Jump to content
Not connected, Your IP: 18.188.91.223
Anonymous_13

The pro's and the con's

Recommended Posts

The good aspects of AirVPN:

 

- Incredible speed (I've never discovered any affect on my speed at all)

- No limitation of bandwith which was a good reason for me to start with AirVPN

- Easy to use config generator (Supports Windows, Linux, Mac, iOS + Routers)

- Fast and friendly support

 

Improvements should take on:

(Basically it's all about: Not really user friendly) - See status update below

- The client (perhaps with an optional feature to prevent DNS leak automatically by setting up the DNS server while connected) - See status update below

- Not many guides about firewalls and routers are provided

- Only a single client on the same time - See status update below

 

What I've missed so far is a good point to start. I've expected the client would handle all the stuff, so I just need to launch it but sadly I need to hassle around with changing DNS server (only when connected), change it back (if not connected to the VPN anymore). Looking through the forum for a guide of my Router (not found) or for my Firewall (not found). - See status update below

 

However, I would recommend AirVPN to everyone based on the low prices, the speed and the unlimited bandwith. Everything else is just a 'good to have'.

 

//Edit: Status update on 08/21/13:

 

It's time for a status update. After switching to Comodo Firewall and getting some help by the staff I've set up my global rules and DNS leaks are prevented as well as any other connection outside of the VPN by the firewall itself. That means I only need to run the AirClient and connect to a VPN anymore.

 

What I've forgot to mention is that you can only connect with a single client on the same time. My computer is running 24/7 mostly likely but I would like to use AirVPN on my Iphone as well. Unlike other providers you MUST close the VPN connection on your computer to be able to login on your Iphone.

 

Am I still satisfied? Absolutely yes! The support is incredible. They always take the time to answer your questions and explain lots of stuff and help you by all your problems. You need to spend a little bit of time on your personal set up but it's worth it.

Share this post


Link to post
Guest

I saw a post here mentioning "netsetman".

It's free program and you can change the ip settings with a click. Makes that part easy

Share this post


Link to post

Thanks for the hint about netsetman, seems to work great. However it would be still great if everything is handled by the client itself.

Even the linked tutorial seems to be a bit more complex. A user friendly method would be appreciated

Share this post


Link to post

The contents of this post apply to Windows XP/Vista/7 (and probably 8), except that XP has no concept of "Administrator".

 

...

What I've missed so far is a good point to start. I've expected the client would handle all the stuff, so I just need to launch it but sadly I need to hassle around with changing DNS server (only when connected), change it back (if not connected to the VPN anymore).

...

 

If you are connected to a router, then your native (i.e. non-VPN/original) IP interface is probably "Local Area Connection". If you are using wifi it may be something like "Wireless Network Connection". You will be able to see what the name of your interface is if you use this command:

ipconfig /all
You need to do this at a "command prompt", which you can bring up using "Start/All Programs/Accessories/Command Prompt".  You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Command Prompt". This should produce something like this:
C:\Users\user>ipconfig /all
...
Ethernet adapter Local Area Connection 2:
   ...
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   ...
   IPv4 Address. . . . . . . . . . . : 10.4.??.?2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : October-15-13 9:11:06 PM
   Lease Expires . . . . . . . . . . : October-15-14 9:11:19 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.4.??.?1
   ...
   DNS Servers . . . . . . . . . . . : 10.4.0.1
   ...
Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Atheros AR5BWB222 Wireless Network Adapter
   ...
Ethernet adapter Local Area Connection:
   ...
   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
   ...
   IPv4 Address. . . . . . . . . . . : 192.168.1.63(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : October-15-13 9:02:29 PM
   Lease Expires . . . . . . . . . . : October-23-13 9:02:33 AM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   ...
   DNS Servers . . . . . . . . . . . : 192.168.1.254
                                       ??.???.???.?
   ...
In this case WiFi is not being used, and the real IP interface is "Local Area Connection". The IP interface with the "Description" value of "TAP-Windows Adapter V9" is the IP interface that OpenVPN uses. This is often (but not always) "Local Area Connection 2", as it is in this case.

