Anonymous_13 31 Posted ... The good aspects of AirVPN: - Incredible speed (I've never discovered any affect on my speed at all)- No limitation of bandwith which was a good reason for me to start with AirVPN- Easy to use config generator (Supports Windows, Linux, Mac, iOS + Routers)- Fast and friendly support Improvements should take on:(Basically it's all about: Not really user friendly) - See status update below- The client (perhaps with an optional feature to prevent DNS leak automatically by setting up the DNS server while connected) - See status update below- Not many guides about firewalls and routers are provided- Only a single client on the same time - See status update below What I've missed so far is a good point to start. I've expected the client would handle all the stuff, so I just need to launch it but sadly I need to hassle around with changing DNS server (only when connected), change it back (if not connected to the VPN anymore). Looking through the forum for a guide of my Router (not found) or for my Firewall (not found). - See status update below However, I would recommend AirVPN to everyone based on the low prices, the speed and the unlimited bandwith. Everything else is just a 'good to have'. //Edit: Status update on 08/21/13: It's time for a status update. After switching to Comodo Firewall and getting some help by the staff I've set up my global rules and DNS leaks are prevented as well as any other connection outside of the VPN by the firewall itself. That means I only need to run the AirClient and connect to a VPN anymore. What I've forgot to mention is that you can only connect with a single client on the same time. My computer is running 24/7 mostly likely but I would like to use AirVPN on my Iphone as well. Unlike other providers you MUST close the VPN connection on your computer to be able to login on your Iphone. Am I still satisfied? Absolutely yes! The support is incredible. They always take the time to answer your questions and explain lots of stuff and help you by all your problems. You need to spend a little bit of time on your personal set up but it's worth it. 1 vavavoom49 reacted to this Quote Share this post Link to post
Staff 9972 Posted ... Hi, actually there's a guide: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ see section "Routing Table Change to Block Outgoing Native Traffic" It does not depend on firewall. Kind regards Quote Share this post Link to post
Guest Posted ... I saw a post here mentioning "netsetman".It's free program and you can change the ip settings with a click. Makes that part easy Quote Share this post Link to post
Anonymous_13 31 Posted ... Thanks for the hint about netsetman, seems to work great. However it would be still great if everything is handled by the client itself.Even the linked tutorial seems to be a bit more complex. A user friendly method would be appreciated Quote Share this post Link to post
Staff 9972 Posted ... Hi, of course, of course. It's planned in the next client release (Eddie). Kind regards Quote Share this post Link to post
NaDre 157 Posted ... The contents of this post apply to Windows XP/Vista/7 (and probably 8), except that XP has no concept of "Administrator". ...What I've missed so far is a good point to start. I've expected the client would handle all the stuff, so I just need to launch it but sadly I need to hassle around with changing DNS server (only when connected), change it back (if not connected to the VPN anymore).... If you are connected to a router, then your native (i.e. non-VPN/original) IP interface is probably "Local Area Connection". If you are using wifi it may be something like "Wireless Network Connection". You will be able to see what the name of your interface is if you use this command:ipconfig /all You need to do this at a "command prompt", which you can bring up using "Start/All Programs/Accessories/Command Prompt". You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Command Prompt". This should produce something like this:C:\Users\user>ipconfig /all ... Ethernet adapter Local Area Connection 2: ... Description . . . . . . . . . . . : TAP-Windows Adapter V9 ... IPv4 Address. . . . . . . . . . . : 10.4.??.?2(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.252 Lease Obtained. . . . . . . . . . : October-15-13 9:11:06 PM Lease Expires . . . . . . . . . . : October-15-14 9:11:19 PM Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 10.4.??.?1 ... DNS Servers . . . . . . . . . . . : 10.4.0.1 ... Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR5BWB222 Wireless Network Adapter ... Ethernet adapter Local Area Connection: ... Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet ... IPv4 Address. . . . . . . . . . . : 192.168.1.63(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : October-15-13 9:02:29 PM Lease Expires . . . . . . . . . . : October-23-13 9:02:33 AM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 ... DNS Servers . . . . . . . . . . . : 192.168.1.254 ??.???.???.? ... In this case WiFi is not being used, and the real IP interface is "Local Area Connection". The IP interface with the "Description" value of "TAP-Windows Adapter V9" is the IP interface that OpenVPN uses. This is often (but not always) "Local Area Connection 2", as it is in this case. You can determine the correct DNS server to use (e.g. if you are using UDP on port 443 then use 10.4.0.1) from this page: https://airvpn.org/specs/ You can see what the DNS is set to for all interfaces using this command:netsh interface ip show dns This should produce something like this:C:\Users\user>netsh interface ip show dns ... Configuration for interface "Local Area Connection 2" DNS servers configured through DHCP: 10.4.0.1 Register with which suffix: Primary only ... Configuration for interface "Wireless Network Connection" DNS servers configured through DHCP: None Register with which suffix: Both primary and