M
M
Mock2013-01-02 21:20:49
VPN
Mock, 2013-01-02 21:20:49

[VPN] How to protect yourself from the clearance of a real IP?

Those who use OpenVPN have probably noticed that sometimes it happens that when the VPN network drops, your native direct Internet access immediately starts working and your real ip is immediately visible (this can happen in a second or two while the VPN reconnects). It is especially likely to give out a real ip when some kind of software is running, there is an instant clearance.

The problem is known and they came up with a little cure, here is secretsline.biz/en/pages/onvpndown . But there is one problem, the medicine does not always work. Let's say I have 3G and the provider forcibly assigns the settings every time, i.e. the Internet works for me in any case, the main gateway is registered or not registered.

The question is how to make the Internet work exclusively through OpenVPN. Thanks in advance for your reply

Answer the question

In order to leave comments, you need to log in

7 answer(s)
W
Wott, 2013-01-02
@Wott

Well, you can beat the default route and instead add a route for vpn, then when it falls, there will simply be no route

P
pcdesign, 2013-01-03
@pcdesign

Alternatively, you can raise the vmware virtual machine, for example, and assign it a tap network interface from openvpn.
There will be a 100% guarantee that nothing will leak out.

S
smartlight, 2013-01-02
@smartlight

Apparently one I realized what he wants TC.
Imagine the situation - the Internet is connected via a 3G / 4G modem (settings come via DHCP), openvpn is launched on top of it with the default GW replaced. Programs that actively use the Internet connection are working.
The user leaves the computer to smoke / drink_tea / etc, at this time the Internet connection through the modem is interrupted, openvpn also drops, the modem reconnects the Internet, but openvpn has not yet been raised (this takes from 10 seconds to several minutes depending on the settings) and this the very period of time to “fire” the user's IP. Openvpn rises, the Internet starts to "go as it should", the user comes and sees that everything is ok, and does not know that he has already "burned out".
This is the kind of situation TS is afraid of.

O
OCTAGRAM, 2013-01-03
@OCTAGRAM

It is most reliable to use an additional machine, including a virtual one.
You can either create traffic on a virtual machine by passing it through Windows, or, conversely, pass Windows traffic only through a virtual machine.
In order for Windows traffic to go only to the virtual machine, despite the fact that it is Windows that has physical access to the Internet in the first place, it is necessary to uncheck IPv4 and IPv6 in the settings for the physical connection to the Internet. Then a virtual machine clings to this connection at one end, and the same virtual machine clings to the Host only network interface at the other end, and it is through this Host only interface that the main wheelbarrow should work.
3G in the connection scheme complicates the task. 3G may not connect to the virtual machine. Virtual machines have USB forwarding, but in case it doesn’t work out, I would fork out for a 3G router connected via Ethernet.

I
Igor, 2013-01-02
@shanker

Let's say I have 3G and the provider forcibly assigns the settings every time, i.e. the Internet works for me in any case, the main gateway is registered or not registered.

Can you give more details? How will the Internet work for you without the main gateway? I wrote route del default
in my Linux down script and that's it. In case of VPN failure, the main gateway is removed from me and the Internet does not work until I set the default gateway again

E
egorinsk, 2013-01-06
@egorinsk

And you do not do anything for which you will be ashamed later, and the problem will disappear by itself.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question