Jump to content
Not connected, Your IP: 3.15.26.231
Sign in to follow this  
henkie

ANSWERED Using browser with AND without VPN

Recommended Posts

I've tried to find an answer to this in the forums but haven't been able to, so here goes:

 

I have a setup now where my Windows 7 Firewall ensures that uTorrent is only able to communicate when the VPN is up. I would like my browsers to be able to connect to the internet regardless of whether the VPN is up though. I can't seem to make this work.

 

If I put the AirVPN DNS addresses in my Windows network settings, my browsers can't use the internet when VPN is off. Is there anything I can do about this?

Share this post


Link to post

I've tried to find an answer to this in the forums but haven't been able to, so here goes:

 

I have a setup now where my Windows 7 Firewall ensures that uTorrent is only able to communicate when the VPN is up. I would like my browsers to be able to connect to the internet regardless of whether the VPN is up though. I can't seem to make this work.

 

If I put the AirVPN DNS addresses in my Windows network settings, my browsers can't use the internet when VPN is off. Is there anything I can do about this?

 

This is what I do:

 

https://airvpn.org/topic/9289-dns-leaks-and-how-to-fix-them/?do=findComment&comment=9978

 

I run my own DNS server (BIND - http://www.isc.org/downloads/bind/). I run it as a DNS resolver when not using the VPN (avoiding my ISP's DNS servers) and as a forwarder (to AirVPN's DNS servers) when using the VPN.

Share this post


Link to post

I've tried to find an answer to this in the forums but haven't been able to, so here goes:

 

I have a setup now where my Windows 7 Firewall ensures that uTorrent is only able to communicate when the VPN is up. I would like my browsers to be able to connect to the internet regardless of whether the VPN is up though. I can't seem to make this work.

 

If I put the AirVPN DNS addresses in my Windows network settings, my browsers can't use the internet when VPN is off. Is there anything I can do about this?

 

I posted this information in another post:

 

https://airvpn.org/topic/9787-the-pros-and-the-cons/?p=11501

 

But perhaps I should have added it here.

 

If you do not want to install BIND (as I do), you could also switch the DNS server for your native IP interface "on the fly" instead.

 

If you are connected to a router, then your native (i.e. non-VPN/original) IP interface is probably "Local Area Connection". If you are using wifi it may be something like "Wireless Network Connection". You will be able to see what the name of your interface is if you use this command:

ipconfig /all

You need to do this at a "command prompt", which you can bring up using "Start/All Programs/Accessories/Command Prompt". You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Command Prompt". This should produce something like this:

C:\Users\user>ipconfig /all
...
Ethernet adapter Local Area Connection 2:
   ...
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   ...
   IPv4 Address. . . . . . . . . . . : 10.4.??.?2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : October-15-13 9:11:06 PM
   Lease Expires . . . . . . . . . . : October-15-14 9:11:19 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.4.??.?1
   ...
   DNS Servers . . . . . . . . . . . : 10.4.0.1
   ...
Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5BWB222 Wireless Network Adapter
   ...
Ethernet adapter Local Area Connection:
   ...
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   ...
   IPv4 Address. . . . . . . . . . . : 192.168.1.63(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : October-15-13 9:02:29 PM
   Lease Expires . . . . . . . . . . : October-23-13 9:02:33 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   ...
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       ??.???.???.?
   ...

In this case WiFi is not being used, and the real IP interface is "Local Area Connection". The IP interface with the "Description" value of "TAP-Windows Adapter V9" is the IP interface that OpenVPN uses. This is often (but not always) "Local Area Connection 2", as it is in this case.

 

You can determine the correct DNS server to use (e.g. if you are using UDP on port 443 then use 10.4.0.1) from this page:

 

https://airvpn.org/specs/

 

You can see what the DNS is set to for all interfaces using this command:

netsh interface ip show dns

 This should produce something like this:

C:\Users\user>netsh interface ip show dns
...
Configuration for interface "Local Area Connection 2"
    DNS servers configured through DHCP:  10.4.0.1
    Register with which suffix:           Primary only
...
Configuration for interface "Wireless Network Connection"
    DNS servers configured through DHCP:  None
    Register with which suffix:           Both primary and connection-specific

Configuration for interface "Local Area Connection"
    DNS servers configured through DHCP:  192.168.1.254
                                          ??.???.???.1
    Register with which suffix:           Primary only
...

So the DNS server for the VPN connection is "10.4.0.1" in this case.

 

The DNS for the VPN interface should already be set in accordance with the link above. What we want is for the DNS server for the "Local Area Connection" (or "Wireless Network Connection" if using WiFi) to be the same as for the VPN connection.

 

Assuming that the real/non-VPN interface name is "Local Area Connection", and that the appropriate AirVPN DNS server is 10.4.0.1 (i.e. you are using UDP 443 for the OpenVPN tunnel), then when the VPN has come up, you can run this command as administrator:

netsh interface ip set dns "Local Area Connection" static 10.4.0.1

You need to do this at an "administrator command prompt" that has administrator privilege, which you can bring up using "Start/All Programs/Accessories/Command Prompt, right-click, Run as Administrator". You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Administrator Command Prompt".

 

That has taken care of DNS leaks. Now when the VPN goes down, assuming you let DHCP normally configure your DNS (as is the default for Windows), you can run this command (again) as administrator:

netsh interface ip set dns "Local Area Connection" dhcp

And you are back to normal.

 

For convenience, you can put these commands into ".bat" scripts and create short cuts to them with the "Run as administrator" property set. Add a "pause" statement at the end so the window will stay open for you to see the results.

 

If you want to automate this, you can use an "up" script and "down" script with the OpenVPN connection.

 

NOTE:

 

In what follows, it is assumed that you are using the GUI wrapper program (OpenVPN-GUI) for OpenVPN that comes with OpenVPN, rather than the AirVPN GUI wrapper program. And that you have generated, downloaded and installed the ".ovpn" configuration files that this needs.

 

Towards this end add these lines to each ".ovpn" configuration file (using AirVPN's Configuration Generator for example):

script-security 2
up '_up.bat'
down '_down.bat'

Then in the same folder where the ".ovpn" files are add the file "_up.bat" containing this:

netsh interface ip set dns "Local Area Connection" static 10.4.0.1

And also in the same folder where the ".ovpn" files are add the file "_down.bat" containing this:

netsh interface ip set dns "Local Area Connection" dhcp

To check that your set up is working, use AirVPN's DNS leak test site:

 

http://ipleak.net/

 

For documentation on the "netsh" command see:

 

http://technet.microsoft.com/en-us/library/bb490943.aspx

 

For documentation on directives that go into ".ovpn" files see:

 

https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage

 

UPDATE:

 

This is also posted (with a bit more information) here:

 

https://airvpn.org/topic/9289-dns-leaks-and-how-to-fix-them/?p=11603

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...