how do I setup my VPN so that it's the only I can connect to the internet?

Discussion in 'privacy technology' started by scrty001, Jan 29, 2009.

Thread Status:
Not open for further replies.
  1. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    I would like to make sure that if my VPN connection ever drops that I'm completely disconnected from the internet so that I don't expose my real IP.

    I'm not advanced with this, so any simple method to do this that I can setup would be great. Any place I find a tutorial to do this step by step would be helpful.



    Thanks!
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  3. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    But you should be able to do this with a software firewall right?

    configure your software firewall so it only allows your vpn client to connect to 1 ip address which is your proxy server. all other outgoing connection attempts on your pc are blocked.
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    For windows, in theory yes, in practice no. Software firewalls work by hooking into your network stack, and adapters are at a lower level of your network than your software firewall, so it may not be able to catch it.
     
  5. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    so you saying that stuff can still slip thru? even with software firewalls with good "Leak Test" results?

    http://www.matousec.com/projects/firewall-challenge/results.php

    say for example with using online armor and comodo stuff can still get thru using a lower level?
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yup. That's how rootkits work. They can hook at kernel-level, and be completely shadowed because it tells the operating system that it is invisible when it does things. However, software firewalls could work for something like interface leaks, but software firewalls for windows don't seems to be designed for per-adapter settings and hookings. They seem to be designed for computers that have 1 connection to the internet. I wouldn't depend on them, but one thing you can probably depend on (without using hardware blocking) is routing. I'll have a guide ready shortly.
     
  7. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    Interesting I have heard before that these leak tests with software firewalls are just the tip of the iceburg.

    SteveTX with using HIPS software like for example malware defender or eqsecure, they block the installation of rootkits at the kernel-level. so what I am saying is if there isn't any rootkit programs then there wouldn't be any thing at the kernel-level making any outgoing connections, would this be true??

    Or is there already built in windows software which is part of windows itself at the kernel-level making outgoing connections? if so would disabling all non essential services resolve this?

    and I look foward to see this routing guide.
     
  8. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Steve, Isn't this a bigger worry with PPTP than OpenVPN? Please correct me if I am wrong, but with OpenVPN, I always have thought a "dropped connection" would result in loss of service through the VPN provider, but not actually divulge your IP to the web site you were on because you haven't used your own ISP to make a connection with that site. Is that wrong? I'm not wording this right, but maybe you know what I am trying to ask?
     
  9. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Yes, the PPTP connection, if stuttered or dropped (or operating normally) could easily have packets travel out the wrong connection and result in IP disclosure.

    This solution I am presenting will work with OpenVPN, and may work with PPTP.
     
  10. traxx75

    traxx75 Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    106
    @Gerard Morentzy

    That would hold true if the applications you are running don't attempt to re-establish connections after they have been dropped. This may be something configurable (eg. IRC/IM clients, SSH clients, etc) or it might be as simple as the page you're browsing having an auto-refresh scripted into it.

    Chances are, after your VPN drops, _something_ on your PC is going to try and establish a connection unless you take steps to make sure this can't be done.
     
  11. JB007

    JB007 Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    18
    Heck I have only just started looking at this privacy stuff and it seems the more I read, the more complex it gets. I thought that using such a thing like Xerobank VPN would offer an encrypted anonymouse net connection, then I hear about kernals, rootkits, drops...:doubt: Steve do you have an email address I can contact you on, I have a few thing bugging me that I would like to run past you without clogging the board up?
     
  12. yashau

    yashau Registered Member

    Joined:
    Oct 13, 2008
    Posts:
    151
    Try something like WideCap.
     
  13. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139
    actually if the proxy server that you connect thru by vpn ever goes down, then it wouldn't be possible to prevent your real ip from going out on the internet. because you would have to go on the internet with your real IP to obtain a new proxy server.

    Tell me scrty001 how would you sign up to a vpn proxy service in the first place without exposing your real ip?

    also to, getting back to the situtation where you can't rely on software firewalls to prevent outgoing connection leaks, that its better to have a hardware firewall etc. Well don,t most Routers come with basic packet filtering firewalls?? all you would have to do is set your Router firewall to only allow conections to your vpn proxy server IP address. all other connections are blocked. This should be an effective way to prevent your real ip being
    exposed?
     
  14. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
  15. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82
    I don't use anything, the services I've tried won't let you sign up if you're behind a proxy. Xerobank has a good system in place where they can't match the payment info to the subscriber or something like that. There's details on this board about how it works I believe.

    Anyway, it doesn't make any difference to me if Xerobank or a VPN service knows my real ip. I just don't want my ISP or anybody nosy to be able to see every single thing I do online 24/7. I just prefer privacy that's all.
     
  16. scrty001

    scrty001 Registered Member

    Joined:
    Aug 15, 2008
    Posts:
    82

    I think this should work, thanks!
     
  17. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm baffled. How does WideCap provide a solution to the OP's original question? He answered, "I think this should work," but looking over the software from the WideCap site I am lost as to how it provides a solution to dropped connections and the prevention of leaking IP info if it is dropped. Am I missing something staring at me right in the face? Probably! But what is it?
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    What would happen if you were inside of XB Machine and your VPN connection was disabled and your computer was connecting straight through your ISP all of a sudden? Would XB Machine still be connected to the internet? Or does it *only* connect while the VPN is intact?

    And I assume that if I am using XB's Cryptorouter and my VPN is somehow disabled, the Cryptorouter will instantly block my connection...at least in the absence of some type of mechanical malfunction, that is. Correct?
     
  19. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    1. XB Machine can't talk to any network that isn't encrypted/anonymous. Everything is automatically routed correctly from inside the VM.

    2. Cryptorouter is fail-secure. Everything going into it comes out encrypted and anonymized. If the connect fails, no data is transmitted.
     
  20. arran

    arran Registered Member

    Joined:
    Feb 5, 2008
    Posts:
    1,139

    I think what widecap does is make sure all your applications connect thru your vpn network, so if your vpn goes down widecap would prevent your applications from bypassing the vpn network hence preventing exposing your real ip.

    However I fail to see the advantage of it when a software firewall can do the same thing?

    But Its actually more secure if you just simply configure the firewall on your Router to only allow connections to XeroBanks IP addresses
     
  21. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    WideCap does not make sure anything goes through anything. That is complete hogwash. Widecap is a system-wide internal socks proxy. It allows all your traffic to travel out via SOCKS, it does not prevent anything from leaking. it duplicates your traffic in another language.
     
  22. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    That is excellent! Could it possibly get any better than that?
     
  23. JB007

    JB007 Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    18
    Hi me again :rolleyes:

    So Steve, cryptorouter is different than a VPN I assume? And for me to sign up to Xerobanks service, would I get software to run these things? Also you mention a VM and XB Machine, is that just the Xerobank system?

    Thanks again for your time.

    And Caspian, thanks for your input, so many good questions, points, you raise :)

    And why dosent the PM function work in this forum?
     
    Last edited: Jan 30, 2009
  24. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    xB Machine will run on tor, xerobank, theoretically any openvpn, any ssh. For free, use with anything. Cryptorouter will be available soon. Plug it in, input your xerobank account number, and it is golden. plaintext in, crypto out, nothing gets through.
     
  25. JB007

    JB007 Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    18
    Steve, I just managed to send you a PM on here. Is there any cost mentioned for the crypro?
     
Loading...
Thread Status:
Not open for further replies.