Jump to content
Not connected, Your IP: 54.85.255.74
clockworkpineapple

How to prevent computer from leaking on startup before Eddie is started and Network Lock can kick in?

Recommended Posts

Hi all,

 

I have a problem. When I start my computer, I have Eddie open automaticaly. However, I need to enter my password for Eddie to activate network lock. Before I've entered my password, my computer connects to the wifi normally and does its thing without using the VPN, which is an opportunity for all kinds of apps and connections to leak information. 

 

My question is, how do I activate Network Lock straight from boot, so there is no gap until the time I manage to enter my password?

 

Thanks in advance!

 

ps. I'm on High Sierra as well as 18.04

Share this post


Link to post

Currently, before another solution is suggested or a feature is added(which I would also like), you should disable networking or disable adapters and interfaces before you turn the PC off.

Share this post


Link to post

In reality though, by the time Eddie starts up and you input your keyring password is just a matter of 30 seconds or so. Check in your startup folder to see what's starting up at desktop boot and disable what you don't want connecting. Your probably going to want the update manager connecting obviously but you can select a delay time until Eddie connects. 

 

For Ubuntu systems there are a few things you could do. If you're familiar with ufw, you could set rules and configure iptables. Look in Ubuntu support forums for detailed instructions. This is the preferred method to manage in/out connections.

 

Also you could config nm under edit connections/wi-fi/method and set the ipv4 setting to automatically (dhcp) addresses only. This way nothing can connect online including update manager unless the vpn is connected. I've tried it and it works but I prefer use ufw rules to block connections.

Cannot recommend disabling adapters prior to shutdown, unless you want the extra effort of re-configuring after every boot and who knows what other kinds of bad behavior this might cause.

 

For Mac? sorry, no advice on proprietary systems.

Have fun

Share this post


Link to post

You could to settings and check "Activate Network Lock at startup". As soon as Eddie is running, the Network Lock will be enabled. 

Further, at least in my experience, if you to not close Eddie but just shut down the computer, Network Lock firewall rules remain be active until you start and then regularly close Eddie. (you can start Eddie even when you are not connected to the internet).

 

You could also disconnect from WIFI and disable “connect automatically”. In this case, your OS should not connect to the internet before you establish this connection manually.

Share this post


Link to post

In reality though, by the time Eddie starts up and you input your keyring password is just a matter of 30 seconds or so. Check in your startup folder to see what's starting up at desktop boot and disable what you don't want connecting. Your probably going to want the update manager connecting obviously but you can select a delay time until Eddie connects. 

 

For Ubuntu systems there are a few things you could do. If you're familiar with ufw, you could set rules and configure iptables. Look in Ubuntu support forums for detailed instructions. This is the preferred method to manage in/out connections.

 

Also you could config nm under edit connections/wi-fi/method and set the ipv4 setting to automatically (dhcp) addresses only. This way nothing can connect online including update manager unless the vpn is connected. I've tried it and it works but I prefer use ufw rules to block connections.

Cannot recommend disabling adapters prior to shutdown, unless you want the extra effort of re-configuring after every boot and who knows what other kinds of bad behavior this might cause.

 

For Mac? sorry, no advice on proprietary systems.

Have fun

 

When I say disable adapters, I mostly mean for ethernet on windows, you can't turn ethernet off so you have to disable it in the Network and Sharing Center. You can easily turn WiFi off though.

 

You could to settings and check "Activate Network Lock at startup". As soon as Eddie is running, the Network Lock will be enabled. 

Further, at least in my experience, if you to not close Eddie but just shut down the computer, Network Lock firewall rules remain be active until you start and then regularly close Eddie. (you can start Eddie even when you are not connected to the internet).

 

You could also disconnect from WIFI and disable “connect automatically”. In this case, your OS should not connect to the internet before you establish this connection manually.

 

Do you mean hold the button until it forcibly shuts down? I haven't tried that yet. I'll do it in a minute. If you don't mean this what do you mean? Windows complains that I have Eddie open and it's prohibiting me from closing it.

Yeah that's what I meant when I said disable adapters, read what I typed to the first quote.

Share this post


Link to post

Just ignore the Windows warning and shut down Windows the "normal way". In this case, Eddie will be closed by WIndows, but it seems that the firewall rules will "survive". You could just test it. However, I guess that always disconnecting and connecting from WIFI might be simpler.

Share this post


Link to post

Just ignore the Windows warning and shut down Windows the "normal way". In this case, Eddie will be closed by WIndows, but it seems that the firewall rules will "survive". You could just test it. However, I guess that always disconnecting and connecting from WIFI might be simpler.

 

That's how I've been doing it and it still didn't keep the rules.

