How to keep from blowing your anonymity when you lose the VPN or Tor connection?

Discussion in 'privacy technology' started by gumbyy, Feb 7, 2010.

Thread Status:
Not open for further replies.
  1. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    I use various privacy services like TOR, JonDoFox, Hotspot Shield and UltraVPN. But it is very common that I lose the connection to a privacy service during a browsing session. When this happens, my browsing continues, but with no anonymity.

    I assume that, when I lose these connections, suddenly my ISP knows where I've been browsing and that's what I want to avoid.

    Is there a way to set up a firewall or something so that, if I lose the connection to the privacy service, all of my browsing info is not delivered to the ISP on a silver platter? I mean, if I lose that connection, I would like my whole internet connection to go dead, until I can reconnect to the privacy service.

    I don't know anything about firewalls, so if there is a way to configure them to prevent this problem, can someone advise me as to which (freeware) firewall to install, and how to configure it? Thanks for any advice.
     
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
  3. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    Thanks Steve. My, that seems like a lot of work to do every time I use a VPN...i wish there was a way to automate the process.

    So a firewall can't be set up to do this?
     
  4. rango

    rango Registered Member

    Joined:
    Feb 9, 2010
    Posts:
    2
    Thanks for the info. :thumb:
     
  5. ex_ployt_ed

    ex_ployt_ed Registered Member

    Joined:
    Jan 31, 2010
    Posts:
    26
    For Tor, I would think that using the Tor Browser Bundle would solve your problem. (Windows-only)
     
  6. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    For Tor I guess JanusVM or JanusPA
     
  7. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83
    For VPN, there is a simple but effective method.


    First, before using your vpn, watch at your routing table with netstat -R.

    You will see for example:
    Code:
    Destination                          Netmask                Gateway 
    0.0.0.0	     			     0.0.0.0		    192.168.1.1
    
    
    Interface             Metric.
    192.168.1.5  	      20







    When your VPN is running, the same command netstat -R let see you a second line, such as:


    Code:
    Destination                          Netmask                Gateway 
    0.0.0.0	     			     0.0.0.0		    <some VPN IP>
    
    
    Interface             Metric.
    <Other VPN IP>  	 10



    As 10 < 20, the routing table says that your traffic is routed via the vpn (your computer uses the costless route, ie the route with the lowest metric)... But if your vpn connection drops, the only remaining route is your "ISP route" (with gateway 192.168.1.1), and your computer send your data through it.

    So, what you have to do is, after your vpn being connected, to delete the first route, with (in my example):

    route delete 0.0.0.0 192.168.1.1

    So, if your vpn connection drops, your computer will no more have any access to the internet, and nothing will be leak.
     
  8. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    Lyx, that's great info, thanks. I didn't know what netstat was so I googled it and came across this interesting tidbit of info on Wikipedia:

    "In addition to the command-line netstat.exe tool that ships with Windows, there are GUI-based netstat programs available."

    I'll have to research this more as I don't like to use the command line, prefer GUI. Will your solution still work with a GUI netstat?
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Is this easier than the other approach? Because I do not understand wither of them. I will have to tinker with it a little I guess. However, when my xerobank connection is interupted, the icon turns yellow and I do not have any connection at all.
     
  10. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    260
    You could also get an SSH tunnel provider such as Cotse or Guardster, when the SSH tunnel goes down your internet browsing will be cut off as well.

    But SSH tunnels have downsides too, they need some application by application configuration.
     
  11. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    In my experience, when XeroBank connections are interrupted, the icon turns yellow, and there is no internet connection. OpenVPN tries to reconnect, but never seems to succeed, and that process seems to prevent the TAP adapter from giving up routing priority. It doesn't do that until you fully disconnect, and the icon turns red.

    If you want extra assurance that there will be no leaks, and also want to readily switch between using XeroBank or not, you can tweak Steve's approach a little. Before changing anything, save your interface settings as instructed ...

    netsh interface ip dump > c:\net.cfg

    After making the changes, save again with a different name ...

    netsh interface ip dump > c:\net_xb.cfg

    You can then switch between them ...

    netsh exec c:\net.cfg
    netsh exec c:\net_xb.cfg

    You could put those in shell scripts.
     
