Jump to content
Not connected, Your IP: 54.234.191.202
Sign in to follow this  
hambledonhill

Italian Warning pop up when using AirVPN over SSH

Recommended Posts

Hi,

 

Recently came across a possible security problem. I wanted to test how secure a connection using vpn over ssh was. I used the guidlines from AirVPN to establish VPN over SSH, all appears to work. On some security forums in Italy they suggested trying to connect to Motherless.com with no vpn you get the pop up warning of possible bad content. When connected just with VPN no pop up, but with VPN over SSH the pop up appears. Does this mean that the SSH or VPN connections are not Secure?

Share this post


Link to post

Hi,

 

OK I have tried this via Goole and direct URL both produce the pop up. I have tested this with a Dutch SSH/VPN and now a German one (Velorum).

Below is the output from routing table. As per instructions the ssh connection was started first then a second terminal as root for the vpn.

 

0.0.0.0/1 via 10.50.0.101 dev tun0
default via 192.168.1.1 dev wlan0  proto static
10.50.0.1 via 10.50.0.101 dev tun0
10.50.0.101 dev tun0  proto kernel  scope link  src 10.50.0.102
46.165.208.69 via 192.168.1.1 dev wlan0
127.0.0.1 via 192.168.1.1 dev wlan0
128.0.0.0/1 via 10.50.0.101 dev tun0
169.254.0.0/16 dev wlan0  scope link  metric 1000
192.168.1.0/24 dev wlan0  proto kernel  scope link  src 192.168.1.17  metric 9

Share this post


Link to post

Hello,

 

ok, now check how your system resolves that domain name (it should be IP 198.64.4...). If you get a different resolution, the DNS you are querying is poisoned (speculation: perhaps your system is querying your ISP DNS and your ISP has been obliged to poison its DNS and hijack its customers communications).

 

Are you running Windows? If so, please fix DNS leaks.

 

Your VPN DNS for OpenVPN over SSH can be 10.50.0.1 and 10.4.0.1

 

In all of this discussion, anyway, it's unclear why you're running OpenVPN over SSH, are you behind a very restrictive firewall, or your ISP is disrupting OpenVPN communications?

 

Kind regards

Share this post


Link to post

 

Hi,


 

When I have tried to ping or traceroute the address is resolved to 212.48.8.140 (This is in Italy) and the ping/traceroute fail. This is without ssh/vpn.

When connected to Velorum I can traceroute to the site but not ping...

When connected vpn over ssh (Velorum) ping fails, but traceroute produces the results below

 

traceroute to www.motherless.com (212.48.8.140), 30 hops max, 60 byte packets

1 10.50.0.1 (10.50.0.1) 58.254 ms 126.207 ms 126.211 ms

2 hosted.by.leaseweb.com (46.165.208.126) 126.180 ms 126.152 ms 126.110 ms

3 ffm-b10-link.telia.net (80.239.132.81) 180.598 ms 180.593 ms ffm-b11-link.telia.net (80.239.167.129) 180.558 ms

4 ffm-bb2-link.telia.net (213.155.131.224) 180.526 ms ffm-bb1-link.telia.net (80.91.251.249) 180.494 ms 180.457 ms

5 ffm-b12-link.telia.net (213.155.135.9) 180.603 ms ffm-b12-link.telia.net (213.155.132.209) 180.331 ms ffm-b12-link.telia.net (213.155.136.197) 180.412 ms

6 telecomitalia-ic-156443-ffm-b12.c.telia.net (213.248.68.190) 180.283 ms 58.059 ms 59.109 ms

7 * * *

8 * * *

 

With VPN only connected to Velorum, ping still fails, but traceroute work with the correct ip address

 

traceroute to www.motherless.com (198.64.4.17), 30 hops max, 60 byte packets

1 speedtest.air (10.4.0.1) 81.266 ms 85.424 ms 88.835 ms

2 rif-vlan3022.cust.teknikbyran.com (178.248.30.129) 93.172 ms 96.501 ms 99.076 ms

3 vl-3006-akb-cr1.link.teknikbyran.com (62.102.144.5) 103.571 ms 107.997 ms 110.478 ms

4 xe-0-0-5-teknikbyran.pe0.sto4.se.portlane.net (80.67.0.221) 114.730 ms 116.385 ms 121.040 ms

5 te-4-4-gblx.sto1.se.portlane.net (209.130.172.177) 125.424 ms 128.896 ms 130.242 ms

 

I have been trying to see if vpn over ssh does work, I use Ubuntu 13.04

Share this post


Link to post

Hi,

This is a website full of JavaScript and ajax links most hidden. It does drop OpenVpn direct TCP 443 connections. I didn't test udp or ssh. OpenVpn over SSL is the only one that holds. I have no Idea what other "goodies" it has to offer. I blocked it by IP(s) and hostname. Staff you should have websites like these blocked from server(s).

BTW pop-up the message  in italian transates to what?

Regards,

Flex 

Share this post


Link to post

Hi,

This is a website full of JavaScript and ajax links most hidden. It does drop OpenVpn direct TCP 443 connections.

 

Hello!

 

Well, no, it doesn't. And that's logical, since an end web-site has no way to know your type of connection to our servers (or to any other VPN service). Or maybe we are missing something here?

 

Kind regards

Share this post


Link to post

ok I'll test it again and make sure that 443 tcp connection will hold. hmmm.....without javascript the connection was ok but when JavaScript is enabled all the weirdness start to happen. Advance Member have you blocked it? and yes the Crucis tcp 443 did hold.

Share this post


Link to post

Hi,

 

So why can tranparent dns see what sites you go to if you have vpn over ssh? Any simple answers

 

The same way that AirVPN detects DNS leaks. Have you tried their DNS leak test when you have your configuration set up?

 

http://ipleak.net/

 

The mechanism is something like this. Bury a hidden link to a resource (perhaps a dummy image that never gets shown on the page) using a domain name generated just for this connection in the page you are viewing. Then watch to see what IP address the DNS look up for this resource comes from. The DNS server that receives these look up requests and the web browser must interact.

 

So if the connection to the page came from the U.S., but the DNS look up for the special resource comes from Italy, they know something is not as it should be.

Share this post


Link to post

@StudentStumps

 

So your system is not handling correctly DNS. Assuming it's some Linux distribution, do you have resolvconf or openresolv installed or not?

 

Kind regards

Share this post


Link to post

Hello,

 

if you have resolvconf installed please see here:

https://airvpn.org/topic/9747-dns-problem-can-only-connect-to-airvpnorg/?do=findComment&comment=11334

 

If you don't and you wish to install it:

 

sudo aptitude install resolvconf

 

If you don't want resolvconf package, just edit (as root) /etc/resolv.conf and add as first nameservers 10.4.0.1 and 10.50.0.1:

 

nameserver 10.4.0.1
nameserver 10.50.0.1

 

Kind regards

Share this post


Link to post

Hi, looked at this and I have got resolvconf installed. I have placed the

 

script-security 2
up /etc/openvpn/update-resolv-conf
down
/etc/openvpn/update-resolv-conf

 

into the .sh and .ovpn files for Velorum (DE), then tried to open the website in Firefox, it went there with no pop up...

Then used ipleak to test leakage and none shown, DNS = Germany.

 

Excellent many thanks.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...