I'm using SwissVPN with EAP-TTLS encryption, I tested with cmyip.com and whatismyip.com, both showed the SwissVPN IP. However, when I test it with https://www.dns-oarc.net/oarc/services/dnsentropy the test showed my real IP. Is this a DNS leak? If it is, will this happen when using BitTorrent, or is this only happens on rare circumstances? Thanks.

Yes, that is a DNS leak.

Will this happens when using BitTorrent, or is it something that rarely happens? I thought EAP-TTLS doesn't have the DNS leak problem.

Thanks for the reply.

Obviously it does. Yes, it will likely continue to do that, regardless of what programs you are running (torrents etc). No change = things stay the same. I can't say how their network works, so I can't tell you what to do to fix the problem other than contacting them.

I have the same problem with Xerobank; the problem is inherent to OpenVPN.

Here is a solution:

https://forum.perfect-privacy.com/showthread.php?t=702

It is tedious but it does work.

If you use OpenDNS servers, they purge their records daily, I believe... So... while you may be leaking a request, the log entry at OpenDNS will be purged. I think your normal ISP can still see DNS request as they travel to OpenDNS servers, though, but they'd have to be looking for it. I don't think it is something that is normally logged.

Someone please correct me if I mis-speak?

Leaking DNS is a big hassle. Why developers can't get it fixed is beyond me.

{QUOTE-> I'm using SwissVPN with EAP-TTLS encryption, I tested with cmyip.com and whatismyip.com, both showed the SwissVPN IP. However, when I test it with https://www.dns-oarc.net/oarc/services/dnsentropy the test showed my real IP. Is this a DNS leak? If it is, will this happen when using BitTorrent, or is this only happens on rare circumstances? Thanks. <-QUOTE}

Put it this way...... your REAL IP is shown and recorded already if you have been engaging in illegal torrent downloads.

Don't fool yourself.. you are never 100% anonymous.

Stay away from illegal activities and you will be fine, no need to try to hide your real IP.

I have the Xerobank DNS Server specified in my network settings for the TAP-WIN32 adapter.

When I run the test: https://www.dns-oarc.net/oarc/services/dnsentropy it does not report back my real IP address, rather it reports an IP address other than my IP address through my ISP.

Further, if I mistype a URL, Xerobank reports back with an error message, and not my ISP.

It seems as though I'm covered, or have I missed something?

{QUOTE-> Put it this way...... your REAL IP is shown and recorded already if you have been engaging in illegal torrent downloads.

Don't fool yourself.. you are never 100% anonymous.

Stay away from illegal activities and you will be fine, no need to try to hide your real IP. <-QUOTE}

Put it this way...... your REAL IP is shown and recorded already if you have been engaging in illegal torrent downloads.

Not if he is using an anonymity network and has it set up properly. Really you don't need much anonymity at all to download torrents safe, why would they waste their time to tace you back over a one hop connection when there are millions and millions of people using no anonymity networks.

Don't fool yourself.. you are never 100% anonymous.

As with most things in life it comes down to levels. You don't need to be 100% anonymous you just need to be so anonymous that those trying to find you won't bother. For torrents you don't need to be anywhere near 100% anonymous to be safe. I think people can be 99.99% anonymous, I will give someone a million dollars if they can trace me down if I am using Tor plus random unsecured WiFi with a long range antenna from a rotating mobile position (car) and spoofed mac address. That may not be solidly 100% anonymous but its 99.99% - 100% anonymous, someone would need to be doing some seriously ****ed up shit for anyone to even attempt to trace them doing that.


Stay away from illegal activities and you will be fine, no need to try to hide your real IP.

What a horribly defeatist attitude. Would you tell a German in Nazi Germany to not hide Jews in their attic? Morality trumps illegality. Don't be immoral, break whatever stupid immoral laws you want is my motto. Of course that only works if people don't delude themselves as to what is moral and what isn't, victimless crimes are not immoral, crimes with a victim are immoral. The same thing can be seen from the flip side as well, "victims" shouldn't delude themselves either. People have no rights to arbitrary strings of 1's and 0's, information is free, technology has changed the way people need to think of property ownership. Thats just the simple truth of the matter, anything else is trying to plug a massive leaking dam with bubble gum.

Well, I don't mind the VPN company recording my real IP, I just don't want the peers to see my real IP. I also never claimed I'm 100% anonymous, but I would make effort to make myself harder to track. I'm not discussing the legality of torrents, I didn't ask for illegal torrents. I'm asking a technical question of whether if this is a DNS leak and if it'll happen if I run BitTorrent.

