I receive a WiFi signal but don't have access or control over the connection and router and I've got the paid for subscription of a good VPN provider. I understand that although VPN's can be effective at masking your real IP address, especially ones with built in "kill switches" they are not always 100% fail-safe under every condition and permutation; sometimes applications can inadvertently reveal IP addresses; sometimes perhaps IP addresses can be revealed when connections randomly get lost therefore is it possible to 100% prevent the real IP address being leaked/revealed by routing the VPN through a Virtual Box and if so could anybody recommend the simplest method for someone with basic networking skills to achieve this?
Your opening line leaves me wondering about NO control over the network, but I am not here to judge. LOL. I am going to assume you are using Windows as your primary OS? If so simply install the client your VPN provider may have available and then NAT connect to a linux VM. This would allow you to explore the internet on an Linux OS (VM) and that would keep what you do OFF of the Windows operating system. If you don't object you let us know which VPN provider you are using. Many of us have thousands of posts and we "acid test" a number of VPN's, as well as have access here at Wilder's with extensive reviews on many of them. Just an idea if you want opinions. Cautionary note: since you don't have control of the network router and you are brand new here. Router firmware generally stores the connection MAC of a wireless client, along with the OS name it detects from your Intra-network connectivity. Many ways around some of this, but just wanted to remind you that connection trails abound.
Hi there Palancar; thanks very much indeed for taking the time and trouble to reply to my question; so just to provide some further information about the actual network; it's a situation where a long range WiFi antenna from another house supplies my house as I don't have a telephone line connected; so what that means is that I get my "WiFi" feed from somebody else; so I can't interfere with any settings or put in a specific router as I understand buying a special router is a way to guarantee that your IP address doesn't leak. Yes my operating system is Windows 10 64 Bit; with everything up to date; and the VPN service provider does have their own proprietary client and I think their system does work with the open source standard client that is commonly used amongst VPN service provider Regarding the VPN service providers I'm a long standing reader of Wilders and have picked up some very useful and valuable pointers over the years so on balance I think my VPN is adequate although am always interested in hearing about other good providers I suppose a better way of trying to describe what I'm trying to find out is a few signposts on what sort of areas to research; I don't want to waste days watching YouTube videos about Virtual machines only to find out that that's not going to help Regarding your suggestion regarding installing the VPN client and then NAT connect to a linux VM would that completely prevent my real IP address from leaking out if my VPN providers link randomly stoped which I think they all can do from time to time; and the point that leads me to wanting to do this is that I understand that virtually all kill-switches fail; not to mention all of the other things that can fail... if that setup would just make my VM go blank then it would be exactly what I'm looking for at the moment which would be an evolutionary step up in terms of overall security; eg it would be a manageable learning curve that I'd probably find quite easy and could implement straight away Ideally the perfect system for what I'd like would be to use something like the "Tails" system; which although I've not used I think it's quite straightforward and there's not too much of a learning curve; but unfortunately Tor is not as usable as it once was as of course the IP range is often flagged Would it be possible to use a proxy IP address with the Tails system do you know? I'm sure there must be other VPN users who have had that moment when their VPN fails and they see their browser has reconnected and they worry that it just takes a microsecond for an IP leak to register Thanks again for the direction Palancar; I'm going to try and do a bit more research on that suggestion you made as I think that's the type of thing I'm looking for but just want to make sure the IP can't leak
If you have the VPN connection properly firewalled, there's no risk of leaks. That's easily doable in Windows and Linux. And also in OSX, I'm sure. If you don't want to do that, use a VPN provider with a leak-free client. See https://vpntesting.info/ for ones that I couldn't make leak. If the host VPN goes down, running a Linux VM and NATing to the host won't protect you. Unless the host VPN is firewalled properly. Running the VPN client in a VM, and using it from another VM, won't protect you either. Unless the VPN-gateway VM is firewalled properly.
I had a look at the website you did whilst browsing one of the other threads; so it does seem possible to find a "leak free client"; this essentially is the weakest link as this one small item of software could be that one point of failure; and it just takes a millisecond for your true IP to be revealed; I started this quest for a simple but higher level of all round everyday VPN protection because another person like yourself who is experienced and significantly knowledgeable about vpns and vpn networks explained to me that all vpn software leaked and that no "kill-switch" worked; now I don't know the gentleman's specific level of experience but combining those kind of sentiments with your results which I think show perhaps 6 out of 26 clients tested leak then if that's extrapolated it goes to show that the vast majority are completely unsafe Thanks very much for expanding on the topic mirimir; so essentially my fundamental premise is wrong/faulty; in fact the weak link which is the potential leaking of my IP address won't actually be effected by just having any virtual machine working on windows; it won't make it any less or more risky than just installing it straight on windows itself? Ideally then some type of situation such as Tails where the VPN connection sits on top of the Tor network so you go Windows plus Tails or Whonix (I've never used them but understand the basic principles of what they do) and then having the VPN network connect directly to the Tor network In general is my summary correct in my thinking which means there's no point me really trying to look beyond trying to choose the most secure vpn client?
