Jump to content


Photo

Network Lock


  • Please log in to reply
27 replies to this topic

#1 iflyskyhigh

iflyskyhigh

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 14 May 2015 - 12:35 PM

Can someone please explain Network Lock to me in layman terms? And why/when I would want to use it?

 

I read the FAQ on the subject, but I still don't quite get the purpose is or exactly what it does.

 

I am running OS X 10.3 and the Eddie 2.8.8.

 

Everything seems to be working as it should so I don't have a problem per se, I would just like to fully understand the AirVPN service and features.

 

Thanks



#2 Guest_Chaf_*

Guest_Chaf_*
  • Guests

Posted 14 May 2015 - 01:22 PM

Hey.

 

Network lock when activated sets your system firewall with rules that only let your traffic go through AirVpn servers.

In case of disconnection for whatever reason from the VPN, there are no known data leaks possible outside the VPN tunnel.

Network lock also protects you while connected of possible known data leaks such as DNS leaks, WebRTC...that occur on specific operating systems/configurations that would otherwise reveal your IP.



#3 iflyskyhigh

iflyskyhigh

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 14 May 2015 - 01:40 PM

Hey.

 

Network lock when activated sets your system firewall with rules that only let your traffic go through AirVpn servers.

In case of disconnection for whatever reason from the VPN, there are no known data leaks possible outside the VPN tunnel.

Network lock also protects you while connected of possible known data leaks such as DNS leaks, WebRTC...that occur on specific operating systems/configurations that would otherwise reveal your IP.

Okay. That helps. Thank you.

 

Does network lock adjust firewall settings on OS X behind the scenes? Because I looked at my firewall settings with the network lock active and didn't notice anything different.

 

So if the AirVPN client disconnects, for whatever reason, I'm no longer in the "tunnel", or protected correct? I get that. Seems pretty straight forward.

 

And if this happens and I have selected the network lock option at the bottom of the AirVPN client (right under the the connect button) then theoretically my Mac will think I no longer have a network connection at all until the AirVPN client reconnects to one of it's servers somewhere, correct?

 

So what I should see with network lock active and the AirVPN client disconnected for whatever reason should I try to open a website is the standard "no network connection" in Safari where the web page would be?

 

Even though I really am connected, the network lock is basically tricking the Mac thinking that no network connection exists to keep me from accidentally transmitting something I don't want too should I get disconnected from the AirVPN network?

 

Thanks for the your patients and help.

 

RM



#4 Guest_Chaf_*

Guest_Chaf_*
  • Guests

Posted 14 May 2015 - 04:24 PM

Put in simple words, all correct ;-)

 

As long as network lock is active you are protected against having data going out of the enrypted tunnel.

 

Network lock is not permanent though...If you exit the airvpn client, your original firewall settings are restored, but as long as the airvpn client is running and Network lock active, you are safe.



#5 bigfish9

bigfish9

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 04 June 2015 - 09:39 AM

I'm using 2.9.2 with Win8.1 and unfortunately the Network Lock does not appear to work as I had expected.

 

If it's activated at client start-up I've assumed that no internet activity would be permissible until a connection to AirVPN has been established. Am I wrong?

 

I can see the firewall rules are in place but can browse using my normal internet connection whilst the network lock is active.



#6 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 04 June 2015 - 09:45 AM

I'm using 2.9.2 with Win8.1 and unfortunately the Network Lock does not appear to work as I had expected.

 

If it's activated at client start-up I've assumed that no internet activity would be permissible until a connection to AirVPN has been established. Am I wrong?

 

 

Hello!

 

You're right.

 

I can see the firewall rules are in place but can browse using my normal internet connection whilst the network lock is active.

 

This is an unexpected and unobserved behavior. Do you have any other firewall installed in your system? Can we see the client logs, taken after Network Lock has been (allegedly) activated?

 

Kind regards



#7 ghostp

ghostp

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 04 June 2015 - 05:27 PM

This is an unexpected and unobserved behavior. Do you have any other firewall installed in your system? Can we see the client logs, taken after Network Lock has been (allegedly) activated?

 

Kind regards

 

 

I have the same problem. Air sets the network lock but I can browse the internet anyways with not connected to a VPN. Besides the windows firewall I'm also using GDATA Internet Security. I'm attaching my log file.

 

Hopefully you can fix it, otherwise the network lock is useless to me.