Jokerswilds: What settings did you use? Please share them or post a link, thanks.

{QUOTE-> Well, I don't mind the VPN company recording my real IP, I just don't want the peers to see my real IP. I also never claimed I'm 100% anonymous, but I would make effort to make myself harder to track. I'm not discussing the legality of torrents, I didn't ask for illegal torrents. I'm asking a technical question of whether if this is a DNS leak and if it'll happen if I run BitTorrent.

Jokerswilds: What settings did you use? Please share them or post a link, thanks. <-QUOTE}

I don't think BitTorrent needs to resolve any domain names other than maybe the tracker, so I doubt it will matter too much, although it technically probably could happen.

The most that will happen from a DNS leak is your ISP will be able to see you contacted a torrent tracker for some reason. The torrent tracker still wont be able to see your IP, nor will any of the peers. DNS leaks make it so your ISP can see who you talk to, they don't make it so the people you talk with can see who you are.

Ok, thanks for the info. As long as the tracker and the peers do not see my real IP, that's good enough for now.

May i suggest another idea, look into a seedbox. Its a server that runs either a php script like TorrentFlux or a web interface for utorrent/rtorrent that is used solely for bittorrent; they massively faster than your own connection, using connected to a 100mp backbone. That way you can save your bandwidth to download via http/ftp and your ip address is never recorded in the spawn.

This is on a Windows XP Box SP2:

Control Panel>Network Connections>TAP-WIN32 Adapter>Properties>Internet Protocol(TCP/IP)>Properties

Change: Untick Obtain DNS Server Automatically
Check: Use the Following DNS Server addresses

Input: 10.244.2.1

That is the Xerobank DNS Server.
Has worked well for me.

JokersWild

Pls tell what is alternate(apart from 10.244.2.1) DNS server for Xerobank ?
Should there not be at least 2 addresses ?

Are both these for use only by paying clients of Xerobank or others too may also use them , like for eg.OpenDNS ?

Can these 2 DNS's be put on a router ?

Thanks for yr kind advice/tips

SKA

{QUOTE-> JokersWild

Pls tell what is alternate(apart from 10.244.2.1) DNS server for Xerobank ?
Should there not be at least 2 addresses ?

Are both these for use only by paying clients of Xerobank or others too may also use them , like for eg.OpenDNS ?

Can these 2 DNS's be put on a router ?

Thanks for yr kind advice/tips

SKA <-QUOTE}

I agree, that historically, I've seen this configuration specified
with two alternate DNS Server addresses.

However,as I mentioned, specifying the XB DNS, if you mistype a URL it returns with the following error message:

"The host you tried to connect to does not exist
This is a warning page generated by Xerobank to warn you that the host you tried to contact does not exist."

Also, the leak test does not reveal my true IP address.

Steve will have to weigh in as to whether or not this is available to non-Xerobank customers.

{QUOTE-> I have the Xerobank DNS Server specified in my network settings for the TAP-WIN32 adapter.

When I run the test: https://www.dns-oarc.net/oarc/services/dnsentropy it does not report back my real IP address, <-QUOTE}

I do not have anything configured at all on any of my computers (I have 3) and this test does not show my real IP on either of them. It always shows XB without fail. And if I type an incorrect addres. Xerobank tells me that it is incorrect.

I don't know if we are blocking external requests to our DNS. However, I do know that we are adding more DNS servers for geographic distribution. If users do external requests and it causes any slowdown for clients, we would firewall external requests.

However, if you AREN'T on XeroBank, you shouldn't be sending requests through XeroBank, because then nodes between your network and ours would see the data going over it, leaking your DNS info to them and to XeroBank.

{QUOTE-> Are both these for use only by paying clients of Xerobank or others too may also use them , like for eg.OpenDNS ?

Can these 2 DNS's be put on a router ? <-QUOTE}
Only people connected to Xerobank's network via VPN can use the DNS server on 10.244.2.1. This is because that IP is on a private IP range (http://en.wikipedia.org/wiki/Private_network) that is inaccessible from the Internet unless it also has an external "public" IP or Xerobank forward requests from an external interface to the internal server.

The private IP range of 10.0.0.0-10.255.255.255 is basically a bigger version of the private IP ranges you might see on your own home LAN like 192.168.*.

traxx75
Thanks for your explanation - deeply appreciated.

SKA