OP, not true on your conclusion regarding use of a VM. Allow me to clarify using a simple block diagram type of approach. Consider your VPN tunnel as a pipe that has TWO ends (just like an actual pipe). The source end of the pipe (router connection) should be handled by the VPN server and YES the connection should be managed in a way where a broken connection results in a dead line with ZERO going in or out of the computer ---- period! Mirimir and I both write our own personal firewall/IP table variants to manually lock a broken connection. We also both run workspace connections sitting behind multiple VPNs and chained via TOR, so our end product is a different animal then the simple structure you are setting up. Back to the block diagram. The other end of the pipe, representing the exit node of the tunnel, also contains vulnerabilities to address. First off you are using Windows, and that is a complete story to write on its own. Lets disregard that story and agree to use a Linux VM (free and easy to build). By employing any VM (even a Windows based VM) you are able to conceal the actual physical hardware ID from any site prospecting for that information. Lots of fingerprinting and related threads around here if you are interested in reading through them. So using a VM adds great isolation of your machine's true identity. In essence any leaks you have at the exit node are providing the ID of the virtual machine and NOT your actual machine. This is important stuff if you want or need true anonymity online. If you are only watching a movie and want to avoid a DMCA notice you might not need this, but why take a chance when its so easy to protect yourself? And then in reality, by building a LINUX VM you capitalize on so much better control of the OS. Secondly, malware designed by almost all designers will see its in a VM and auto shutdown to protect examination. Its truly how it works. Very little linux malware for desktops since the few out there attack linux servers. You can snapshot your VM and start over with a perfectly clean workspace in a few seconds. Its like getting to start over with a "virgin OS" every single day. Nice.
"Consider your VPN tunnel as a pipe that has TWO ends (just like an actual pipe). The source end of the pipe (router connection) should be handled by the VPN server and YES the connection should be managed in a way where a broken connection results in a dead line with ZERO going in or out of the computer ---- period!" Very nicely and succinctly written; that is "exactly" what I'm trying to achieve; you've put that perfectly; I probably don't use the correct words to explain what I'm hoping to achieve. I've seen another thread here that seems to be someone else sort of at the same level as me trying to do something similar so I've been trying to work through that and gain further knowledge. So do you have TOR in front of the VPN or TOR after the VPN; so will websites see the last VPN in the chain's IP address or will it see a TOR IP address; please note that for general purposes most people can't effectively use TOR because most useful sites will flag the TOR range of IP addresses most harshly of all VPN associated IP addresses; it's no longer possibly to even use google with a TOR range of IP addresses So essentially to try to keep my question simple if I can use a VirtualBox on my Windows machine in case of my VPN connection dropping will the VPN 100% prevent my real IP address from leaking through; because that's all I require; just that guarantee; for want of a better way to describe it I'm looking to create the pipe that you so eloquently described; I'm not exactly sure about how to go about connecting the VPN to the Virtual Machine but I presume I can just install the software client of the VPN in the Virtual Machine; but I'm trying to achieve a complete failsafe system so that if as is demonstrated from Mirimir's research the VPN client that's installed on the Virtual Machine does in deed leak or is leaky this definitely wont' leak the real IP address because the Virtual Machine will 100% protect it? If my understanding is correct then all I have to do is install VirtualBox which according to my research seems to be the most recommended software and somehow get a VPN to work with it and that should be my problem solved?
What matters is how well the VPN connection is firewalled. It doesn't matter where the VPN client is running. And if the VPN connection is properly firewalled, you won't get leaks. In Windows, OSX, Linux, whatever. Basically, you allow connections only to the VPN server through the LAN and WLAN adapters. Everything else must use the VPN tunnel adapter. If the VPN is down, nothing except reconnection attempts to the VPN server gets through. Not even DNS lookups get through, which means that you must specify VPN servers by IP address, and not by hostname. This is very different from a "kill switch". It's not like the firewall monitors the status of the VPN connection. The firewall just manages traffic, based on configured rules. And the firewall loads quite early in the boot process, before other system services, VPN clients and apps. Compartmentalizing the VPN client from workspace isn't enough to prevent leaks. The VPN client must still be firewalled. But it does mitigate the risk that app-level attacks will mess with the VPN connection, or with the firewall configuration. That's true for Tor, as well (e.g., Whonix). Microsoft and Apple arguably snoop on you more than Linux developers do. But that's a separate issue.
