My VPN Testing Site is Finally Up

Discussion in 'privacy technology' started by mirimir, Jun 16, 2016.

  1. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,094
    Mirimar have you performed any testing on windows 10?
     
  2. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    I have been testing Windscribe for a few weeks on their 10GB/month free plan. Performance is good, plus it includes a Firewall (kill switch). Their unlimited normal rate appears to be $9/month, but I just received a 66% discount offer (good until the end of the month) to upgrade for $29.99/year. So far I don't see any negatives to this Canadian VPN service.

    This is what their FAQ claims about IPv6 and DNS leak protection: https://windscribe.com/faq
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    Nope, just Windows 7.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    I used "VyprDNS" with "DNS Leak Protection". Also, "Kill Switch" active. This was with version 2.8.0.6614 of their Windows app.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    I've never looked into it.
     
  6. jaypeecee

    jaypeecee Registered Member

    Joined:
    Aug 21, 2007
    Posts:
    79
    Location:
    UK
    Hi mirimir,

    Thanks for the feedback, which is very helpful.

    JPC
     
  7. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    I upgraded to the paid version of Windscribe, and so far so good. With access to the additional locations, I am able to connect to several locations much closer to home now. The ping times and network speed tests are all very good with my high speed broadband connection.

    The only nagging thing I have noticed is that various DNS lookups sometimes lag during web page loads. I also noticed this with several other VPN's I trialed. Is this a common issue with VPN, or something worth reporting to support?

    If I drop the VPN connection and use Google DNS, all pages load very quickly.
     
  8. buckZor

    buckZor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    15
    Location:
    Peoples Republic of Oregon
    Are you using DNS Servers provided by Windscribe when connected to the VPN tunnel?
     
  9. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Yes, so far I don't see any other option ...
     
  10. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
  11. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    @imdb thanks for the link! Interesting read, but I don't see any options like that in my VPN preferences. I'm sure that the providers must differ in what settings they expose to the user.

    My best option is probably to email support and see if there is anything to change.
     
  12. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
    @Tinstaafl
    it's nothing to do with your vpn client.righ click your lan connection, click properties, under networking tab click "tcp/ipv4", click properties,click "advanced" and untick "automatic metric" and then manually assign a value for "interface metric" as stated in that link.
     
  13. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    Ahhh, thanks, that is the clue I needed. I assumed he was referencing the VPN client. :thumb:

    That option is something I have obviously overlooked, having spent many years since dial-up internet days configuring network adapters and TCP/IP. Seems that there are a few options that you don't typically mess with, or question, to set up a working network config. I will have to look further into what that does ...

    But good news! That seems to have done the trick. The DNS latency now seems to have dropped to what I would consider normal for my direct ISP connection! :D
     
  14. imdb

    imdb Registered Member

    Joined:
    Nov 2, 2011
    Posts:
    883
  15. Tinstaafl

    Tinstaafl Registered Member

    Joined:
    Jul 30, 2015
    Posts:
    524
    Location:
    USA
    All good now. Really liking Windscribe here. The "Firewall" feature, included in the free and paid versions, works well. You can set it to automatic, so network connections are blocked if the VPN connection is interrupted. Also there is the option to allow LAN traffic, or not, when the firewall is on. Plus they offer 10GB/month in their free plan, same service as Pro, but with a limited number of servers to choose from. :thumb:

    Another VPN I tested with their 3-day trial was NordVPN, but their "Kill Switch" really left me scratching my head. It just lets you create a list of apps that you want it to kill if the VPN drops. Not really a network firewall at all. Seems popular though, and the reviews are generally favorable. Not for me, though ...
     
  16. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    So hey, could someone who uses the AirVPN client check Network Lock options for me?
     
  17. VecchioScarpone

    VecchioScarpone Registered Member

    Joined:
    Aug 29, 2015
    Posts:
    332
    Location:
    Down Under the Southern Cross
    Capture.PNG

    Running W10 x64.

    Thanks

    Edit:
    Did work out where the "interface metric" is, it is already in Manual as above. Is that number that need to be changed and to what number please anyone?
     
    Last edited: Aug 26, 2017
  18. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    What about eddie's lock do you need checked?
     
  19. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    Hey, thanks :)

    Is there an option to allow pings when the VPN connection is down?

    And if there is, what's the default setting? To allow, or block?

    Also, can one specify what hosts to allow pings to?