 

You can determine the correct DNS server to use (e.g. if you are using UDP on port 443 then use 10.4.0.1) from this page:

 

https://airvpn.org/specs/

 

You can see what the DNS is set to for all interfaces using this command:

netsh interface ip show dns
 This should produce something like this:
C:\Users\user>netsh interface ip show dns
...
Configuration for interface "Local Area Connection 2"
    DNS servers configured through DHCP:  10.4.0.1
    Register with which suffix:           Primary only
...
Configuration for interface "Wireless Network Connection"
    DNS servers configured through DHCP:  None
    Register with which suffix:           Both primary and connection-specific

Configuration for interface "Local Area Connection"
    DNS servers configured through DHCP:  192.168.1.254
                                          ??.???.???.1
    Register with which suffix:           Primary only
...
So the DNS server for the VPN connection is "10.4.0.1" in this case.

 

The DNS for the VPN interface should already be set in accordance with the link above. What we want is for the DNS server for the "Local Area Connection" (or "Wireless Network Connection" if using WiFi) to be the same as for the VPN connection.

 

Assuming that the real/non-VPN interface name is "Local Area Connection", and that the appropriate AirVPN DNS server is 10.4.0.1 (i.e. you are using UDP 443 for the OpenVPN tunnel), then when the VPN has come up, you can run this command as administrator:

netsh interface ip set dns "Local Area Connection" static 10.4.0.1
You need to do this at an "administrator command prompt" that has administrator privilege, which you can bring up using "Start/All Programs/Accessories/Command Prompt, right-click, Run as Administrator". You can set up copy and paste editing in a command prompt by right-clicking on the title bar, where it says "Administrator Command Prompt".

 

That has taken care of DNS leaks. Now when the VPN goes down, assuming you let DHCP normally configure your DNS, you can run this command (again) as administrator:

netsh interface ip set dns "Local Area Connection" dhcp
And you are back to normal.

 

For convenience, you can put these commands into ".bat" scripts and create short cuts to them with the "Run as administrator" property set. Add a "pause" statement at the end so the window will stay open for you to see the results.

 

Assuming that you are using the GUI wrapper program (OpenVPN-GUI) for OpenVPN that comes with OpenVPN, rather than the AirVPN GUI wrapper program, and that you have generated, downloaded and installed the ".ovpn" configuration files that this needs then if you want to automate this, you can use an "up" script and "down" script with the OpenVPN connection. Towards this end add these lines to each ".ovpn" configuration file (using AirVPN's Configuration Generator for example):

script-security 2
up '_up.bat'
down '_down.bat'
Then in the same folder where the ".ovpn" files are add the file "_up.bat" containing this:
netsh interface ip set dns "Local Area Connection" static 10.4.0.1
And also in the same folder where the ".ovpn" files are add the file "_down.bat" containing this:
netsh interface ip set dns "Local Area Connection" dhcp
To check that your set up is working, use AirVPN's DNS leak test site:

 

http://ipleak.net/

 

For documentation on the "netsh" command see:

 

http://technet.microsoft.com/en-us/library/bb490943.aspx

 

For documentation on directives that go into ".ovpn" files see:

 

https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage

 

...

Looking through the forum for a guide of my Router (not found) or for my Firewall (not found).

...

 

Hi, actually there's a guide:

 

https://airvpn.org/topic/9549-guide-to-setting-up-vpn-just-for-torrenting-on-windows-thanks-to-nadre/

 

see section "Routing Table Change to Block Outgoing Native Traffic"

 

It does not depend on firewall.

 

Kind regards

 

You can stop outgoing traffic going out of the native interface, in case the VPN fails, by removing the original non-VPN gateway entry from the routing table, after the VPN comes up.