 

 

I 2015.06.04 19:19:30 - AirVPN client version: 2.9.2, System: Windows, Name: Microsoft Windows NT 6.2.9200.0, Architecture: x64
. 2015.06.04 19:19:30 - Reading options from C:\Users\ghost\AppData\Local\AirVPN\AirVPN.xml
. 2015.06.04 19:19:30 - Data Path: C:\Users\ghost\AppData\Local\AirVPN
. 2015.06.04 19:19:30 - App Path: C:\Program Files\AirVPN
. 2015.06.04 19:19:30 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe
. 2015.06.04 19:19:30 - Command line arguments (1): path="home"
. 2015.06.04 19:19:30 - Operating System: Microsoft Windows NT 6.2.9200.0
. 2015.06.04 19:19:30 - Updating systems & servers data ...
. 2015.06.04 19:19:31 - Systems & servers data update completed
I 2015.06.04 19:19:31 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.1
I 2015.06.04 19:19:31 - OpenVPN - Version: OpenVPN 2.3.6 (C:\Program Files\AirVPN\openvpn.exe)
I 2015.06.04 19:19:31 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)
I 2015.06.04 19:19:31 - SSL - Version: stunnel 5.09 (C:\Program Files\AirVPN\stunnel.exe)
! 2015.06.04 19:19:31 - Ready
I 2015.06.04 19:19:32 - Checking login ...
! 2015.06.04 19:19:32 - Logged in.
! 2015.06.04 19:19:41 - Activation of Network Lock - Windows Firewall
I 2015.06.04 19:19:52 - Session starting.
I 2015.06.04 19:19:52 - IPv6 disabled.
I 2015.06.04 19:19:52 - Checking authorization ...
! 2015.06.04 19:19:52 - Connecting to Rastaban (Sweden, Uppsala)
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:52 LOG5[7292]: stunnel 5.09 on x86-pc-mingw32-gnu platform
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:52 LOG5[7292]: Compiled/running with OpenSSL 1.0.1k 8 Jan 2015
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:52 LOG5[7292]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:52 LOG5[7292]: Reading configuration from file C:\Users\ghost\AppData\Local\AirVPN\7fcaca0a437e5af25fa0a55d7d3f4ce7f8af17ab948af79ea8fd893a6756a67a.tmp.ssl
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:52 LOG5[7292]: UTF-8 byte order mark not detected
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[7292]: Initializing service [openvpn]
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG5[7292]: Configuration successful
. 2015.06.04 19:19:53 - OpenVPN > OpenVPN 2.3.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [IPv6] built on Jan 12 2015
. 2015.06.04 19:19:53 - OpenVPN > library versions: OpenSSL 1.0.1k 8 Jan 2015, LZO 2.08
. 2015.06.04 19:19:53 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2015.06.04 19:19:53 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file
. 2015.06.04 19:19:53 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.06.04 19:19:53 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.06.04 19:19:53 - OpenVPN > Socket Buffers: R=[65536->65536] S=[65536->65536]
. 2015.06.04 19:19:53 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:6810 [nonblock]
. 2015.06.04 19:19:53 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:6810
. 2015.06.04 19:19:53 - OpenVPN > TCPv4_CLIENT link local: [undef]
. 2015.06.04 19:19:53 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:6810
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG5[6324]: Service [openvpn] accepted connection from 127.0.0.1:51406
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[6324]: s_connect: connecting 62.102.148.178:443
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG5[6324]: s_connect: connected 62.102.148.178:443
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG5[6324]: Service [openvpn] connected remote server from 192.168.178.38:51407
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[6324]: SNI: sending servername: 62.102.148.178
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[6324]: CERT: Locally installed certificate matched
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG5[6324]: Certificate accepted at depth=0: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[6324]: SSL connected: new session negotiated
. 2015.06.04 19:19:53 - SSL > 2015.06.04 19:19:53 LOG6[6324]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
. 2015.06.04 19:19:53 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:6810, sid=ee332349 500bcd95