connection-specific Configuration for interface "Local Area Connection" DNS servers configured through DHCP: 192.168.1.254 ??.???.???.1 Register with which suffix: Primary only ... So the DNS server for the VPN connection is "10.4.0.1" in this case. The DNS for the VPN interface should already be set in accordance with the link above. What we want is for the DNS server for the "Local Area Connection" (or "Wireless Network Connection" if using WiFi) to be the same as for the VPN connection. Assuming that the real/non-VPN interface name is "Local Area Connection", and that the appropriate AirVPN DNS server is 10.4.0.1 (i.e. you are using UDP 443 for the OpenVPN tunnel), then when the VPN has come up, you can run this command as administrator:netsh interface ip set dns "Local Area Connection" static 10.4.0.1 You need to do this at an "administrator command prompt" that has administrator privilege, which you can bring up using "Start/All Programs/Accessories/Command Prompt, right-click, Run as Administrator". You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Administrator Command Prompt". That has taken care of DNS leaks. Now when the VPN goes down, assuming you let DHCP normally configure your DNS, you can run this command (again) as administrator:netsh interface ip set dns "Local Area Connection" dhcp And you are back to normal. For convenience, you can put these commands into ".bat" scripts and create short cuts to them with the "Run as administrator" property set. Add a "pause" statement at the end so the window will stay open for you to see the results. Assuming that you are using the GUI wrapper program (OpenVPN-GUI) for OpenVPN that comes with OpenVPN, rather than the AirVPN GUI wrapper program, and that you have generated, downloaded and installed the ".ovpn" configuration files that this needs then if you want to automate this, you can use an "up" script and "down" script with the OpenVPN connection. Towards this end add these lines to each ".ovpn" configuration file (using AirVPN's Configuration Generator for example):script-security 2 up '_up.bat' down '_down.bat' Then in the same folder where the ".ovpn" files are add the file "_up.bat" containing this:netsh interface ip set dns "Local Area Connection" static 10.4.0.1 And also in the same folder where the ".ovpn" files are add the file "_down.bat" containing this:netsh interface ip set dns "Local Area Connection" dhcp To check that your set up is working, use AirVPN's DNS leak test site: http://ipleak.net/ For documentation on the "netsh" command see: http://technet.microsoft.com/en-us/library/bb490943.aspx For documentation on directives that go into ".ovpn" files see: https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage ...Looking through the forum for a guide of my Router (not found) or for my Firewall (not found).... Hi, actually there's a guide: https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/ see section "Routing Table Change to Block Outgoing Native Traffic" It does not depend on firewall. Kind regards You can stop outgoing traffic going out of the native interface, in case the VPN fails, by removing the original non-VPN gateway entry from the routing table, after the VPN comes up. First you need to determine the IP address of this gateway. You can see what the original non-VPN gateway is using this command:route print This should produce something like this:C:\Users\user>route print ... Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.63 10 ...It is the "Gateway" value for the routing table entry with the "Network Destination" and "Netmask" values "0.0.0.0". In this case the gateway address is 192.168.1.254. Assuming the gateway address is 192.168.1.254, then you run this command as administrator after the VPN comes up:route delete 0.0.0.0 192.168.1.254 After the VPN comes down, and you have stopped whatever it is you do not want going out over the native interface (torrent clients?), you can restore the ability for traffic on the native interface by running this command as administrator:route add 0.0.0.0 mask 0.0.0.0 192.168.1.254 For convenience, you can put these commands into ".bat" scripts and create short cuts to them with the "Run as administrator" property set. Add a "pause" statement at the end so the window will stay open for you to see the results. Again, assuming that you are using the GUI wrapper program (OpenVPN-GUI) for OpenVPN that comes with OpenVPN, rather than the AirVPN GUI wrapper program, and that you have generated, downloaded and installed the ".ovpn" configuration files that this needs then if you want to automate this, the "route delete" could be added to the "_up.bat" script I described above if you want. But do not restore the gateway in the "_down.bat" script. Make sure the torrent clients (or whatever) have been stopped first. If you also ensure that no ports are being forwarded by your router and that UPnP is disabled in your router (so that programs cannot tell the router to forward ports), then you have blocked any possibility of non-VPN traffic on the native interface when you do not want it. See what staff tried to get you to look at if you want a more thorough explanation. UPDATE: There is another version of (the DNS leak part of) this post with a bit more information here: https://airvpn.org/topic/9289-dns-leaks-and-how-to-fix-them/?p=11603 There is another version of (the non-VPN traffic blocking part of) this post with a bit more information here: https://airvpn.org/topic/9797-blocking-non-vpn-traffic-without-firewall-using-routing-router/?p=11512 UPDATE 2: As discussed in the thread linked to above, when the DHCP "lease" period for your IP address expires, it seems that during the DHCP lease "renewal" process, Windows will restore the original gateway entry in the routing table. You can check when your lease will expire by looking in the output of the command "ipconfig /all". Before the lease