Beware of airVPN Connections!

Discussion in 'privacy problems' started by caspian, Aug 5, 2013.

Thread Status:
Not open for further replies.
  1. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    It has been recommended that I learn to set firewall rules to only allow connections through airVPN. I guess I need to do this because it is not a reliable VPN otherwise. I suggest to anyone reading this, if you are serious about privacy, DO NOT use airVPN unless you know how to configure your firewall to block everything else. Seriously.

    Recently, in the past month, I have noticed that sometimes I am not connected to the VPN even when airVPN says that I am connected. As an example, I may connect to the Netherlands, I open my browser and Google shows that I am in the Netherlands. But later on when I go to google to do a search, I am no longer in the Netherlands. when I check the icon in the system tray it says that it is connected. This is completely bogus. And this has happened several times. And I can't help but wonder how many times has this happened and I didn't even notice it?

    Also, a few times I noticed that it disconnects altogether for no apparant reason. And sometimes it disconnects and reconnects on it's own. I see the little notification pop up saying that airVPN is now connected. But it was already connected prior to this.

    Now here's the thing. And I have complained about this before. When airVPN disconnects, it just lets your bare connection right on through. So it can disconnect and reconnect again and you may never even know it. So why is that? When I used Xerobank and my connection was interupted, the icon turned yellow and all of my internet was blocked, period. It never reconnected. In fact, you had to manually tell it to disconnect and then wait for it, and then reconnect again. Otherwise you did not have internet service at all. Same with Cryptohippie.

    Out of curiosity, I decided to do an experiment with Riseup VPN. I connected and then turned off my internet for a couple of seconds. The icon turned yellow. I turned my wireless card back on. And guess what? No internet connection whatsoever. I waited and tried again just to make sure. And sure enough, I had to manually disconnect Riseup and then reconnect t have internet again.

    I haven't tried this with Autistici yet, but I will. The reason that I switched to airVPN was becuase I didn't want to pay for a full year of Cryptohippie right now. I am in a situation financially and I need to pull back, for now anyway. Plus, I like the idea of having different exit nodes to choose from. airVPN is fast, inexpensive, and has a lot of exit nodes. But if it disconnects and allows your true IP to go through, then that's just completely unacceptable. So anyway, Xerobank blocked internet connections when the VPN was interrupted, Cryptohippie blocks all internet when the VPN is interrupted, and Riseup does the same. So why doesn't airVPN do this? Does it take some knd of special knowledge that they don't have? Is it really that difficult to do? I'm going to try it with Autistici too just to see, but I bet their VPN blocks all connections too when it's interrupted . I will post my results.

    I am wondering too, does Boleh block all connections when they are interrupted, like Crypthippie and Riseup? How about Mullvad? Does anyone know? I guess I need to look for another VPN. I'm really upset about this. Upset, disappointed, and to tell you the truth, a little shocked!

    Edit: I can't use Riseup in the same way that I use an ordinary VPN because I will use up too much bandwidth.
     
    Last edited: Aug 5, 2013
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Damn :(

    I remember that yellow icon thing from Windows XP.

    But I don't use VPN clients in Windows now, so I can't help much.

    Is this in Windows 7 or 8? Maybe VPN clients can't control the hardware as well as they could in Windows XP.

    Why not switch to Linux VMs? There are many reasons to avoid running VPNs in Windows.
     
  3. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    This all started while using Vista. Then I bought a new laptop with Windows 7. I have been using either vista or windows 7 for several years now and have never had this kind of problem. Riseup blocks everything when it is interrupted and will not allow any connections until you disconnect and reconnect. But I don't think they would appreciate me using the kind of bandwidth that I use since they are primarily for political speech ect.... Plus, they are much slower. I need to do some thinking about this. I don't want to pay for Cryptohippie right now. Plus I like the idea of having multiply exit locations. I just wish that airVPN and others would create a fix for this type of problem like Cryptohippie, Risup and probably Autistici. If those 3 can do this, then why can't airVPN? I don't get it. As far as VMs, I do a lot of downloading so that won't work for me, except on occasion.
     