. 2015.06.04 19:19:53 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2015.06.04 19:19:53 - OpenVPN > Validating certificate key usage
. 2015.06.04 19:19:53 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0
. 2015.06.04 19:19:53 - OpenVPN > VERIFY KU OK
. 2015.06.04 19:19:53 - OpenVPN > Validating certificate extended key usage
. 2015.06.04 19:19:53 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2015.06.04 19:19:53 - OpenVPN > VERIFY EKU OK
. 2015.06.04 19:19:53 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2015.06.04 19:19:54 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2015.06.04 19:19:54 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.06.04 19:19:54 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2015.06.04 19:19:54 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2015.06.04 19:19:54 - OpenVPN > Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA
. 2015.06.04 19:19:54 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]127.0.0.1:6810
. 2015.06.04 19:19:56 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2015.06.04 19:19:57 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.0.110 255.255.0.0'
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: LZO parms modified
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: route options modified
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2015.06.04 19:19:57 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2015.06.04 19:19:57 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
. 2015.06.04 19:19:57 - OpenVPN > open_tun, tt->ipv6=0
. 2015.06.04 19:19:57 - OpenVPN > TAP-WIN32 device [LAN-Verbindung] opened: \\.\Global\{9177F3DF-D2F7-432D-90C0-9E13F6A18897}.tap
. 2015.06.04 19:19:57 - OpenVPN > TAP-Windows Driver Version 9.21
. 2015.06.04 19:19:57 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.50.0.0/10.50.0.110/255.255.0.0 [SUCCEEDED]
. 2015.06.04 19:19:57 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.50.0.110/255.255.0.0 on interface {9177F3DF-D2F7-432D-90C0-9E13F6A18897} [DHCP-serv: 10.50.255.254, lease-time: 31536000]
. 2015.06.04 19:19:57 - OpenVPN > Successful ARP Flush on interface [12] {9177F3DF-D2F7-432D-90C0-9E13F6A18897}
. 2015.06.04 19:20:02 - OpenVPN > TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
. 2015.06.04 19:20:02 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 192.168.178.1
. 2015.06.04 19:20:02 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2015.06.04 19:20:02 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2015.06.04 19:20:02 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 192.168.178.1 MASK 255.255.255.255 192.168.178.1 IF 2
. 2015.06.04 19:20:02 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2015.06.04 19:20:02 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2015.06.04 19:20:02 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.50.0.1
. 2015.06.04 19:20:02 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2015.06.04 19:20:02 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2015.06.04 19:20:02 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.50.0.1
. 2015.06.04 19:20:02 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2015.06.04 19:20:02 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2015.06.04 19:20:02 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 62.102.148.178 MASK 255.255.255.255 192.168.178.1
. 2015.06.04 19:20:02 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
. 2015.06.04 19:20:02 - OpenVPN > Route addition via IPAPI succeeded [adaptive]
. 2015.06.04 19:20:02 - Starting Management Interface
. 2015.06.04 19:20:02 - OpenVPN > Initialization Sequence Completed
I 2015.06.04 19:20:02 - DNS of a network adapter forced (Qualcomm Atheros AR946x Wireless Network Adapter)
I 2015.06.04 19:20:02 - DNS of a network adapter forced (TAP-Windows Adapter V9)
I 2015.06.04 19:20:03 - Flushing DNS
I 2015.06.04 19:20:03 - Checking route
I 2015.06.04 19:20:04 - Checking DNS
! 2015.06.04 19:20:04 - Connected.
. 2015.06.04 19:20:04 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100
. 2015.06.04 19:20:04 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

