IVPN questions.

Discussion in 'privacy technology' started by Roberteyewhy, Jun 1, 2017.

  1. zmechys

    zmechys Registered Member

    Joined:
    Dec 29, 2012
    Posts:
    551
    Location:
    usa

    Sorry, I did not see your DB-IP results.

    My posting about the DB-IP web-site is due to the fact that while I'm using VPN from central Europa with an American(!) IP address, my free email services are telling me that I'm logging in into my email accounts from Europa. That's it.
     
  2. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    236
    Location:
    Far East
    Thanks. I'll trial run it
     
  3. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    I would ask IVPN support. This sort of thing has been sure asked of them in the past. It's one of those quirks that you could spend a lot of time trying to find out the cause and their support could have explained it in a single sentence.
     
  4. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    @Lockdown Big thanks! that's also interesting and "curious" (to me) because when I use ivpn Dallas, and go to same iplocation.net I definitely get TX, and a UT, and a CA. (& overall most often UT). But I'm in learning_mode with vpn, and have tried enough to know that I like ivpn best. I'll see if I can duplicate what you did with domain names later today, no time right now.
     
  5. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    I agree ivpn works great. depending on how busy I am, I like to better understand the little quirks sometimes they are / can be very interesting. Totally appreciate your comments and all of mirimir's work with vpn, I've been following mostly silent for years.
     
  6. Lockdown

    Lockdown Registered Member

    Joined:
    Oct 28, 2016
    Posts:
    772
    Location:
    AppGuard LLC, Virginia, U.S.
    It's softs. Quirks and bugs cost 1 cent per ton because there is an over-supply on the market. It just is what it is.
     
  7. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    ...and happy to report that spiceworks reports ivpn Dallas being in Dallas (not Utah) :D
     
  8. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,526
    I use OpenVPN, not the iVPN client, since the client doesn't work on XP anymore.

    As for all that other stuff, I can do it with my outbound FW, amongst other means. If my VPN connection drops so does my internet connection. And it's a good idea to use the DNS servers of the last hop you connect to in your adapter. I put them in my router as well for good measure.
     
  9. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    236
    Location:
    Far East
    FYI, I sent an email asking whether their DNS servers support DNSCrypt + DNSSEC after your post and till now (Friday in my country) I'm not receiving any reply from IVPN.

    Do they only entertain customers and avoiding potential customers? How to subscribe to their service if no reply from them even before becoming a customer?

    I read and saw somewhere on the net that their DNS servers are actually Google servers. If that's the case then DNSCrypt won't be supported for Google DNS servers support DNSSEC only. And if that's true then our DNS queries would not be encrypted, right?
     
  10. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    I've had a few real-time chats with ivpn tech support launched from ivpn web page.
     
  11. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    870
    one can easily think that ivpn's tech support consists of one guy but even if it were so (which isn't btw) he does his job well and tries his best to help resolve issues.
     
  12. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    236
    Location:
    Far East
    That I'm not sure. I just emailed ZorroVPN and got prompt reply within minutes. We corresponded and I'm prepared to trial their service.
     
  13. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    I'd swear I was chatting with ivpn female tech about a week ago, 20 something. knowledgeable and friendly ;)
     
  14. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    Using IVPN I was hacked into on encrypted secure VPN channel

    @mirimir
    Well I decided to sign up and had one heck of bad experinece. I installed their client. I run a very secure box no malware, keylogger, trojan etc.

    First off multi-hop tab was grayed out. There support center is horrible giving scripted answers to problems without addressing the issue
    Their instructions for help on multihop led me to their help page
    https://www.ivpn.net/knowledgebase/...twork-with-any-OpenVPN-compatible-client.html

    How can I connect to the multihop network? - IVPN Help
    How can I connect to the multihop network? ... then you would append @ch to your username
    WRONG! I tried that and keep getting an error msg that I need to use ivpn first which didn't make sense. So their help files are out dated

    Support said that once logged in to client I can then change the city location which is completed opposite of their help files
    We would be glad to help out! You would not use the "@" method with the official software client.