  12. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that buddy. But just to show you how clueless I am, I have no idea what to do with those instructions. I assume that I am suppose to type these commands in somewhere. But this is something that I have never done. I am completely unfamiliar with these types of things. I wish there was a "Special Ed" version... Or "lock down instructions for dummies"....LOL If I ever manage to figure this out I will create step by step instructions that anyone can follow.
     
  13. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Both Steve's instructions, How to Harden OpenVPN/DNS for Windows, and Lyx's employ Windows command line programs. You can open a command prompt window by selecting Start|Run and entering "cmd" at the Open prompt.

    Steve's approach assigns a static IP address, subnet mask and default gateway to the local area connection corresponding to your computer's physical NIC -- but doesn't assign any DNS server(s). As a result, you cannot access the internet using that connection, but you can access other resources on your local network. You could achieve the same result navigating through Control Panel | Network Connections | Local Area Connection N (the one with a hardware Device Name) | Properties | Internet Protocol (TCP/IP) | Properties and entering the values manually, with just 1 in the first DNS server box, but that's slower.

    Lyx's approach deletes the route for the physical NIC connection. I believe that you can add it back with the command ...

    route add 0.0.0.0 192.168.1.1

    ... but I haven't tested that. I'm learning here too.
     
  14. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    Lyx, I am trying your solution but it's not working. First of all, netstat is not presenting me with the simple choices you posted. Instead it is showing me a confusing array of network destinations, gateways and interfaces, not 1 or 2, but about 18, most of them are repeats of the same 3 or 4 addresses. I am able to identify which one is the VPN. I think I identified which one is the one I want to delete, but when I try to give the route delete command I keep getting the message "the route specified was not found."

    I notice that the C prompt Netstat gives me is C:\Documents and Settings\Administrator>

    Is that the correct prompt from which I should issue these commands?

    I also tried using the Netstat GUI called TCPView but I can't figure out how to do your solution in that program. It doesn't even show me IP addresses.

    I'm on a hotel wifi connection and I think it uses a range of different consecutive IP addresses, if that's relevant.
     
  15. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83

    Yes, Netstat -R gives many lines. First stage, you have to do netstat -R without your VPN, in order to identify your ISP's route: Focus on the line beginning with destination 0.0.0.0: These four 0 means "any ip", so this line means "any communication to any IP has to go through this route".

    Then, second stage, run your VPN, and perform an other netstat -R: If you see the route you has identified in first stage, delete it.

    It is possible that your (open)VPN is well coded enough to automatically delete your ISP route: It seems to be the case for example with Xerobank (cf Caspian's remark): To verify this point, you can edit your VPN logs and perform a search on keyword "delete". If it is the case, your ISP route no more appears when performing the second "netstat - R", you then have not to try to delete it, and when the VPN connection drops, the VPN icon becomes yellow and your computer is isolated from the internet.


    To re-add your ISP route to your routing table, you have to type the command add as Hierophant said, but in specifying the interface (the one you saw at stage 1)


    It seems correct.
     
    Last edited: Feb 13, 2010
  16. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    Lyx,

    Thanks for the followup. i think i made a mistake the first time. When I gave the route delete command, I forgot to use the 0.0.0.0

    Now i tried it again and Netstat deleted the route. Then ran Netstat -R again. The ISP IP was deleted from the position where it was on the second line, but the same gateway ISP IP that I deleted still appears further down in the list. It appears as the gateway for the network destination that is the VPN IP address.

    To make this doubly confusing, my UltraVPN is now doing weird things. When it connects, the program tells me that it has IP address 10.8.25.86 but when I go to the "what is my IP?" websites they all tell me that my IP address is 76.73.18.50.

    BOTH IP addresses show up in Netstat. The 10.8.25.86 address shows up frequently but the 76.73.18.50 address shows up only once. I have posted to the UltraVPN forum to ask why the program tells me that I have a European IP but the "What is my IP?" websites tell me I have a different IP from the US. And Netstat sees both of them.

    Unfortunately, the VPNs that I am using now, Hotspot and UltraVPN do not delete my ISP's route when they accidentally disconnect, so I need to find a solution. Still haven't tried Steve's approach but will.

