Can You Trust Your VPN Provider…?

Discussion in 'privacy technology' started by lotuseclat79, Oct 2, 2013.

Thread Status:
Not open for further replies.
  1. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    If your connection is encrypted properly, how would a router know what to block? Software firewall, yes.
     
  2. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    ok. just for the confirmation. :thumb:
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I suppose that you could block all outgoing on the router except to the VPN service. But that would only be workable if nothing else on LAN needed to get out.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163

    A software firewall is a must on Windows. If something bad gets on there, how will you know that it opened a port for communication? How will you know that it is trying to send data? Even the Windows firewall will warn of a server listening, but I think it allows all outbound communication. Also, programs can write rules to it...don't know how hard that is to do...but may be a case for a third party firewall. But Windows *does* have a firewall on by default, so use it, if it is all you have.

    PD
     
  5. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    well, my bad. i should've said "a third party" firewall software.
     
  6. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Why would anyone not use a firewall.
     
  7. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    wealth of info past 2 pages, glad I read it ;)

    I was using firewall rules to block any internet connection if my VPN connection disconnected via my Asus tomato router. But no firewall... had kaspersky installed but such a resource hog even on a good spec pc with 8gig.

    Also kaspersky never even asked what programs it wanted to allow or disallow, think it auto sets this up so it nags you less....but then I find this a little worrying !

    I have used Ms essentials (free one) and basic windows firewall/uninstalled Kaspersky resource hog recently.

    Which AV and Firewall do you guys recommend overall ?
     
  8. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    If you read in AirVPn and Boleh forums, they basically suggest Comodo Firewall.
     
  9. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Yeah I noticed they love comodo, I got it installed also and it is good.

    Going to setup the rules now ever since my Tomato router died :(

    Its just nice to hear what some other wilders use in terms of anti virus and firewall. But guess they all do a pretty similar and decent job, had never even heard of gdata let alone pfsense from 6 months ago :)
     
  10. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Well attempted to follow AirVPNs comodo firewall guide on preventing leaks

    Its so out of date and incorrect its unusable.

    I was going to post on AirVPN forums and illustrate just how incomplete and wrong their guide is even at the very beginning steps, but chose not to.

    I have noticed the staff always say "oh it only takes a minute to add the rules" or 30 seconds to block dns leaks.

    I find this highly incorrect, even when you look at the comodo guide it has at least 14 steps, and about 3-10 different settings for each step!) This is not a 5 minute or 30 second set up !

    No wonder why everyone is asking why DNS leaks and Disconnect if VPN disconnects option is not added to the client !

    Going to try pfsense again, I recall it being pretty difficult to setup initially
    I selected my network port and It was never able to see dhcp on my network or allow me access to the web gui, but will give it another shot!
     
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    You now know why I'm so against AirVPN. You really have to ask your self if they care about users at all.
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I personally don't care if Windows Media Center pulls a TV update while my VPN is down (but it never is...I just don't have disconnects like others seem to). So I use Application rules. This one is overkill, Just IP would work, but belt and suspenders. Do it for any application you want cut off when the VPN isn't up:
     

    Attached Files:

  13. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    That's still effort, and complicated for those who don't know. If your on AirVPN run wireshark for the whole length of time you use your computer one day. I am sure you will find one or two disconnections.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    why in hell make it so difficult , comods firewall rules over at airvpn are ok if you comprehend how its basics work , once you do they work these things require understanding and learning skillz mind you , if you have questions ask them that what support is there for ...and wilders ,lols , btw if you really wanna make sure theres no leaks , then use a proper enterprise grade firewall aka pfsense and work with vms as connection client for

    your vpn not some fumbly ~ Snipped as per TOS ~ software client you get from the vpn provider , theres no more secure way than that , no need for program specific entrys , your connection drops, your host pc will simply have no internetz so your real ip never leaks , use wireshark as already mentioned to leak proof , my 2 cents
     
    Last edited by a moderator: Oct 21, 2013
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Just FYI, contemplate <-https://www.whonix.org/wiki/FAQ#Why_aren.27t_you_using_OpenBSD.2C_it.27s_the_most_secure_OS_ever.21.21.211.21->. There's another level of security/paranoia ;)
     
  16. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    yeah i know i know , still got ways to go stuff to learn , new heights of healthy awareness aka "paranoia" to explore , lols , nice link , has been added, cheers
     
  17. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    I think ill leave out comodo setup for my vpn provider, gonna try pfsense and hopefully can add rules to stop internet access if vpn drops connection.

    From there comodo can at least warn me or block any out going connections or incoming which I do not require.

    You guys think this is ok? Or you reckon I should really setup the comodo firewalls with my vpn.
     
    Last edited: Oct 22, 2013
  18. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    803
    that is correct, but turn that last sentence around , not block certain but block all connections and only set those that you want to allow connecting , one of them being the connection to your pfsense vm of course ;)
     
  19. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I just use a normal firewall and the software built into my VPN... you know... because the two I actually use come packaged with adapter and system level DNS / Leak protection.... Just sayin... *Batman Out*
     
  20. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    thx guys, yeah that is the way I felt safe the iptable rules I had in my router simply killed the internet connection if my VPN was not running. This prevented any leaks or issues and took 10 seconds to copy and paste, last thing anyone wants is to be surfing joyfully unaware their VPN connections dropped !

    I hope pfsense can accept the iptable rules and work the same way it did on my tomato router did.

    Still a shame AirVPN client does not support the disconnect or stop leaks tick boxes..... still as I have learned quite fast around here one should always create multiple back ups and at least 2-3 barriers !
     
  21. Fawkesguy

    Fawkesguy Registered Member

    Joined:
    Jan 24, 2013
    Posts:
    42
    That's exactly what I'm doing. 100% protection. But if the AirVPN client is as crappy as Taliscicero says, that really stinks for those that aren't aware or don't know better.
     
  22. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Been playing a bit around with pfsense today

    And its pretty complex and advanced, too much for myself.

    I was expecting the same type of easy setup and newbie wizards that netgear or routers offer, I went to add my openvpn settings and noticed no start or stop button even, no idea how to get the openvpn client to switch on or start or run even lol

    May give it another try but its a right headache to setup, also no IP table support from what I can see which is strange maybe I missed it.

    I must be too accustomed to tomato firmware, where simplicity and less effort were required !
     
  23. TheCatMan

    TheCatMan Registered Member

    Joined:
    Aug 16, 2013
    Posts:
    327
    Location:
    sweden
    Yeah I did in the past before complain to Airvpn staff about the lack of features on the client.

    They claim it takes 30 seconds to set up the rules lol

    It is an excuse really, if other vpn providers even the rubbish ones have the feature then why not themselves. Guess in theory its still best to have a firewall to further protect or encrypted/ram virtual machines for that further barrier.

    Btw Fawkesguy my paranoia batman sense kicks in, I have spotted you around the net ;) Even on smallnetbuilders forums, just like another member here suggested best to perhaps use different nicks and different passwords per forum. Worst thing in the world would be if an adversary ask for example are you forum user name "p.d87" Mr paul dwayne born in 1987 :argh:
     
  24. Fawkesguy

    Fawkesguy Registered Member

    Joined:
    Jan 24, 2013
    Posts:
    42
    LOL, yeah I use this name in a few different places, but it's associated with a countermail address that uses a fake name on the account. So I'm not too concerned. :shifty:
     
  25. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    4,208
    yeah i, too, have seen you around. there's a bunch of members here who use the same user name around the web i noticed. not much of a "vendettaesque" practice, i believe. what do you say, fawkes? :shifty:
     
    Last edited: Oct 22, 2013
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.