 

First you need to determine the IP address of this gateway. You can see what the original non-VPN gateway is using this command:

route print
This should produce something like this:
C:\Users\user>route print
...
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.63     10
...
It is the "Gateway" value for the routing table entry with the "Network Destination" and "Netmask" values "0.0.0.0". In this case the gateway address is 192.168.1.254.

 

Assuming the gateway address is 192.168.1.254, then you run this command as administrator after the VPN comes up:

route delete 0.0.0.0 192.168.1.254
After the VPN comes down, and you have stopped whatever it is you do not want going out over the native interface (torrent clients?), you can restore the ability for traffic on the native interface by running this command as administrator:
route add 0.0.0.0 mask 0.0.0.0 192.168.1.254
For convenience, you can put these commands into ".bat" scripts and create short cuts to them with the "Run as administrator" property set. Add a "pause" statement at the end so the window will stay open for you to see the results.

 

Again, assuming that you are using the GUI wrapper program (OpenVPN-GUI) for OpenVPN that comes with OpenVPN, rather than the AirVPN GUI wrapper program, and that you have generated, downloaded and installed the ".ovpn" configuration files that this needs then if you want to automate this, the "route delete" could be added to the "_up.bat" script I described above if you want. But do not restore the gateway in the "_down.bat" script. Make sure the torrent clients (or whatever) have been stopped first.

 

If you also ensure that no ports are being forwarded by your router and that UPnP is disabled in your router (so that programs cannot tell the router to forward ports), then you have blocked any possibility of non-VPN traffic on the native interface when you do not want it.

 

See what staff tried to get you to look at if you want a more thorough explanation.

 

UPDATE:

 

There is another version of (the DNS leak part of) this post with a bit more information here:

 

https://airvpn.org/topic/9289-dns-leaks-and-how-to-fix-them/?p=11603

 

There is another version of (the non-VPN traffic blocking part of) this post with a bit more information here:

 

https://airvpn.org/topic/9797-blocking-non-vpn-traffic-without-firewall-using-routing-router/?p=11512

 

UPDATE 2:

 

As discussed in the thread linked to above, when the DHCP "lease" period for your IP address expires, it seems that during the DHCP lease "renewal" process, Windows will restore the original gateway entry in the routing table. You can check when your lease will expire by looking in the output of the command "ipconfig /all". Before the lease expires, you could force a renewal using the command "ipconfig /renew", and then remove the default gateway entry again.

 

Note that Windows will renew the lease "halfway through the lease period":

 

http://technet.microsoft.com/en-us/library/cc958919.aspx

 

UPDATE to UPDATE2:

 

Originally I ignored an obvious solution here, and only discussed the option of setting up a static IP address. However I believe most routers will allow you to change the DHCP lease interval they use. I know for sure this is possible for the Actiontec V1000H and the ASUS RT-N56U. I suggest setting this as high as possible, or up to a year.

 

If you decide to use a static IP address on your PC, you should ensure that your router does not feel free to allocate the same IP address to other devices, as this would cause great grief on your LAN (this happened to me once). Your router should allow you to set the range of IP addresses that it will allocate from. It should also allow you to allocate a fixed IP address to a particular MAC address. The Actiontec V1000H calls this "DHCP Reservation". The ASUS RT-N56U calls this "Manually Assigned IP around the DHCP list". You can use the real MAC for your PC as shown by "ipconfig /all":

C:\Users\user>ipconfig /all

Windows IP Configuration

...
Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ...
Physical Address. . . . . . . . . : 08-ED-B9-13-21-43
... 
The MAC address is the "Physical Address", except that your router may want ":" in place of "-".

 

Or just make up one to stop that address from being given out.