    After I post this I will disconnect Ultra and see if I still have an internet connection.
     
  17. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Albeit confusing, what you report is evidence that UltraVPN is at least somewhat anonymous, and doing more than just giving you a new IP and forwarding ports. The IP address 10.8.25.86 is your computer's address in the UltraVPN virtual private network. Both 10.*.*.* and 192.*.*.* are reserved for private networks. The IP address 76.73.18.50 is the public address of the UltraVPN exit node that you're using.
     
  18. gumbyy

    gumbyy Registered Member

    Joined:
    Dec 19, 2009
    Posts:
    42
    thanks for explaining, hierophant. The thing that puzzles me is, until a week ago, Ultra wasn't behaving like this. The IP address that Ultra said I had was the same (French, I think) address that the "what is my ip?" websites indicated.

    Also, after I disconnected ultra last night, I still had an internet connection, so I guess I need to keep working on this.
     
  19. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Perhaps they've upgraded. Or o_O

    I'm most familiar with XeroBank. When it spontaneously disconnects, perhaps because of an internal glitch, or something that my ISP or the NSA did, or whatever, the tray icon turns yellow, and I lose internet connectivity. I don't regain internet connectivity until I terminate the dead connection.

    However, when I terminate the dead connection, the tray icon turns red, and I do regain internet connectivity, but with my true IP address instead of the XeroBank exit node's IP address. The same happens when I terminate a working connection. In that case, there's no perceptible interruption in connectivity, just a change in IP address.

    If I'm using some P2P app with XeroBank, it loses internet connectivity when XeroBank spontaneously disconnects, so there's no IP leak. However, in order to avoid an IP leak, I need to stop the P2P app before renewing the XeroBank connection.

    I've never used UltraVPN, and don't know how this might apply to it.
     
  20. Lyx

    Lyx Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    83
    If I well understand what your are saying, it's perfectly normal: Your vpn connection has to use your ISP connection at some moment in order you receive or send data with the internet. What's important is to delete link between 0.0.0.0 and your ISP Gateway.

    In order to verify this deletion does what it is supposed to do, you can then force disconnection of your vpn, or even terminate your openvpn.exe process, and try access to the internet. This attempt should fail.
     
  21. TheMozart

    TheMozart Former Poster

    Joined:
    Jan 6, 2010
    Posts:
    1,486
    NEWSFLASH: You blow your anonymity as soon as you login to the internet.

    If someone is doing something illegal on the interner, Tor and VPN etc will not protect you. The right people will find you and come a knocking.
     
  22. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Over any given day, I'm likely doing things that are illegal in at least ten nations. Fortunately, most of the time the nation I'm living in isn't one of them. In particular, the DSD and mutawwa are SOL, which is a very good thing. YMMV.
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Do both of these techniques work with Vista 64 bit and Windows 7?

    I went to the Control Panel and it does not say Network connections. But it does say Network Sharing. From there I chose "Manage Network Connections" and I get this:

    http://i46.tinypic.com/2agp8oi.jpg

    If I right click and choose "Properties" I get this:

    http://i50.tinypic.com/2ekrt4x.jpg

    Am I on the right track?
     
  24. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, you are. It looks like you have both wired and wireless connections. If both are active, you'll need to assign static IPs for both -- and "fake" DNS servers (1.0.0.0).

    Assuming that your machine is currently using a DHCP server, the IP addresses and DNS servers in connection properties will be assigned automatically. Before doing anything, write them down. Then click the "Use the following ..." buttons and enter the values that you just wrote down. Do that for all active physical adapters (apparently, wired and wireless) and you should be OK.

    When you want direct access, you can just click the "Obtain an IP address automatically" button. Or you can leave the static IP addresses, and enter your preferred DNS servers (e.g., 208.67.222.222 and 208.67.220.220).
     
  25. zero2008

    zero2008 Registered Member

    Joined:
    Aug 31, 2008
    Posts:
    14
    A much simpler way to do this is just use VPNetMon. This program will forcefully close any program that you set it to when it detects the VPN connection is lost.
     
Loading...
Thread Status:
Not open for further replies.