    I'm mostly interested in the OS X version, but also for the Windows one.

    I'm asking because getting to the VMs that I used for testing is a bit of a hassle.
     
  20. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    I am sorry, but I don't have the ability to run OSX. However, I believe eddie to be the same regardless of platform. The screenshot was taken in Windows.

    sshot-1.png
     
  21. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    Thanks :)

    So is "Allow ping" checked by default in a fresh install?

    I'm guessing that the "Addresses allowed" box isn't restricted to pings.

    So I'm wondering whether "Allow ping" applies only to the VPN tunnel.

    I can't imagine why you'd want to allow pings to bypass the VPN tunnel.
     
  22. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    Yes it is

    I would assume that as well.

    I believe that it does, or else why would the option be listed under "network lock."

    The only thing I can thing of is that AirVPN is pinging their own server in order to give accurate latency, so users can select the best/fastest server for themselves.
     
  23. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    My question was ambiguous. What I meant: So I'm wondering whether "Allow ping" allows pings to bypass the VPN tunnel.

    And from what you say, it looks like it does.
    So damn, it looks like they do allow pings to bypass the VPN tunnel. By default. And I do get that they might want their client to periodically ping their VPN servers. As you say, so users can use the lowest latency ones.

    But still, that doesn't make sense to me, as the default setup. Maybe if they only let their client ping stuff. And better, just their VPN servers. But to allow any process to ping anything, bypassing the VPN tunnel, is dangerous. Maybe torrent clients, for example, ping peers or trackers or whatever. So adversaries could log that traffic, to use in identifying swarm members. And who knows what malicious, or merely just insecure, apps are pinging stuff routinely. And how that might deanonymize VPN users.

    Bottom line, when you enable something like "VPN firewall" or "network lock" or whatever similar feature, it ought to block all non-VPN traffic by default. Now, I'm sure that expert users of VPN clients would delve into all of the options, and configure things to their liking. But, I designed my testing protocol with naive users in mind. Or at least, naive users that don't want stuff to leak. Where one leaked packet might deanonymize them. And for their initial use, not after mastering the app. So yes, I enabled whatever leak-protection features that I could find, but I didn't dig through all of the options.

    Anyway, I need to restore that VM host and the relevant VMs, and check just exactly how I configured things.
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,876
    And by the way, I'm going to update my site soon. I'll focus on the testing procedure. I'll write it as a how-to guide, with more background about the various steps. I do cover the basic approach at https://www.ivpn.net/privacy-guides/how-to-perform-a-vpn-leak-test but still ...

    So then, the current results will be presented as examples. And I'll make it clear that I did the testing in mid 2016. And that I'm not planning on doing more tests, unless someone offers to pay me enough. Frankly, it's a horrible combination of tedious and nerve-wracking. I don't want to be wrongly accusing VPN clients of leaking, after all ;)

    And not only that. It's a pointless exercise. There are so many VPN services. And they're continually coming up with new, improved clients. Even the job of tracking client updates for 20-30 of them would be substantial. Plus the fact that most people are now using Android and iOS, and I have no clue how to test those apps anonymously. Maybe restricted to WiFi connectivity. But that wouldn't be realistic. And I'd need a room-sized Faraday cage :(

    The far better option, I believe, is to teach people how to do their own leak testing.

    However, I'm not going to explain how to get IPv6 connectivity, using a private VPN server. Only a few would actually do that, and they can handle it themselves. But of course, people who have IPv6 can test for IPv6 leaks.
     
  25. n8chavez

    n8chavez Registered Member

    Joined:
    Jul 19, 2003
    Posts:
    2,464
    Location:
    Location Unknown
    mirimir - A couple of points that need to be considered; first is that the pinging option was in the network lock page. (Read more about that here.) That doesn't necessarily have anything to do with the VPN itself, it just need that pings can be allowed should the lock be on and the VPN not connected. Also, I can't stress this enough, I never trust vpn software. I always have a backup for "network locks" and "kill switches." The can be something as simple as running a strict that will kill apps on VPN disconnect (taskkill /f /im qbittorrent.exe) or firewall based rules that prevent anything but the VPN from connecting (TAP address filtering with Comodo preferred over Windows Firewall) Is it extra work? Yuuup. But it's more secure. I'd be interesting in hearing what AirVPN has to say on the issue of pinging.
     
Loading...