Jump to content
Not connected, Your IP:

Search the Community

Showing results for tags 'prevention'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • AirVPN
    • News and Announcement
    • How-To
    • Databases
  • Community
    • General & Suggestions
    • Troubleshooting and Problems
    • Blocked websites warning
    • Eddie - AirVPN Client
    • Reviews
    • Other VPN competitors or features
    • Nonprofit
    • Off-Topic
  • Other Projects
    • IP Leak
    • XMPP
    • Mirrors

Product Groups

  • AirVPN Access
  • Coupons
  • Misc

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL







XMPP / Jabber




Found 1 result

  1. Hello! The idea of bringing this up is a result of many questions lately, that some devices or clients override OS settings and query their own DNS servers without the users permission. I would like to suggest a small enhancement, which will potentially prevent all user mistakes in the future, and will allow an even better VPN experience with less configuration. The idea is to have 2 additional options in the config generator section of the Client Area, where the user would be able to "opt-in" in case he wants the feature. One is something like "Force all applications use Air's VPN server", in which case you will have to add something like this: iptables -t nat -A PREROUTING -s -p udp --dport 53 -j DNAT --to iptables -t nat -A PREROUTING -s -p tcp --dport 53 -j DNAT --to The internal IP of the client is known to you, here is just examples of how I assume it should look on the server side. The second option in the Client Area, can be called something like "Prevent all potential DNS leaks, I will configure Air's DNS manually" Then, a rule like this can come in place: iptables -A OUTPUT -p udp -s -d --dport 53 -j ACCEPT iptables -A OUTPUT -p tcp -s -d --dport 53 -j ACCEPT iptables -A OUTPUT -p udp -s --dport 53 -j DROP iptables -A OUTPUT -p tcp -s --dport 53 -j DROP All the examples are made up, I am sure that a more elegant way of achieving this can take place, such as a special subnet for all users of each group. Today these methods are used in corporate VPNs mainly to enforce whitelisting/blacklisting of URLs, but I don't see a reason why we can't do the same here. Please share your comments zhang888
  • Create New...