Many VPN Providers Leak Customer's IP Address via WebRTC Bug March 28, 2018 https://www.bleepingcomputer.com/ne...ers-leak-customers-ip-address-via-webrtc-bug/
Interesting. I just block WebRTC in the browser. I wasn't even aware that some VPN clients block the protocol. So these VPNs reportedly block the leak: AirVPN, Anonymizer, Avira Phantom VPN, AzireVPN, BeeVPN, Betternet, Blockless, BolehVPN, BTGuard, CactusVPN, CryptoStorm, CyberGhost, Encrypt.me, ExpressVPN, FinchVPN, flter.me VPN, FlyVPN, Freedome, HideALLIP, HideIPVPN, hideman.net, Hide.me, Hide My IP, Hotspot Shield, IBVPN, IntroVPN, IPinator, IPVanish, Ironsocket, Ivacy, IVPN, LiquidVPN, Mullvad, My Private Network, NordVPN, Opera (Browser) VPN, OverPlay, oVPN.com, ProXPN, Proxy.sh, PureVPN, Qnap NAS, RA4W VPN, SaferVPN, SecureVPN.com, SecurityKISS, Seed4.Me, ShadeYou, Steganos, StrongVPN, SumRando VPN, Surfeasy, Surfeasy Addons, SwitchVPN, Synology NAS, Tails, TigerVPN, TopVPN, Torguard, TorVPN, TunnelBear, TunnelBear Addons, Tunnelr, Unblock VPN, VPN.ac, VPNbook, VPN Gate, VPNJack, VPNSecure, VPN Unlimited, VyprVPN!, WASEL Pro, Windscribe, WorldVPN, zenvpn.net and ZoogVPN. And these VPNs reportedly leak WebRTC: ChillGlobal, Glype, hide-me.org, Hola!VPN, phx.piratebayproxy.co, Private Internet Access, ProtonVPN and psiphon3. These browser add-ons also leak: Hola!VPN Chrome Extension,IBVPN Browser Addon and Windscribe Addons. Also these proxies leak: PHP Proxy, SmartHide Proxy, SOCKS PROXY and SumRando Web Proxy. So do HTTP PROXY navigation in browser that support Web RTC, and notably TOR [sic] as PROXY on browsers with Web RTC enabled. Interesting. But most of these are reported by users, and perhaps questionable.
Actually Boleh is marked as vulnerable. I agree to reliability of user report, but anyone cat test it by him/herself and ofc we who're aware can block WebRTC leak, along with other risks. But I think if a provider haven't took effort to default-block it, it's a kind of negligence.
Did you once report that airvpn leaks true IP when it changes locations? Because it changes locations on it;s sometimes.
That was an old version of Eddie. I'm pretty sure that the latest version is OK. But even so, it's best to have your own firewall rules to block leaks. I don't remember enough Windows to say exactly how. Maybe someone else can post instructions?
I just ran a quick test using different setups. The browser was Chromium with no Webrtc blocking extension but it does have uBlock Origin and Scriptblock. I used Browserleaks.com with javascript allowed. VPN in a router running Shibby Tomato firmware: No leaks at all. The safest way to use a VPN by far. I had to add firewall rules that force DNS traffic to a specific server to achieve this. When I set up a VPN in Shibby, it didn't leak with just one client but when I went to two with a custom script to put each VPN on a different subnet, one VPN would sometimes use the other's DNS and sometimes not be able to connect to a DNS server at all and I fixed that by adding iptables rules that forced each VPN subnet to use a specific DNS server. Generic OpenVPN client: No Webrtc leaks but it leaks the router VPN's DNS server IP. It was my own iptables rule that caused this. I checked with another VPN in another router where I didn't have a rule forcing all DNS traffic to one server and it didn't leak. The result is interesting. A router firewall rule that prevents DNS leaks from a VPN inside the router will leak the router's DNS IP from a OpenVPN client layered on top of it. It would need firewall rule in the client computer to prevent that. Windscribe browser addon: Webrtc leak always regardless of whether I'm using the router VPN or layering an OpenVPN client on top of it. It will leak the OpenVPN clients IP, not the router's VPN IP if I'm running OpenVPN on top of the router's VPN. Oddly enough, it doesn't leak the router's DNS server's IP.
With VPNs in a router, WebRTC leaks are impossible, because the machine can not see the ISP-assigned IP address.