Share this post


Link to post

May I offer a better solution, which you can customize on your OS any way you want to.  Just adjust my approach for your systems.  Here is what I do.  I am using Debian (Linux) for reference.  I have my UFW firewall permanently set to ON with a complete block of any activity outside of the adapter, which in my case is tun0.  That means that when I start the computer I have NO access online at all.  I can't even go on my LAN and access my router's Admin panel in the mode I use.  Its locked at this point, get it?  Now I start/mount Eddie which requires the sudo/Admin password and the Air client uses/replaces my firewall with the client's and keeps my original copy until I exit Eddie, at which time my ruleset is in play on the computer for when I start the computer next session.  Its not really too technical because the outstanding Eddie client does all the work for you behind the scenes.  It works flawlessly and when I exit Eddie my machine is totally locked from the internet.  It only takes me a few seconds to drop my UFW firewall if I want to use my LAN for router access, etc....  This would be something I suggest.  Let me highlight my belief that tons of home networks have so many devices on LAN it is a great idea to isolate your "privacy" computer from all devices.  This accomplishes that too!

Share this post


Link to post

May I offer a better solution, which you can customize on your OS any way you want to.  Just adjust my approach for your systems.  Here is what I do.  I am using Debian (Linux) for reference.  I have my UFW firewall permanently set to ON with a complete block of any activity outside of the adapter, which in my case is tun0.  That means that when I start the computer I have NO access online at all.  I can't even go on my LAN and access my router's Admin panel in the mode I use.  Its locked at this point, get it?  Now I start/mount Eddie which requires the sudo/Admin password and the Air client uses/replaces my firewall with the client's and keeps my original copy until I exit Eddie, at which time my ruleset is in play on the computer for when I start the computer next session.  Its not really too technical because the outstanding Eddie client does all the work for you behind the scenes.  It works flawlessly and when I exit Eddie my machine is totally locked from the internet.  It only takes me a few seconds to drop my UFW firewall if I want to use my LAN for router access, etc....  This would be something I suggest.  Let me highlight my belief that tons of home networks have so many devices on LAN it is a great idea to isolate your "privacy" computer from all devices.  This accomplishes that too!

I'll block EVERYTHING with Windows firewall and see what happens when I open it lol

Share this post


Link to post

Hi all,

 

I have a problem. When I start my computer, I have Eddie open automaticaly. However, I need to enter my password for Eddie to activate network lock. Before I've entered my password, my computer connects to the wifi normally and does its thing without using the VPN, which is an opportunity for all kinds of apps and connections to leak information. 

 

My question is, how do I activate Network Lock straight from boot, so there is no gap until the time I manage to enter my password?

 

Thanks in advance!

 

ps. I'm on High Sierra as well as 18.04

 

The OP didn't mention anything about Windows yet the discussion turned to Windows. Correct me if I'm wrong but isn't High Sierra Mac and 18.04 Ubuntu as stated in this post?

How does this help the OP at all?

 

And Jeremyx3 where do you get the power to tell people not to post suggestions or solutions?

 

If you are having issues with Windows then start a new post don't highjack someone else's. 

Share this post


Link to post
Guest

May I offer a better solution, which you can customize on your OS any way you want to. Just adjust my approach for your systems. Here is what I do. I am using Debian (Linux) for reference. I have my UFW firewall permanently set to ON with a complete block of any activity outside of the adapter, which in my case is tun0. That means that when I start the computer I have NO access online at all. I can't even go on my LAN and access my router's Admin panel in the mode I use. Its locked at this point, get it? Now I start/mount Eddie which requires the sudo/Admin password and the Air client uses/replaces my firewall with the client's and keeps my original copy until I exit Eddie, at which time my ruleset is in play on the computer for when I start the computer next session. Its not really too technical because the outstanding Eddie client does all the work for you behind the scenes. It works flawlessly and when I exit Eddie my machine is totally locked from the internet. It only takes me a few seconds to drop my UFW firewall if I want to use my LAN for router access, etc.... This would be something I suggest. Let me highlight my belief that tons of home networks have so many devices on LAN it is a great idea to isolate your "privacy" computer from all devices. This accomplishes that too!

Could you elaborate a little, I'm using linux and whilst trying to follow along with your suggestions I get stuck in gufw advanced section when it requires from and to ip's / ports. What should I be inserting in those fields? And where do I find the correct information? Thanks

Share this post


Link to post

 

Hi all,

 

I have a problem. When I start my computer, I have Eddie open automaticaly. However, I need to enter my password for Eddie to activate network lock. Before I've entered my password, my computer connects to the wifi normally and does its thing without using the VPN, which is an opportunity for all kinds of apps and connections to leak information. 

 

My question is, how do I activate Network Lock straight from boot, so there is no gap until the time I manage to enter my password?