  4. Stifflersmom

    Stifflersmom Registered Member

    Joined:
    Jan 3, 2013
    Posts:
    45
    Can you use your VPN at the router level? If you have a router that supports tomato firmware (and I think DD-WRT) you can flash your router and use your VPN at the router level so all connections filter through it.

    Privateinternetaccess is a popular VPN that has a killswitch. If you lose VPN, it will also kill your internet. It's $40/year.
     
  5. scriptolab

    scriptolab Registered Member

    Joined:
    Sep 24, 2012
    Posts:
    16
    I also noticed that with both boleh and aivpn on windows. But I use the openvpn gui.
    My question is why don't you use a firewall? Like comodo? I have it both on host and on guest and internet is cut if vpn drops.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Let me present the case for Air. I will state that I am a simple Air user and not affiliated otherwise. I use several machines but the one I am currently typing this post on is a 7 Pro 64 bit machine.

    There are threads all over the Air forums describing how to secure the machines using firewall rules and for things WAY PAST simple VPN disconnects. Due to the nature of the windows OS it is a DNS leak disaster waiting to happen. Its the OS and not any of the VPN's that are at fault. The firewall rules we put in place as per the many threads there, totally protect from VPN disconnects BUT also keep the tunnel locked down and eliminate DNS leaks, which is a huge risk to privacy/security.

    I remember that I used VPN clients in the past and I thought their disconnect protection was "all that"! Later I found the software client was full of other holes, namely DNS leaks and other issues.

    If you create a simple set of global rules using a defined strategy you would be amazed at how locked down you can get.

    I would say that I setup my global rules and tweaked them to my own personal criteria in under an hour. I have configured my ruleset to allow the 40+ servers to be accessed at will.

    Lots of folks are using the router VPN approach. That isn't for me because my family uses the native ISP for "playing around".

    Also, you must have computer issues or ISP issues because I have not lost an Air connection even for a few seconds in the past 6 months. Believe me my system locks down immediately if I lose Air and it flys day in and day out.
     
  7. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't know how to do any of that yet. I have never needed to worry about it until now. If you know any easy to understand tutorial for setting firewall rules for a VPN with Windows firewall that would be cool. Otherwise I guess I could download Comodo, since that is what so many people have recommended. But I did start seeing a lot more of this problem after I installed Comodo internet security. I uninstalled it today and installed AVG. So far no problems. So hopefully that was the primary problem. The other problem is of course that airVPN *will* disconnect and reconnect on it's own occasionally unless a user knows how to jump through some hoops.
     
  8. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I don't use Comodo. And I don't know how to configure it to block all other traffic. Do you know of a good tutorial?
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Oh really? I know of 4 VPN's that block all internet traffic, by default, when the connection is interrupted. So if this is all the fault of a Windows OS, evidently some of these VPN providers have applied an automatic fix that is very effective. I wonder why these guys can do this but other VPN providers don't seem to know how? As for DNS leaks, I don't have any. I use the German Privacy Foundations DNS servers. It was a simple fix.

    Well evidently airVPN is full of holes too since there are so many threads about overcoming them. My only concern is that they allow your bare connection through automatically and almost immediately. It will disconnect and reconnect right before your very eyes for no apparant reason, while you are in an email or on a message board....haha! Why is that?

    It's not an ISP issue. I have this problem from two separate ISPs and it doesn't happen with the other VPNs that I have used. But I did noticed that this problem increased dramatically after installing Comodo Internet Security. And I did tell it to trust airVPN. But I uninstalled it today and so far so good.

    You mentioned that you have not had any disconnects in 6 months and that you would know it if you did. That's great. That is what I have always expected from a good VPN. When the VPN is interrupted and I am in an email of on a message board and click on something, and suddenly nothing works or responds, it lets me know that a built-in mechanism created by the VPN provider has blocked all traffic to protect my connection. I guess my problem here is that I became so use to this that I assumed that it was standard in the inustry. I guess I was wrong. Some VPN providers provide this fix, while others leave you to do a bunch of research and jump through a bunch of hoops just to prevent your real IP from showing. Surely what Xerobank did, and what Cryptohippie, Riseup, and Autistici do is not rocket science. I am just baffled by this. So what we have is a few people who are aware of this type of problem and they go to the forums and figure how to create rules and do all of this complicated stuff while the bulk of their members, the majority of their customers have absolutely no clue that their real IP's are being exposed, much less how to fix it. It only takes one time. You log into a google account and your real IP shows, then your account is now tied to everything else of your real identity. I would bet that almost every airVPN customer has had their true IP exposed at least once without even knowing that it happened. Is that necessary? Why not fix it like the other providers that I mentioned have? Most people don't know how to do all of this stuff. The average person, the average customer that uses a VPN does not know about any of this.
     