Ah so in fact the firewall is the main thing that protects the connection from leaking out; whereas in the situations that compare VPN clients; that merely relies upon the killswitch; that makes sense; so presumably the thing that protects the Virtual Machine eg Whonix would also be the firewall of the Whonix VM. So in that case presumably most Virtual Machines have their own built in firewalls that do this job; so in fact a Virtual Machine could be used in lieu of the complexity of setting up a firewall; as I think you mentioned in another post that sometimes mistakes happen due to human error or not being set up properly and this is as much something to be prevented as any other failure point. I've seen situations where the VM client gives a false positive reading stating it's connected when it's not connected (It didn't happen often) but it doesn't take much; so again all roads come back to the fact that the VPN client is the weakest link and your connection is only as good as your software and other hidden configurations which are server side; so this risk can be mitigated by the use of a Virtual Machine which puts matters of security and leaks firmly back in your own hands
It's not that "most Virtual Machines have their own built in firewalls that" prevent VPN leaks. There's nothing special about VMs. They're just OS installations in virtualization environments. Desktop OS installs generally don't block any outgoing traffic. Whether you're working in a virtual or physical machine, you either need a VPN client with a capable firewall, or you need to configure a firewall.
Does by having a virtual machine limit the other applications that are installed on your base unit from accidentally leaking; an example being if you watch a video using I think flash in a browser that you've got configured to work with a VPN/Proxy then the nature of Flash means your windows base computer would actually reveal your real Ip address inadvertently and in this similar situation wouldn't the Virtual Machine prevent this leak from occurring? And if you choose a well known VM then would it be fair to say that the complexities of setting up a firewall are removed for the average user meaning the net result was a more secure setup with less knowledge required which is what I'm hoping to achieve; although I know about firewalls I'm not very experienced and when there are so many options it's more likely that mistakes will be made
Yes, working in a VM with the VPN running in the host will prevent IP leaks by apps that don't respect default routing. However, proper firewalling in the host will also prevent that, even if you're working in the host. Also, working in a VM with the VPN running in the host, and properly firewalled, will protect you against malware that messes with firewall and networking configuration. Unless it can break out of the VM to the host, anyway. But that's unlikely. I'm sure that VMs are available with pre-configured firewalls. However, that won't protect you from IP leaks if the VPN in the host goes down. With NAT-to-host networking, the VM uses the host's active network connection. If that's a VPN, it uses the VPN. If the VPN goes down, and there's no firewall in the host to prevent leaks, it uses the direct Internet connection. Anyway, in https://www.ivpn.net/privacy-guides/how-to-perform-a-vpn-leak-test I explain how to test for leaks. It's easy to secure VPNs using Windows Firewall. Basically, you block all use of the LAN connection except for OpenVPN, and you allow all outgoing traffic on the OpenVPN tunnel connection. There are many guides out there that do it the opposite way, just blocking specific programs on the LAN connection. That's stupid. Unfortunately, I'm not finding a link to one of the guides that does it right. And my recollection is hazy, because I don't use Windows. But, as I recall, you make your LAN connection private, and your VPN connection public. Then you set default for private to block everything, and create an exception for openvpn.exe (or whatever your client calls it). For public, the default is allow outgoing and block incoming. If you're running a server with port forwarding through the VPN, you need to allow incoming traffic for the server app. Anyone have a link for that?
I use an Ethernet cable from my computer to my router; should I follow the same process? A quick search shows lots of tutorials are if your using wireless only. I clicked Ethernet under Network connections and nothing happened, I was expecting an option to make it private as per the tutorial under windows 8.1 http://www.online-tech-tips.com/windows-8/change-from-public-to-private-network-in-windows-8/
If I go into my router Admin panel I can see EVERY device connected to it regardless of how its connected!! How long I store that information is set by my personal preferences in the control panel. I was/am mostly pointing this out just in case someone was connecting to a network they are not authorized to join! I am not going to discuss how to perform joining an unauthorized network, and avoid pointing a trail back to the intruder, as LVM runs an above board ship here. In simple terms if you are a homeowner go ahead and access YOUR router control panel in the admin panel. You will be able to see all devices connected.