    You cannot switch locations when an active connection is in progress. You must disconnect first then utilize the switch server or multihop connection, once you have selected your new settings you can click connect again.

    It still doesn not answer the grayed out tab for multi hop


    2.My supposedly secure VPN encrypted tunnel was hacked!! Thier 'Kill Switch' for leaked ip's did not work! I was switched to another server without IVPN disconnecting me. I was watching this through wireshark. from their ip to 69.12.80.146:80 and 209.58.130.196. You can notice the switch on their IVPN log file I attached. I ran PrivaZer and noticed that I had hundreds of websites that I was being attached to. I figured it was click bait bot or some sort.

    Their canned answer was that it wasn't them, I had malware or keylogger on my machine. Blame the customer! No I don't have malware. I run a very secure box. There was nothing in FRST or ADDition TXT,
    no detection from any anti-malware, emsisoft, malwarebytes, eset, hitman, tdsskiller, adware cleaner, Gmer, Avira etc & so forth. My logs were clean!


    Aug 11 01:18:46 .: >LOG:1502428726,,TLS: Initial packet from [AF_INET]69.12.80.146:80, sid=4fbe26e6 0d8f08e0
    Aug 11 01:18:46 .: >PASSWORD:Need 'Auth' username/password
    Aug 11 01:18:47 .: >LOG:1502428726,D,MANAGEMENT: CMD 'username "Auth" ivpnVXQ9UWBx'
    Aug 11 01:18:47 .: SUCCESS: 'Auth' username entered, but not yet verified
    Aug 11 01:18:47 .: >LOG:1502428726,D,MANAGEMENT: CMD 'password [...]'
    Aug 11 01:18:47 .: SUCCESS: 'Auth' password entered, but not yet verified
    Aug 11 01:18:47 .: >LOG:1502428727,,VERIFY OK: depth=1, C=MT, ST=Malta, L=Malta, O=IVPN.net, CN=IVPN.net CA, emailAddress=support@ivpn.net
    Aug 11 01:18:47 .: >LOG:1502428727,,VERIFY OK: nsCertType=SERVER
    Aug 11 01:18:47 .: >LOG:1502428727,,VERIFY OK: depth=0, CN=us-ca2.gw.ivpn.net
    Aug 11 01:18:47 .: >LOG:1502428727,,Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Aug 11 01:18:47 .: >LOG:1502428727,,Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 11 01:18:47 .: >LOG:1502428727,,Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
    Aug 11 01:18:47 .: >LOG:1502428727,,Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
    Aug 11 01:18:47 .: >LOG:1502428727,,Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
    Aug 11 01:18:47 .: >LOG:1502428727,I,[us-ca2.gw.ivpn.net] Peer Connection Initiated with [AF_INET]69.12.80.146:80
    Aug 11 01:18:48 .: >LOG:1502428728,,MANAGEMENT: >STATE:1502428728,GET_CONFIG,,,
    Aug 11 01:18:48 .: >STATE:1502428728,GET_CONFIG,,,
    Aug 11 01:18:49 .: >LOG:1502428729,,SENT CONTROL [us-ca2.gw.ivpn.net]: 'PUSH_REQUEST' (status=1)
    Aug 11 01:18:49 .: >LOG:1502428729,,PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,explicit-exit-notify 3,route-gateway 10.24.20.1,topology subnet,ping 10,ping-restart 60,dhcp-option DNS 10.24.16.1,ifconfig 10.24.20.5 255.255.252.0,peer-id 0'
    Aug 11 01:18:49 .: >LOG:1502428729,W,Option 'explicit-exit-notify' in [PUSH-OPTIONS]:2 is ignored by previous <connection> blocks

    Aug 11 01:18:49 .: >LOG:1502428729,,OPTIONS IMPORT: timers and/or timeouts modified
    Aug 11 01:18:49 .: >LOG:1502428729,,OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp

