How to keep from blowing your anonymity when you lose the VPN or Tor connection?

Yeah I know you're not going to connect, so this is why I didn't understand why everyone was making this so complicated and Steve's video also about stopping DNS leaking with that video to correct all this which seemed like overkill...

So now as far as DNS leaking, all you have to do is use the DNS from the VPN correct and your DNS is not exposed?


THANKS

 

Have you actually done that? That is, have you established the VPN, and then assigned a bogus IP address to the physical NIC? Upon reflection, I suspect that breaking TCP/IP like that would also hose the VPN. It's one thing to trash DNS, because the VPN doesn't need DNS once it's established, but it's another to assign an unworkable IP to the computer.

 

LOL, what a bonehead I was to think this...

Ok back to the drawing board...

 

I will try it, because in that matter I think only experiments matter . But I'm not convinced by the DNS trick in preventing any traffic outside your vpn when you vpn connection drops.

Because 'as already noticed by Hierophant) what if you are torrenting, or using any P2P apps which connects to others peers in using numeric IP directly, without DNS translation ?

What the purpose to prevent DNS leakage when DNS is not used by the apps you are running ?

In case your vpn connection drops, isn't be possible for your system to connect to your ISP, for exemple if your connectivity to your ISP only uses a numeric IP ?

 

Well you can put in a different DNS like from OpenDNS or Comodo and if the connection drops and you connect to your ISP you are still going to be on that DNS but you'll be back on your IP, so I don't see much advantage here...

 

There is an easy way to avoid DNS leaks, just set the default DNS server to "0.0.0.0". Then all DNS queries will go through your VPN, if possible, and if the VPN drops they go nowhere. Unfortunately the Windows GUI will not let you do this, but you can using the "netsh" command. I found some batch scripts on the Perfect-Privacy forum that do this for you. They are designed for use with PPTP VPNs, but I think you could probably edit the scripts a little and have them work with OpenVPN. The thread is here:

https://forum.perfect-privacy.com/showthread.php?t=1265

If you go to the end of the thread you will see I posted edited versions which work with Vista 32-bit. The files in the original post do not work with Vista 32-bit, I haven't tried them on any other OS. If you are having problems, try my versions. I am fairly sure these scripts work 100% to plug DNS leaks, at least with PPTP.

However, you still have to make sure your connection stays down, as even with no DNS you could still be exposed by traffic that is using straight IP addresses. You can try the scripts I posted earlier in this thread (based on Lyx's method) which will kill the route to your default gateway in your routing table. This forces all traffic through the secure tunnel. If the tunnel drops there is nowhere to go. I have tested this combination of scripts and I am pretty sure they are working. Feel free to test them yourself.

 

If you obtained your router from your ISP, it is likely that the router has DNS primary and secondary table entries for its own DNS servers. If the ISP supplies documentation on your router, then look at it and log into the router via the admin password you should have been given when you received when your installation took place from the ISP.

Then you can change the router's default DNS servers (primary and secondary) to whatever you like, e.g. OpenDNS. That should assure you that when you are using client softare like Tor which a browser such as Firefox where in the about:config file you can see the network.proxy.socks_remote_dns is true when using the Torbutton plugin - and your ISP will never see a DNS leak then or otherwise. However, the website to which you have set your DNS (primary and secondary) servers to would see any leaks if they occured.

-- Tom