expires, you could force a renewal using the command "ipconfig /renew", and then remove the default gateway entry again. Note that Windows will renew the lease "halfway through the lease period": http://technet.microsoft.com/en-us/library/cc958919.aspx UPDATE to UPDATE2: Originally I ignored an obvious solution here, and only discussed the option of setting up a static IP address. However I believe most routers will allow you to change the DHCP lease interval they use. I know for sure this is possible for the Actiontec V1000H and the ASUS RT-N56U. I suggest setting this as high as possible, or up to a year. If you decide to use a static IP address on your PC, you should ensure that your router does not feel free to allocate the same IP address to other devices, as this would cause great grief on your LAN (this happened to me once). Your router should allow you to set the range of IP addresses that it will allocate from. It should also allow you to allocate a fixed IP address to a particular MAC address. The Actiontec V1000H calls this "DHCP Reservation". The ASUS RT-N56U calls this "Manually Assigned IP around the DHCP list". You can use the real MAC for your PC as shown by "ipconfig /all":C:\Users\user>ipconfig /all Windows IP Configuration ... Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : ... Physical Address. . . . . . . . . : 08-ED-B9-13-21-43 ... The MAC address is the "Physical Address", except that your router may want ":" in place of "-". Or just make up one to stop that address from being given out. UPDATE 3: Note that removing the original non-VPN gateway entry from the routing table will also stop the WebRTC leak. See this post: https://airvpn.org/topic/13519-webrtc-vulnerability/?p=24989 1 amnesty reacted to this Quote Share this post Link to post
amnesty 18 Posted ... script-security 2 up '_up.bat' down '_down.bat' I'm not any good at scripting so I borrowed Jeremy's (dnsleaktest dot com) and I created a batch file to use what NaDre posted and the Preconnect/Connect/Disconnect Scripts feature of OpenVPN. I wasn't sure where to post it but this looks like a decent place. I use this after I generate a new set of OpenVPN configuration files. I just leave the batch file in a directory I use for downloads, run it there and move the files (*.ovpn, _up.bat, _down.bat) to%Program Files%\OpenVPN\config. EDIT: Note- Need modify access to directory where running batch file. @echo off REM ************************************************************************** REM * OpenVPN Leakfix batch file generater * REM * This script generates batch files to prevent DNS and application leaks * REM * * REM * Execute this file once for every set of .ovpn files you create * REM * Execute this in a directory you have write access too * REM * It will generate 2 batch files per OpenVPN configuration file * REM * '_up.bat', '_down.bat' * REM ************************************************************************** REM *************************************************** REM * NOTE: 'Check DHCP Lease time'. * REM * 'Routes added back upon lease renewal'. * REM * 'Clients begin to attempt to renew their leases'* REM * 'once half the lease interval has expired'. * REM * 'Lease time for 1 year = 31536000' * REM *************************************************** REM *************************************************** REM * You can safely query 10.4.0.1 regardless of * REM * the port your system connects to. * REM * There is no additional latency at all. * REM *************************************************** REM ************************* REM * Generates batch files * REM ************************* setLocal for /f "tokens=*" %%b IN ('dir /b *.ovpn') do ( REM ********************************** REM * DNS Leak Fix - Create *_up.bat * REM ********************************** echo ipconfig /flushdns>> %%~nb_up.bat REM *************************************************** REM * ENTER SELECTED DNS IP ADDRESS AND IP INTERFACE: * REM *************************************************** echo netsh interface ip set dns "Wireless Network Connection" static 10.4.0.1>> %%~nb_up.bat REM ********************************************************************************** REM * unREMark the following line if you have a second interface enabled on machine: * REM ********************************************************************************** REM echo netsh interface ip set dns "Local Area Connection" static 10.4.0.1>> %%~nb_up.bat REM **************************************************** REM * Application Leak Fix - ENTER YOUR DEFAULT ROUTE: * REM **************************************************** echo route delete 0.0.0.0 192.168.n.n>> %%~nb_up.bat REM ************************************************************* REM * unREMark the following line if you have a second gateway: * REM ************************************************************* REM echo route delete 0.0.0.0 192.168.n.n>> %%~nb_up.bat echo @pause>> %%~nb_up.bat REM ************************************************************ REM * Restore DHCP settings - Create *_down.bat * REM * ENTER IP INTERFACE * REM * DO NOT PLACE ROUTE ADD HERE. MANUALLY ADD Routes BACK: * REM ************************************************************ echo ipconfig /flushdns>> %%~nb_down.bat echo netsh interface ip set dns "Wireless Network Connection" dhcp>> %%~nb_down.bat REM ************************************************************************** REM * unREMark the following line if you have a second interface on machine: * REM ************************************************************************** REM echo netsh interface ip set dns "Local Area Connection" dhcp>> %%~nb_down.bat echo @Echo *******************************>> %%~nb_down.bat echo @Echo ***** Add Routes Back ***>> %%~nb_down.bat echo @Echo *******************************>> %%~nb_down.bat echo @pause>> %%~nb_down.bat ) Quote Share this post Link to post