    STATE:1502428729,ASSIGN_IP,,10.24.20.5,
    Aug 11 01:18:49 .: >STATE:1502428729,ASSIGN_IP,,10.24.20.5,
    Aug 11 01:18:49 .: >LOG:1502428729,I,open_tun, tt->ipv6=0
    Aug 11 01:18:49 .: >LOG:1502428729,I,TAP-WIN32 device [Local Area Connection 3] opened: \\.\Global\{468EC331-9BA6-4A4F-AC87-706FEDEC84F6}.tap
    Aug 11 01:18:49 .: TUN/TAP interface name: Local Area Connection 3
    Aug 11 01:18:49 .: >LOG:1502428729,,TAP-Windows Driver Version 9.22
    Aug 11 01:18:49 .: >LOG:1502428729,,TAP-Windows MTU=1500
    Aug 11 01:18:49 .: >LOG:1502428729,I,Set TAP-Windows TUN subnet mode network/local/netmask = 10.24.20.0/10.24.20.5/255.255.252.0 [SUCCEEDED]
    Aug 11 01:18:49 .: >LOG:1502428729,I,Successful ARP Flush on interface [22] {468EC331-9BA6-4A4F-AC87-706FEDEC84F6}
    Aug 11 01:18:49 WindowsSecurityPolicy.WaitForRoutingChange: waiting for NotifyRouteChange notification
    Aug 11 01:18:49 WindowsSecurityPolicy.WaitForRoutingChange: waiting for NotifyRouteChange notification
    Aug 11 01:18:50 WindowsSecurityPolicy.WaitForRoutingChange: waiting for NotifyRouteChange notification

    Aug 11 01:18:55 .: >LOG:1502428735,,TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
    Aug 11 01:18:55 .: >LOG:1502428735,,C:\Windows\system32\route.exe ADD 69.12.80.146 MASK 255.255.255.255 192.168.11.1

    Fri Aug 11 00:58:25 2017 us=541669 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1560,tun-mtu 1500,proto TCPv4_SERVER,comp-lzo,keydir 0,cipher AES-256-CBC,auth SHA1,keysize 256,tls-auth,key-method 2,tls-server'
    Fri Aug 11 00:58:25 2017 us=541669 Local Options hash (VER=V4): '2f2c6498'
    Fri Aug 11 00:58:25 2017 us=541669 Expected Remote Options hash (VER=V4): '9915e4a2'
    Fri Aug 11 00:58:25 2017 us=541669 Attempting to establish TCP connection with [AF_INET]209.58.130.196:80 [nonblock]
    Fri Aug 11 00:58:25 2017 us=541669 MANAGEMENT: >STATE:1502427505,TCP_CONNECT,,,
    Fri Aug 11 00:58:26 2017 us=547726 TCP connection established with [AF_INET]209.58.130.196:80
    Fri Aug 11 00:58:26 2017 us=547726 TCPv4_CLIENT link local: [undef]
    Fri Aug 11 00:58:26 2017 us=547726 TCPv4_CLIENT link remote: [AF_INET]209.58.130.196:80
    Fri Aug 11 00:58:26 2017 us=547726 MANAGEMENT: >STATE:1502427506,WAIT,,,
    Fri Aug 11 00:58:26 2017 us=581728 MANAGEMENT: >STATE:1502427506,AUTH,,,
    Fri Aug 11 00:58:26 2017 us=581728 TLS: Initial packet from [AF_INET]209.58.130.196:80, sid=f1257793 9b8d994f


    Noticed that 69.12.80.146:80 and 209.58.130.196 How did they get my password as ivpn client app changed to their servers. Did they get it from ivpn support? I was running wireshark in the background and have not gone through the packet information

    Aug 11 01:18:47 .: SUCCESS: 'Auth' username entered, but not yet verified
    Aug 11 01:18:47 .: >LOG:1502428726,D,MANAGEMENT: CMD 'password [...]'
    Aug 11 01:18:47 .: SUCCESS: 'Auth' password entered, but not yet verified
    Aug 11 01:18:47 .: >LOG:1502428727,,VERIFY OK: depth=1, C=MT, ST=Malta, L=Malta, O=IVPN.net, CN=IVPN.net CA, emailAddress=support@ivpn.net

    I also notice that downloading their app, its out of date including openVPN.

