt, ... in General & Suggestions

Recommended Posts

aoeirntt    0

aoeirntt
Posted ...

I've been reading several forum threads about DNS leaks, including the AirVPN staff's splendid thread about using Comodo to prevent DNS leaks and leaks in case of unexpected VPN disconnections (https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142)

 

As far as I can see, if I set up Comodo using the rules in the above mentioned thread, my computer won't be able to communicate through the internet unless I have an active AirVPN connection. While this suits me fine in most cases, it does become a problem when I need to access websites that are restricted to clients with an IP address within the IP ranges of national ISPs, i.e. when I want to stream broadcasts from the website of the national TV station. Please note that AirVPN doesn't have VPN servers located in my country.

 

It would be great to both use AirVPN with proper leak protection settings in Comodo, and, when needed, also be able to connect to certain websites using the IP address assigned by my ISP.

 

All tips are greatly appreciated!

Share this post

Link to post

NaDre    154

NaDre
Posted ...

I've been reading several forum threads about DNS leaks, including the AirVPN staff's splendid thread about using Comodo to prevent DNS leaks and leaks in case of unexpected VPN disconnections (https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=3405&Itemid=142)

 

As far as I can see, if I set up Comodo using the rules in the above mentioned thread, my computer won't be able to communicate through the internet unless I have an active AirVPN connection. While this suits me fine in most cases, it does become a problem when I need to access websites that are restricted to clients with an IP address within the IP ranges of national ISPs, i.e. when I want to stream broadcasts from the website of the national TV station. Please note that AirVPN doesn't have VPN servers located in my country.

 

It would be great to both use AirVPN with proper leak protection settings in Comodo, and, when needed, also be able to connect to certain websites using the IP address assigned by my ISP.

 

All tips are greatly appreciated!

 

If you want to be able to switch back and forth between using your native IP and the VPN you will probably have to think in terms of figuring out what network traffic you really want to have restricted to the VPN. These are presumably things that are listening for connections, since otherwise you can just avoid using the client programs that generate the traffic of concern while the VPN is not up. So you will have to set up firewall rules that address these specifically, while possibly reconfiguring the server programs that are listening for connections to use only the VPN IP interface and specific ports that can be referenced in the firewall rules.

Share this post

Link to post

aoeirntt    0

aoeirntt
Posted ...

Thanks for the feedback! I have two follow-up questions:

Question 1:
If I, as you suggest, configure Comodo to only allow traffic to and from i.e. my BitTorrent client to and from the TAP-Win adapter, as explained in this thread, I'll still have the problem of DNS leakage. This leads me to the following question: Does DNS leaks make it possible, for example for other BitTorrent users, to identify my real IP address assigned to me by my ISP when I'm using a BitTorrent client over AirVPN?

Question 2:
Given that I use the rules set out in the thead I mention in my first post, what if I make a global rule that allows traffic to and from the specific websites that require an IP national address. If this rule is placed above the rules that drop everything not coming from the TAP-Win adapter, wouldn't I be able to access these sites when I'm not connected to AirVPN?

Share this post

Link to post

NaDre    154

NaDre
Posted ...

...

Question 1:

If I, as you suggest, configure Comodo to only allow traffic to and from i.e. my BitTorrent client to and from the TAP-Win adapter, as explained in this thread, I'll still have the problem of DNS leakage. This leads me to the following question: Does DNS leaks make it possible, for example for other BitTorrent users, to identify my real IP address assigned to me by my ISP when I'm using a BitTorrent client over AirVPN?

...

 

Any  bit torrent peers you connect to will have no way to know how your DNS resolution do get there IP address was done. They will not see your IP address so long as the connection to them is made thru the VPN. They are not involved in DNS resolution (though your ISP is). The trick is in how to ensure that the VPN is the only way a connection to a peer will ever be made.

 

First, in order to leave your bit torrent client running using the VPN while you use your real IP interface for activities like web browsing (which seems to be what you want to do), you have to do a number of other things. I wrote a guide to doing this on Windows 7, using the firewall that comes with Windows:

 

https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/

 

If you are not using Windows you will have to adapt it. If you are using Windows but want to use Comodo as a firewall, I am sure you could do that, but I do not use Comodo.

 

But the stuff in my guide about how to configure your bit torrent clients and how to set up the routing table willl still certainly apply.

 

If you use Comodo, you may have to configure your bit torrent clients to use a fixed port for the connections they make to the outside world in order to be able to block that traffic by specifying the port. Someone familiar with Comodo may be able to help you with that.

Share this post

Link to post

JamesDean    10

JamesDean
Posted ...

I do an adaptation of both methods.

 

You can use Comodo to set Firefox to only connect to 10.4.0.0 - 10.9.255.255 and use the EXCLUDE box. You basically make the rule a block rule, but exclude the Air IP range. When you want to use the browser to connect via your real IP, you untick the exclude box when the VPN is shut down. That's one way.

 

Another, that I recently switched to, was to create an actual AirVPN rule for the TAP adapter MAC. Since you really can't toggle this type of rule on and off easily, I just installed a portable version of Firefox, that has no rule applied to it, to browse with from my real IP.

 

As long as you specify an actual DNS address for your normal NIC adapter in Windows, you should get no leaks - but test.

Share this post

Link to post

aoeirntt    0

aoeirntt
Posted ...

Thanks for all the tips!

 

I found a neat way to do this. Comodo supports different configurations, so it's possible to have a specific configuration for AirVPN use, and another specific configuration for when the ISP provided IP is needed. Switching between the different configurations can be done easily from the system tray icon.

Share this post

Link to post

resettler    0

resettler
Posted ...

I found a neat way to do this. Comodo supports different configurations, so it's possible to have a specific configuration for AirVPN use, and another specific configuration for when the ISP provided IP is needed. Switching between the different configurations can be done easily from the system tray icon.

 

Can you show me how it is done?

Share this post

Link to post

Flx11    10

Flx11
Posted ...

I've been reading several forum threads about DNS leaks, including the AirVPN staff's splendid thread about using Comodo to prevent DNS leaks and leaks in case of unexpected VPN disconnections (https://airvpn.org/i...3405&Itemid=142)


As far as I can see, if I set up Comodo using the rules in the above mentioned thread, my computer won't be able to communicate through the internet unless I have an active AirVPN connection.[CORRECT]


While this suits me fine in most cases, it does become a problem when I need to access websites that are restricted to clients with an IP address within the IP ranges of national ISPs, i.e. when I want to stream broadcasts from the website of the national TV station. Please note that AirVPN doesn't have VPN servers located in my country.[PICK A SERVER IN ANOTHER JURISDICTION CLOSE TO YOU THAT WOULD ALLOW YOU TO STREAM]


 


It would be great to both use AirVPN with proper leak protection settings in Comodo, and, when needed, also be able to connect to certain websites using the IP address assigned by my ISP.


[READY UP AT LEAST 2 BROWSERS of your preference]


1.CHROME-OUTGOING ONLY-it will allow all traffic to go through whatever active connection is present, if any else u'll get a conn error.


2.FIREFOX-create a Tap.mac rule all traffic "rerouted" by using mac address of virtual tap-32.


To Mr Moderator: Post my answers if considered of some value or send me a msg redo them, modify;change. 


Windows breaking your VPN connection/TAP adapters?!?---Windows Update problem or related?

 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...