how do I setup my VPN so that it's the only I can connect to the internet?

[scrty001]

I would like to make sure that if my VPN connection ever drops that I'm completely disconnected from the internet so that I don't expose my real IP.

I'm not advanced with this, so any simple method to do this that I can setup would be great. Any place I find a tutorial to do this step by step would be helpful.



Thanks!

[SteveTX]

What operating system? Here is one for linux

[arran]

But you should be able to do this with a software firewall right?

configure your software firewall so it only allows your vpn client to connect to 1 ip address which is your proxy server. all other outgoing connection attempts on your pc are blocked.

[SteveTX]

For windows, in theory yes, in practice no. Software firewalls work by hooking into your network stack, and adapters are at a lower level of your network than your software firewall, so it may not be able to catch it.

[arran]

Quote:

Originally Posted by SteveTX

For windows, in theory yes, in practice no. Software firewalls work by hooking into your network stack, and adapters are at a lower level of your network than your software firewall, so it may not be able to catch it.

so you saying that stuff can still slip thru? even with software firewalls with good "Leak Test" results?

http://www.matousec.com/projects/fir...ge/results.php

say for example with using online armor and comodo stuff can still get thru using a lower level?

[SteveTX]

Yup. That's how rootkits work. They can hook at kernel-level, and be completely shadowed because it tells the operating system that it is invisible when it does things. However, software firewalls could work for something like interface leaks, but software firewalls for windows don't seems to be designed for per-adapter settings and hookings. They seem to be designed for computers that have 1 connection to the internet. I wouldn't depend on them, but one thing you can probably depend on (without using hardware blocking) is routing. I'll have a guide ready shortly.

[arran]

Interesting I have heard before that these leak tests with software firewalls are just the tip of the iceburg.

SteveTX with using HIPS software like for example malware defender or eqsecure, they block the installation of rootkits at the kernel-level. so what I am saying is if there isn't any rootkit programs then there wouldn't be any thing at the kernel-level making any outgoing connections, would this be true??

Or is there already built in windows software which is part of windows itself at the kernel-level making outgoing connections? if so would disabling all non essential services resolve this?

and I look foward to see this routing guide.

[LockBox]

Steve, Isn't this a bigger worry with PPTP than OpenVPN? Please correct me if I am wrong, but with OpenVPN, I always have thought a "dropped connection" would result in loss of service through the VPN provider, but not actually divulge your IP to the web site you were on because you haven't used your own ISP to make a connection with that site. Is that wrong? I'm not wording this right, but maybe you know what I am trying to ask?

[SteveTX]

Yes, the PPTP connection, if stuttered or dropped (or operating normally) could easily have packets travel out the wrong connection and result in IP disclosure.

This solution I am presenting will work with OpenVPN, and may work with PPTP.

[traxx75]

@Gerard Morentzy

That would hold true if the applications you are running don't attempt to re-establish connections after they have been dropped. This may be something configurable (eg. IRC/IM clients, SSH clients, etc) or it might be as simple as the page you're browsing having an auto-refresh scripted into it.

Chances are, after your VPN drops, _something_ on your PC is going to try and establish a connection unless you take steps to make sure this can't be done.

[JB007]

Heck I have only just started looking at this privacy stuff and it seems the more I read, the more complex it gets. I thought that using such a thing like Xerobank VPN would offer an encrypted anonymouse net connection, then I hear about kernals, rootkits, drops... Steve do you have an email address I can contact you on, I have a few thing bugging me that I would like to run past you without clogging the board up?

[yashau]

Try something like WideCap.

[arran]

actually if the proxy server that you connect thru by vpn ever goes down, then it wouldn't be possible to prevent your real ip from going out on the internet. because you would have to go on the internet with your real IP to obtain a new proxy server.

Tell me scrty001 how would you sign up to a vpn proxy service in the first place without exposing your real ip?

also to, getting back to the situtation where you can't rely on software firewalls to prevent outgoing connection leaks, that its better to have a hardware firewall etc. Well don,t most Routers come with basic packet filtering firewalls?? all you would have to do is set your Router firewall to only allow conections to your vpn proxy server IP address. all other connections are blocked. This should be an effective way to prevent your real ip being
exposed?

[scrty001]

Quote:

Originally Posted by SteveTX

What operating system? Here is one for linux

sorry, windows xp

[scrty001]

Quote:

Originally Posted by arran

Tell me scrty001 how would you sign up to a vpn proxy service in the first place without exposing your real ip?