    The question how did they hacked on a secure encrypted VPN tunnel? ShadowBroker toolkit, "DPI" etc
     

    Attached Files:

    Last edited: Aug 12, 2017 at 7:47 PM
  15. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    I'm no expert, just a user, but my experience is the opposite. I downloaded ivpn client on my win7_64, works great, no leaks, fast, and seems very secure. Been using ivpn for about 3 weeks. Just works, multihop too. I've tried at least 6 vpn over the past several months, and I've found ivpn to be most to my liking in terms of security and speed.
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,617
    @Justintime123 - I have no clue. I'll ask my friend at IVPN to check this out.

    Also, I've checked all IVPN server locations using ping.pe and asm.ca.com ping slaves. They're all where they claim. All PIA servers seem honest as well. I'm working with https://restoreprivacy.com/vpn-server-locations/ so expect more results there.
     
  17. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    The only other avenue would be like a Vault7 exploit on the router itself
     
  18. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,617
    OK, I get this from Sam at IVPN support:

    The IVPN client only greys out the multihop tab if the client is already connected to a VPN server. After you disconnect, you should be able to select the multihop tab. If this is not the case, then it's a bug which we are not aware of. Please report it to us with a screenshot.

    The instructions to append @ch to your username only apply when you’re not using the IVPN client software. We’ve updated the relevant knowledgebase article to make that more clear.

    There's no way to get a customer's password from IVPN. Password hashes for authentication are stored on an authentication server, not on any of the VPN servers. If a customer updates their password through the client area on the website, then it will be immediately valid for all future connection attempts on all servers.

    Perhaps confusion arises because the IVPN client may connect to different servers each time. Let's say that us-ca.gw.ivpn.net is selected. That actually points to three servers (us-ca1.gw.ivpn.net, us-ca2.gw.ivpn.net and us-ca3.gw.ivpn.net) for load balancing. You get the least-loaded server. Each time the IVPN client connects to that location, it could switch to a different server. Other than an explicit disconnect/connect action, the client will also reconnect if the device sleeps and the tunnel times out, or if the underlying network state changes (e.g. switching wifi networks). Whilst the client reconnects there is no leak or security threat, as long as the firewall is enabled.
     
  19. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    thanks for reminding us about the tools. I had been curious about ivpn Dallas location as many report it as UT, and ping test CLEARLY shows the server is in Dallas as stated. :D Also spiceworks also gave the correct answer as Dallas.
     
  20. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    Thanks Mirimar

    I located source and how I was breached. It was by TLA
     
  21. simmersK00L

    simmersK00L Registered Member

    Joined:
    Mar 20, 2013
    Posts:
    286
    Location:
    USA
    I'd appreciate brief explanation of "TLA" unfamiliar to me. thanks.
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,617
    Ummm, "three letter agency"? But that seems a bit unlikely for some random dude ;)
     
  23. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,314
    Location:
    Oz
    I liked Mullvad. But it kept disconnecting on me.
     
  24. Justintime123

    Justintime123 Registered Member

    Joined:
    Jun 15, 2013
    Posts:
    99
    Who says I'm random :(? silent bootstrp loading install from pepper-flash with wmv playback file from a certain 'private' ip. Still don't know why IVPN firewall 'Kill Switch' didn't shut VPN connection down when IP was leaked.

    I found out the answer to my question from the staff at IVPN who personally explain it to me. It was most likely in the router as I have not updated the firmware disclosed by the recent exploits on routers and switches.
     
    Last edited: Aug 14, 2017 at 7:48 PM
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,617
    @Justintime123 - I still don't understand that. But if you're happy, I'm happy :)

    IVPN have been a small operation, but they're expanding quickly, and hiring staff. So the principals are rather maxed out. They do support internally, rather than farming it out to call centers. It used to be consistently great. But I get that there have been occasional glitches. I'm sure that it'll get straightened out soon.
     
Loading...