  10. JohnMatrix

    JohnMatrix Registered Member

    Joined:
    Apr 12, 2012
    Posts:
    48
    Location:
    Behind you
    I run OpenVPN from a bash script. After openvpn exits the bash script automatically puts the network interface down. Here is the script if you want it:

    https://www.file1.info/vo3UR2N

    But I have to agree with you, OpenVPN seems to disconnect or reconnect for no reason at times.
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    caspian,

    I am sorry that you have experienced the disappointments you mentioned in this thread. I remember using another VPN (but it could have been Air at that stage of my networking experience level) and when the tunnel dropped there was my RAW IP sitting there in plain site and now it was recorded on that site's server "forever". Just a crappy feeling and now how was I going to react? I am mostly concerned about privacy and not really doing much that would draw "heat". My decision was to abandon that "nic" at the site and start a new one never to return to the old username. It was frustrating because I had established myself well on that site.

    There are a few good threads over on the Air forum to guide you along. I understand the "one click client" request. I had used that in the past elsewhere. Really though the other "loose ends" were still in play and by learning to manually shut holes I gained a great deal of understanding. I elect to lock my system down to Air DNS only and it keeps me blending in with the others on those servers.

    I have learned to construct "rules" so that in open wifi areas my machine completely ignores contact from any malicious intruder attempts and only processes pings from the actual gateway. At least I hope so because that is how I wrote them. LOL!!
     
  12. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I have never used their client, always OpenVPN GUI. Have you contacted them about this, or posted on the forum?

    If you want to try Comodo (and this is for OpenVPN GUI) just create a 'Network Zone' called AirVPN and assign it the OpenVPN TAP Adapter's MAC Address.

    Then Go into 'Rulesets' and create an 'AirVPN' rule. In that rule:

    IP>Allow Out>From Network Zone - AirVPN>To Any>Any
    IP>Allow In>From Any>To Network Zone - AirVPN>Any
    IP>Block In/Out>Any>Any

    In that order.

    Then, for every application that you want to deny access when the VPN drops, make an 'Application Rule' for it, and assign the AirVPN rule.

    (This is all from memory, FYI)

    That serves me. There *are* other ways to block the entire computer from accessing the internet if it drops, but I only care about browsers, email, torrents, etc...

    To test, kill the VPN and see if your browser still connects.

    Like Palancar, I rarely see a disconnect...but with OpenVPN GUI, I'm always checking the two green screens in the sys tray :)

    PD
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Comodo rules.png



    Here is a screenshot of what the rules would look like if you followed the thread over at Air. These are the global rules and you would simply adjust the network zones to match. Very easy connect the dots approach.
     
  14. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What do I do with this script? Although I know more than the average user, I have no idea what to do with this script. Does it work on Windows 7?

    Maybe OpenVPN has this problem of disconnecting and reconnecting. But when I used Xerobank, Cryptohippie, and now Riseup and Autistici, connecting and reconnecting is not even possible. When openVPN is interrupted, there is no internet connection anywhere on my computer, period. Nothing can update and Windows Update cannot check for updates. It's dead. And you have to manually disconnect and wait for it to disconnect before you can have an internet connection again. Is this some kind of magical power that only a select few have?

    So my point is, if Xerobank, Cryptohippie, Riseup, Autistici, and maybe others can do this with their VPN, then why can't airVPN, Boleh and others do the same? The only thing that I can figure is either they don't know how, or they are not serious enough about privacy to make this improvement. And if they are not willing to learn how to do this, then I think they should warn all users up front, IN BIG BOLD LETTERS, that their service will almost certainly disconnect and allow your true IP through, that it may happen many times, and you may not even know it.
     
