Securing Windows PPTP VPN Connections + DNS Leak Fix

"Here is a fix that stops both DNS leaks and stops the internet if the VPN drops out."

From a post I made over at https://forum.perfect-privacy.com/showthread.php?t=1265 It specifically refers to their servers but will work for any, of course.


PPTP or “poptop” VPN connections are conveniently built in to Windows, Mac, iPhone and Windows CE Smart phones. Some routers, such as the Draytek 2820 have it built in, and the Linksys WRT54GL and other Linux routers can be customized. PPTP is also much faster than OpenVPN. It is possible to crack it, but from what I have seen online, you would have to be specially targeted, and with a long password it would be expensive, difficult and time consuming.


However, on PC’s there have been two major security problems:

One is that if the VPN drops out, normal internet instantly resumes, disclosing current activity and blowing privacy. It may be some time before noticing the drop out.

The second problem is that content may be encrypted, but site names visited could be known through the problem of “DNS leaks”. More details here. With your VPN connected, run this test: http://entropy.dns-oarc.net. Ignore everything else, and look only for any “name server” in your home country rather than the VPN server country, or any that look related to your ISP. Use http://tools.whois.net/whoisbyip/ to check those without a name. Anything other than one or two name servers, only in your VPN’s country and you have a DNS leak.

Here is a fix that stops both DNS leaks and stops the internet if the VPN drops out:

Though not essential, download www.ccleaner.com. Install it and make sure everything on Options>Advanced is un-ticked. On Options>Settings, you could also select secure deletion – 1 or 3 passes for useable speed.

Get www.netsetman.com - install and open it.

First you need to select Tab1. Choose the internet connection you are using from the dropdown box – normally “Wireless Network Connection” or “Local Area Connection”. Tick “IP” and select “Use the following IP address”. Tick “DNS Server” and “Use the following DNS server address”. Go to Profile and click “Get all current Settings”. The tab will be populated with your current IP and DNS settings. That’s it for Tab1.

Select Tab2 (SET2). You need to select your internet connection device again from the dropdown at the top. Only tick “DNS Server” and “Use the following DNS server address”. Entries should remain blank. That’s it.

Select Tab3/SET3. Select the internet device on the dropdown. Tick “IP” and select “Obtain an IP address automatically”. Tick “DNS Server” and select “Obtain a DNS address automatically”

Go to Options>Preferences and un-tick everything except “Close activation dialog automatically”

Here are some batch files to put on your desktop that will run everything automatically: http://stashbox.org/617533/PPTPSecure.zip

I have included Steinsel, Zurich, Amsterdam, Chicago and Moscow. Rename your VPN connection/s to one or all of these exact name/s. Or, you can copy, edit and rename them for any other connections. You will need to put your own username and password on the third line of each Connectxxxx.bat file – just right click it and choose Edit.

To connect, just run “ConnectSteinsel.bat” or one of the others. To disconnect, run “DisconnectSteinsel.bat”. Run it also to reset your internet if you shut down by accident or something. If the network changes (eg. new Wi-Fi hotspot), run Netsetman then Profile>Get All Current Settings for Tab 1 again.

ConnectSteinsel.bat contains these lines:

Code:

"C:\Program Files\CCleaner\ccleaner.exe" /AUTO
"C:\Program Files\NetSetMan\netsetman.exe" -as 0
rasdial Steinsel username password       
"C:\Program Files\NetSetMan\netsetman.exe" -as 1

DisconnectSteinsel.bat consists of:

Code:

rasdial Steinsel \disconnect
"C:\Program Files\NetSetMan\netsetman.exe" -as 2
"C:\Program Files\CCleaner\ccleaner.exe" /AUTO