AirVPN and TOR

Discussion in 'privacy technology' started by notthatguy, May 9, 2012.

Thread Status:
Not open for further replies.
  1. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Considering getting set up with AirVPN after several recommendations from members on here. But I don't fully understand the connection process.

    Here's what I'm hoping someone can help me understand

    1. If the VPN is encrypting all of your traffic, which prevents the exit node from sniffing. Your VPN provider is seeing all of your traffic unencrypted correct?

    2. Air VPN states: "Our VPN server will not see your real IP address but the IP of the TOR exit node" Using AirVPNs setup methods ( Found here: https://airvpn.org/tor/ ) Wouldn't AirVPN know your originating IP address? I don't understand how connecting to Tor browser bundle through a VPN will hide your originating IP from the VPN provider, if at all? Can someone explain this? I think I have this totally wrong

    3. So using AirVPN you connect TOR → VPN → SERVER right? So your ISP knows that you are connecting to TOR? Or do they see you are connecting to AirVPN?

    Thanks for input guys, you don't know how much I love the members on this forum.
     
  2. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    If you open the TBB first, your ISP can see that you are connecting to the Tor network (if they bother to keep updated addresses of all Tor entry nodes), but that is it. If you then open up AirVPN (either through their GUI OpenVPN solution, or OpenVPN proper) then the VPN will only see the address of the Tor exit node because either program is connecting through the Tor proxy on your machine on port 9050. Tor exit node traffic is encrypted. VPN can see traffic.

    If you fire up the VPN first, your ISP will see the connection to your VPN's entry server, but that is it. If you then open up TBB, the Tor entry node will see your VPN providers IP. VPN cannot see traffic, but exit node can.

    PD
     
  3. notthatguy

    notthatguy Registered Member

    Joined:
    Apr 7, 2012
    Posts:
    34
    Ok my question then is how do I go about preventing leaks, especially DNS which would theoretically expose my IP to the VPN.

    Wouldn't I have to worry that any other programs on my computer attempting to update, etc.?
     
  4. hashed

    hashed Registered Member

    Joined:
    May 5, 2012
    Posts:
    53
    Using the TBB, that is definitely a concern if you go outside of the bundle. By that I mean, only the browser itself is torrified. So, say you are running AIM or the like, if you do not specifically torrify that app, it could leak your true IP. If you logon to the VPN first, and you use a solution such as DD-WRT, every application will be encapsulated and encrypted within the tunnel. Presumably if you use the Air client in this manner, traffic from all applications should equally be redirected into their VPN tunnel.

    Depending on what your true objective is, and I suspect it would be to keep a nosey ISP from snooping on your movements, the TBB accomplishes this with ease. If you want to just put your entire DD-WRT router in the VPN tunnel, in my mind, that also achieves the goal, but of course you are then putting your trust in AirVPN that they aren't logging.

    Hope this helps :)
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    I don't have an AirVPN account, so I can't test the configuration generator referenced in -https://airvpn.org/tor/ . To get OpenVPN to use a SOCKS proxy, you just add "socks-proxy 127.0.0.1 9050; socks-proxy-retry" to the configuration file. AirVPN may also add route specifications to direct traffic through the VPN tunnel. But you'd also want firewall rules so traffic can't bypass Tor (and thereby the VPN) entirely.
     
  6. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    AirVPN's downloadable OVPN config files just add this to their regular config:

    socks-proxy 127.0.0.1 9050

    What's that 'retry' line do Mir?

    PD
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    The OpenVPN man page says that "socks-proxy-retry" enables "Retry indefinitely on Socks proxy errors. If a Socks proxy error occurs, simulate a SIGUSR1 reset". Tor can be flaky, so that seems useful (like "resolv-retry infinite" for hostname resolution).
     
  8. mike70sk

    mike70sk Registered Member

    Joined:
    Jul 23, 2012
    Posts:
    36
    Location:
    Canada
    if your running tor first, would utorent expose your real ip, is tor mostly for browsing? tor can hide your real ip to your vpn, but then other then browsing what can programs can you use?
     
  9. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,030
    If you're running a VPN through Tor, it must be a TCP-based VPN. But now you can route any traffic that you want through that VPN. It'll be slow, though.
     
Loading...
Thread Status:
Not open for further replies.