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I have considered doing this, but I don't know. I have established myself in a few places too. And it would be such a hassle. I don't know how much google ties all IP address together, if it's done automatically, and who that would be shared with. The CEO of google said just the other night that they delete info after a period of time. I am very seious about keeping identities separate but I'm not suere if I want to have to go through all of that. I'll have to think about it. But thanks for your input and understanding.

    Are these threads buried in their forum or are they pretty easy to find? I guess I need to take a look.

    Did you learn this from the airVPN forum? Is this very complicated? Thanks for sharing that.
     
  16. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248
    how to stop the outgoing connection if the vpn is disconnected or drop?
    especially if i doesnt use comodo firewall.

    Any other means?
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I tried to post a thread about it on their forum but they didn't approve it. I did mention that some other VPNs automatically take care of this problem and I wanted to know why they didn't. So I can understand why they didn't approve it as a new thread. But I would have hoped that it might inspire them to create a fix. Maybe this really is something that they just don't have the expertise to figure out. I would hate to think that they just don't really care.

    I did download the airVPN files to put in OpenVPN config to see if that made a difference. I did a test. I turned of the wireless on my laptop and airVPN disconnected. When I turned it back on, it remained disconnected for a short period and then reconnected automatically. So for a moment, I was connected to the internet with my bare connection. I did the same experiment with Riseup and of course all internet connectivity was blocked and inaccessible until I manually disconnected Riseup.

    Thanks for the tip. I will most likely give this a try. Most people seem to recommend Comodo firewall. However, it was Comodo Internet Security that made it start disconnecting so much. It had done this a few times previously, but when I installed their internet security, it started happening a lot. And I did tell it to trust airVPN.

    But anyway, maybe my best bet is to just use my free AVG antivirus and download Comodo firewall and learn to set the rules properly. Again, thanks for your input. Mirmirs suggestion of using a VM of course is the best, but I do a lot of downoading and uploading. So this would work for me.
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thaks for that. I saved the image to refer to!
     
  19. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Maybe you can also use Windows built-in Firewall. I am really busy for the next few days, but I will post whatever I can find.
     
  20. Less

    Less Registered Member

    Joined:
    Dec 24, 2008
    Posts:
    248

    Sir, too lazy to set rules ... Hahaha..

    Maybe will try VpnetMon or VpnCheck... it does'nt block the connection, it shut down the applications.

    for Bolehvpn Client, i assume that it doesn't block, i might be wrong

    http://bolehvpn.net/blocking-non-vpn-traffic.php
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I wish I knew why the Air client doesn't have the feature you guys are looking for. Frankly, its a very trivial adjustment of the routing table. Even if the client offered that feature I would still stay with the rules because it covers much more than a severed connection.
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for the Boleh link. So with this method, you have to make a rule for every application that you want to block when the VPN fails? How about all internet connectivity?
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    So this isn't some secret formula available only to a few? That is what I suspected. And I am certainly baffled as to why air and Boleh don't offer this. I wonder why? It seems really odd. I mean really. I am thinking about not using them anymore.....not just because of this problem. But for their deliberate decision to *not* offer this simple fix by default.

    I am definitely interested in learning how to set rules, as you mentioned.
     
  24. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    I guess it depends upon if a user wants to learn WHY and HOW the global rules work. Your other option is to simply cookie cutter (connect the dots) them and they work. That attachment I placed above is a model I created for this thread. It shows in order what they would look like if you simply connect the dots from the thread over there.

    One thing that baffles me; and this thread and in fact this site is not the only place I see this: mentions of frequent disconnects from any of the VPN providers. I must just be lucky because I am sure not smart. Seriously, my connection virtually never drops - ever! I have used a number of VPN providers and my connections are solid day after day.
     
  25. merisi

    merisi Registered Member

    Joined:
    Dec 17, 2012
    Posts:
    316
    I'm using AirVPN and I'm quite concerned to read about this. I've noticed only a couple of times my connection having a will of its own. How many more times has this happened?

    AirVPN also has a large number of servers in America and I really wonder with all the scrutiny now being placed upon privacy orientated companies whether Air are will protect their customers as they claim. This of course could be applied to other VPNs as well.
     
Loading...
Thread Status:
Not open for further replies.