 

Thanks in advance!

 

ps. I'm on High Sierra as well as 18.04

 

The OP didn't mention anything about Windows yet the discussion turned to Windows. Correct me if I'm wrong but isn't High Sierra Mac and 18.04 Ubuntu as stated in this post?

How does this help the OP at all?

 

And Jeremyx3 where do you get the power to tell people not to post suggestions or solutions?

 

If you are having issues with Windows then start a new post don't highjack someone else's. 

It's not tuned to that, someone else commented and basically led me here even though I made my own thread. I helped OP by suggesting turn networking off, usually at the top right Ubuntu. So I didn't just answer based on Windows, I said stuff about Windows because I use it and for anyone else reading the title that uses Windows looking for information.

 

When did I ever say anything like that?

 

Already did. See this. https://airvpn.org/topic/27877-eddie-network-lock-suggestion/

Share this post


Link to post

 

May I offer a better solution, which you can customize on your OS any way you want to. Just adjust my approach for your systems. Here is what I do. I am using Debian (Linux) for reference. I have my UFW firewall permanently set to ON with a complete block of any activity outside of the adapter, which in my case is tun0. That means that when I start the computer I have NO access online at all. I can't even go on my LAN and access my router's Admin panel in the mode I use. Its locked at this point, get it? Now I start/mount Eddie which requires the sudo/Admin password and the Air client uses/replaces my firewall with the client's and keeps my original copy until I exit Eddie, at which time my ruleset is in play on the computer for when I start the computer next session. Its not really too technical because the outstanding Eddie client does all the work for you behind the scenes. It works flawlessly and when I exit Eddie my machine is totally locked from the internet. It only takes me a few seconds to drop my UFW firewall if I want to use my LAN for router access, etc.... This would be something I suggest. Let me highlight my belief that tons of home networks have so many devices on LAN it is a great idea to isolate your "privacy" computer from all devices. This accomplishes that too!

Could you elaborate a little, I'm using linux and whilst trying to follow along with your suggestions I get stuck in gufw advanced section when it requires from and to ip's / ports. What should I be inserting in those fields? And where do I find the correct information? Thanks

 

Example:  on one of my family machines running Debian Stretch.  I use UFW (easier than IP tables but either will work).  Just setup UFW to block ALL traffic.  IN, OUT, no logging, etc....  In other words all and everything blocked.  Eddie will replace the tables and make a copy of it for when you log out.  Eddie will connect via tun0 on linux and use the protocols you setup in the preferences section of the client.  443, 80, etc.....  The network lock makes sure only traffic through Air passes into or out of the machine.  When you exit your UFW rules will be in place.  Instantly the computer is closed to all internet activity.  This is also true IF you break a connection during a session.  You are safe.  Hope this makes sense.

Share this post


Link to post
Guest

 

 

May I offer a better solution, which you can customize on your OS any way you want to. Just adjust my approach for your systems. Here is what I do. I am using Debian (Linux) for reference. I have my UFW firewall permanently set to ON with a complete block of any activity outside of the adapter, which in my case is tun0. That means that when I start the computer I have NO access online at all. I can't even go on my LAN and access my router's Admin panel in the mode I use. Its locked at this point, get it? Now I start/mount Eddie which requires the sudo/Admin password and the Air client uses/replaces my firewall with the client's and keeps my original copy until I exit Eddie, at which time my ruleset is in play on the computer for when I start the computer next session. Its not really too technical because the outstanding Eddie client does all the work for you behind the scenes. It works flawlessly and when I exit Eddie my machine is totally locked from the internet. It only takes me a few seconds to drop my UFW firewall if I want to use my LAN for router access, etc.... This would be something I suggest. Let me highlight my belief that tons of home networks have so many devices on LAN it is a great idea to isolate your "privacy" computer from all devices. This accomplishes that too!

Could you elaborate a little, I'm using linux and whilst trying to follow along with your suggestions I get stuck in gufw advanced section when it requires from and to ip's / ports. What should I be inserting in those fields? And where do I find the correct information? Thanks

Example: on one of my family machines running Debian Stretch. I use UFW (easier than IP tables but either will work). Just setup UFW to block ALL traffic. IN, OUT, no logging, etc.... In other words all and everything blocked. Eddie will replace the tables and make a copy of it for when you log out. Eddie will connect via tun0 on linux and use the protocols you setup in the preferences section of the client. 443, 80, etc..... The network lock makes sure only traffic through Air passes into or out of the machine. When you exit your UFW rules will be in place. Instantly the computer is closed to all internet activity. This is also true IF you break a connection during a session. You are safe. Hope this makes sense.

Makes perfect sense and a very easy option to set up compared to the way I'd been trying. Thanks for the help.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...