I don't use anything, the services I've tried won't let you sign up if you're behind a proxy. Xerobank has a good system in place where they can't match the payment info to the subscriber or something like that. There's details on this board about how it works I believe.

Anyway, it doesn't make any difference to me if Xerobank or a VPN service knows my real ip. I just don't want my ISP or anybody nosy to be able to see every single thing I do online 24/7. I just prefer privacy that's all.

[scrty001]

Quote:

Originally Posted by yashau

Try something like WideCap.

I think this should work, thanks!

[LockBox]

I'm baffled. How does WideCap provide a solution to the OP's original question? He answered, "I think this should work," but looking over the software from the WideCap site I am lost as to how it provides a solution to dropped connections and the prevention of leaking IP info if it is dropped. Am I missing something staring at me right in the face? Probably! But what is it?

[caspian]

Quote:

Originally Posted by SteveTX

Yup. That's how rootkits work. They can hook at kernel-level, and be completely shadowed because it tells the operating system that it is invisible when it does things. However, software firewalls could work for something like interface leaks, but software firewalls for windows don't seems to be designed for per-adapter settings and hookings. They seem to be designed for computers that have 1 connection to the internet. I wouldn't depend on them, but one thing you can probably depend on (without using hardware blocking) is routing. I'll have a guide ready shortly.

What would happen if you were inside of XB Machine and your VPN connection was disabled and your computer was connecting straight through your ISP all of a sudden? Would XB Machine still be connected to the internet? Or does it *only* connect while the VPN is intact?

And I assume that if I am using XB's Cryptorouter and my VPN is somehow disabled, the Cryptorouter will instantly block my connection...at least in the absence of some type of mechanical malfunction, that is. Correct?

[SteveTX]

1. XB Machine can't talk to any network that isn't encrypted/anonymous. Everything is automatically routed correctly from inside the VM.

2. Cryptorouter is fail-secure. Everything going into it comes out encrypted and anonymized. If the connect fails, no data is transmitted.

[arran]

Quote:

Originally Posted by Gerard Morentzy

I'm baffled. How does WideCap provide a solution to the OP's original question? He answered, "I think this should work," but looking over the software from the WideCap site I am lost as to how it provides a solution to dropped connections and the prevention of leaking IP info if it is dropped. Am I missing something staring at me right in the face? Probably! But what is it?

I think what widecap does is make sure all your applications connect thru your vpn network, so if your vpn goes down widecap would prevent your applications from bypassing the vpn network hence preventing exposing your real ip.

However I fail to see the advantage of it when a software firewall can do the same thing?

But Its actually more secure if you just simply configure the firewall on your Router to only allow connections to XeroBanks IP addresses

[SteveTX]

WideCap does not make sure anything goes through anything. That is complete hogwash. Widecap is a system-wide internal socks proxy. It allows all your traffic to travel out via SOCKS, it does not prevent anything from leaking. it duplicates your traffic in another language.

[caspian]

Quote:

Originally Posted by SteveTX

1. XB Machine can't talk to any network that isn't encrypted/anonymous. Everything is automatically routed correctly from inside the VM.

2. Cryptorouter is fail-secure. Everything going into it comes out encrypted and anonymized. If the connect fails, no data is transmitted.

That is excellent! Could it possibly get any better than that?

[JB007]

Quote:

Originally Posted by SteveTX

1. XB Machine can't talk to any network that isn't encrypted/anonymous. Everything is automatically routed correctly from inside the VM.

2. Cryptorouter is fail-secure. Everything going into it comes out encrypted and anonymized. If the connect fails, no data is transmitted.

Hi me again

So Steve, cryptorouter is different than a VPN I assume? And for me to sign up to Xerobanks service, would I get software to run these things? Also you mention a VM and XB Machine, is that just the Xerobank system?

Thanks again for your time.

And Caspian, thanks for your input, so many good questions, points, you raise

And why dosent the PM function work in this forum?

[SteveTX]

xB Machine will run on tor, xerobank, theoretically any openvpn, any ssh. For free, use with anything. Cryptorouter will be available soon. Plug it in, input your xerobank account number, and it is golden. plaintext in, crypto out, nothing gets through.

[JB007]

Quote:

Originally Posted by SteveTX

xB Machine will run on tor, xerobank, theoretically any openvpn, any ssh. For free, use with anything. Cryptorouter will be available soon. Plug it in, input your xerobank account number, and it is golden. plaintext in, crypto out, nothing gets through.

Steve, I just managed to send you a PM on here. Is there any cost mentioned for the crypro?