 

UPDATE 3:

 

Note that removing the original non-VPN gateway entry from the routing table will also stop the WebRTC leak. See this post:

 

https://airvpn.org/topic/13519-webrtc-vulnerability/?p=24989

Share this post


Link to post

 

 

script-security 2
up '_up.bat'
down '_down.bat'

I'm not any good at scripting so I borrowed Jeremy's (dnsleaktest dot com) and I created a batch file to use what NaDre posted and the Preconnect/Connect/Disconnect Scripts feature of OpenVPN. I wasn't sure where to post it but this looks like a decent place.

 

I use this after I generate a new set of OpenVPN configuration files. I just leave the batch file in a directory I use for downloads, run it there and move the files (*.ovpn, _up.bat, _down.bat)  to

%Program Files%\OpenVPN\config.

 

EDIT: Note- Need modify access to directory where running batch file.

 

@echo off
REM **************************************************************************
REM * OpenVPN Leakfix batch file generater                                   *
REM * This script generates batch files to prevent DNS and application leaks *
REM *                                                                        *
REM * Execute this file once for every set of .ovpn files you create         *
REM * Execute this in a directory you have write access too                  *
REM * It will generate 2 batch files per OpenVPN configuration file          *
REM * '_up.bat', '_down.bat'                                                 *
REM **************************************************************************

REM  ***************************************************
REM  * NOTE: 'Check DHCP Lease time'.                  *
REM  * 'Routes added back upon lease renewal'.       *
REM  * 'Clients begin to attempt to renew their leases'*
REM  * 'once half the lease interval has expired'.     *
REM  * 'Lease time for 1 year = 31536000'              *
REM  ***************************************************

REM  ***************************************************
REM  * You can safely query 10.4.0.1 regardless of     *
REM  * the port your system connects to.               *
REM  * There is no additional latency at all.          *
REM  ***************************************************


REM *************************
REM * Generates batch files *
REM *************************

setLocal
for /f "tokens=*" %%b IN ('dir /b *.ovpn') do (

REM  **********************************
REM  * DNS Leak Fix - Create *_up.bat *
REM  **********************************
    echo ipconfig /flushdns>> %%~nb_up.bat

REM  ***************************************************
REM  * ENTER SELECTED DNS IP ADDRESS AND IP INTERFACE: *
REM  ***************************************************
    echo netsh interface ip set dns "Wireless Network Connection" static 10.4.0.1>> %%~nb_up.bat

REM  **********************************************************************************
REM  * unREMark the following line if you have a second interface enabled on machine: *
REM  **********************************************************************************



REM     echo netsh interface ip set dns "Local Area Connection" static 10.4.0.1>> %%~nb_up.bat

REM  ****************************************************
REM  * Application Leak Fix - ENTER YOUR DEFAULT ROUTE: *
REM  ****************************************************
    echo route delete 0.0.0.0 192.168.n.n>> %%~nb_up.bat

REM  *************************************************************
REM  * unREMark the following line if you have a second gateway: *
REM  *************************************************************
REM     echo route delete 0.0.0.0 192.168.n.n>> %%~nb_up.bat

    echo @pause>> %%~nb_up.bat

REM  ************************************************************
REM  * Restore DHCP settings - Create *_down.bat                *
REM  * ENTER IP INTERFACE                                       *
REM  * DO NOT PLACE ROUTE ADD HERE. MANUALLY ADD Routes BACK:   *
REM  ************************************************************
    echo ipconfig /flushdns>> %%~nb_down.bat

    echo netsh interface ip set dns "Wireless Network Connection" dhcp>> %%~nb_down.bat


REM  **************************************************************************
REM  * unREMark the following line if you have a second interface on machine: *
REM  **************************************************************************
REM     echo netsh interface ip set dns "Local Area Connection" dhcp>> %%~nb_down.bat

    echo @Echo *******************************>> %%~nb_down.bat
    echo @Echo *****   Add Routes Back     ***>> %%~nb_down.bat
    echo @Echo *******************************>> %%~nb_down.bat
    echo @pause>> %%~nb_down.bat
)

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...