 



#8 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 04 June 2015 - 06:03 PM

This is an unexpected and unobserved behavior. Do you have any other firewall installed in your system? Can we see the client logs, taken after Network Lock has been (allegedly) activated?

 

Kind regards

 

I have the same problem. Air sets the network lock but I can browse the internet anyways with not connected to a VPN. Besides the windows firewall I'm also using GDATA Internet Security. I'm attaching my log file.

 

 

Hello!

 

Running two firewalls at the same time will inevitably cause unpredictable behavior.

 

Kind regards



#9 altae

altae

    Advanced Member

  • Members
  • PipPipPip
  • 120 posts
  • LocationSwitzerland

Posted 04 June 2015 - 06:24 PM

But normally GDATA firewall disables the Windows firewall.



#10 ghostp

ghostp

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts

Posted 04 June 2015 - 07:17 PM

Hello!

 

Running two firewalls at the same time will inevitably cause unpredictable behavior.

 

Kind regards

 

GDATA disables Windows Firewall. So, only GDATA FW is running and it is not locked by air.

 

But normally GDATA firewall disables the Windows firewall.

 

Exactly!



#11 bigfish9

bigfish9

    Newbie

  • Members
  • Pip
  • 7 posts

Posted 04 June 2015 - 10:14 PM

Hi

 

Edit: Apologies, it would seem that even when Symantec Endpoint Protection is disabled it actually replaces the Windows Firewall. Uninstalled the network protection elements and Network Lock is now working..

 

Thanks.


Edited by bigfish9, 04 June 2015 - 10:42 PM.


#12 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 05 June 2015 - 12:01 AM

Hi

 

Edit: Apologies, it would seem that even when Symantec Endpoint Protection is disabled it actually replaces the Windows Firewall. Uninstalled the network protection elements and Network Lock is now working..

 

Thanks.

 

Hello!

 

This is a very important information, thank you!

 

Kind regards



#13 altae

altae

    Advanced Member

  • Members
  • PipPipPip
  • 120 posts
  • LocationSwitzerland

Posted 05 June 2015 - 12:43 PM

So what does this mean? The netlock feature only works with the Windows firewall? Do people that use other firewalls like GDATA, Symantec, Bitdefender etc. have to configure their firewalls manually in order to achieve the same lock as the netlock feature of the AirVPN client?



#14 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 05 June 2015 - 12:52 PM

So what does this mean? The netlock feature only works with the Windows firewall? Do people that use other firewalls like GDATA, Symantec, Bitdefender etc. have to configure their firewalls manually in order to achieve the same lock as the netlock feature of the AirVPN client?

 

Yes, definitely. Network Lock is a plug-in that (in Windows) sets Windows firewall rules. Please see also here:

https://airvpn.org/topic/12175-network-lock

 

Kind regards



#15 john.smith602

john.smith602

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 06 June 2015 - 12:12 PM

well, I use the client on Linux and Win7

 

I tested it in Win 7 with Comodo IS free default setting

If I enable Network Lock on Win 7 with Comodo active without making any setting on Comodo Firewall, I'm not able to connect, if I disable Network Lock then the browser will connect...



#16 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 06 June 2015 - 12:27 PM

well, I use the client on Linux and Win7

 

I tested it in Win 7 with Comodo IS free default setting

If I enable Network Lock on Win 7 with Comodo active without making any setting on Comodo Firewall, I'm not able to connect, if I disable Network Lock then the browser will connect...

 

Of course, that's expected. Running two firewalls at the same time will inevitably cause unpredictable behavior. You have two programs running with unlimited privileges which compete to access and modify the Network layer of the TCP/IP stack. Outcome of such competition is in most cases catastrophic under a security point of view.

 

Kind regards



#17 john.smith602

john.smith602

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 06 June 2015 - 04:48 PM

no, windows firewall is disabled, I've checked it

 

Comodo will disable himself windows firewall once you install it, if I'm not wrong



#18 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 06 June 2015 - 04:51 PM

no, windows firewall is disabled, I've checked it

 

In this case you can't use Network Lock. However, if Eddie can't enable Windows Firewall (when Network Lock is on) it will warn you.

 

Comodo will disable himself windows firewall once you install it, if I'm not wrong

 

Conflicts may arise and your experience seems to confirm that.

 

Kind regards



#19 john.smith602

john.smith602

    Newbie

  • New Members
  • Pip
  • 4 posts

Posted 06 June 2015 - 05:06 PM

sorry, you are right...

 

first time I've enabled Network Lock Eddie was warning me to put WF on manual in services as I deed without checking it while I was online, checking after disconnecting it was showing disable

 

now I've checked again while on line and WF it is Enabled...but I don't experience any problem yet, maybe because I don't use Win regularly?

 

so, what should I do, live Network Lock disabled?

 

I sow in the How to settings for Comodo Firewall but if you don't use Network Lock how Comodo will behave?

 

Regards



#20 lancelot48

lancelot48

    Member

  • Members
  • PipPip
  • 12 posts

Posted 11 June 2015 - 02:37 PM

Open Network Center, Click on "change Adapter Settings", You will see two "Network Connections". Go to the "Local Area Connection" annd double Click " "IPV4". Click the box "Obtain DNS Settings automatically. That's probably the problem. It still has the "Tap" setting DNS.

 

I do that when I can't access the net.







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13973 - BW: 50414 Mbit/sYour IP: 54.198.96.198Guest Access.