Setting up secure VPN

Discussion in 'privacy technology' started by masthf, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. masthf

    masthf Registered Member

    Joined:
    Jan 28, 2014
    Posts:
    2
    Hi,

    I am rather technologically inept. I have got myself a vpn account with Mullvad and want to know what I need to think about and do to make sure that my IP etc doesn't leak. I have spend the last three days reading various articles but I can't make sense of it all.

    I would really appreciate it if someone could tell me exactly what things I need to worry about in terms of protecting my privacy using the VPN. I will be using the account mainly for the purpose of P2P and that is my main concern.

    I have so far done a dns leak test (no idea what it means), but it showed my IP as being in the Netherland. Which is good. Strangely though google always thinks I am in Germany (Hamburg) to be exact, so not exactly sure how that works.

    I have also enabled the clicked the stop DNS leak and stop internet connection options in the Mullvand software. Not sure whether this is sufficient or I should be setting up separate firewalls as well.

    I have not done anything else apart from the above as the more I read the more confused I get with it all.

    Thanks.
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    With Mullvad, that should be enough.

    When you use services such as whatismyipaddress.com, they report the VPN exit IP address. Unless you select a different exit in the Mullvad software, that VPN exit IP address (e.g., a.b.c.d) shouldn't change, and should be the same for all IP-check services.

    Most IP-check services also report geolocation data for the VPN exit IP address. That can change, and be different from service to service, because there are several geolocation databases, and also because there are mechanisms for reporting errors. I suspect that VPN services and/or users actually introduce errors, in order to get the result that they want.

    There are two aspects to the DNS leakage issue. One is just a subset of the VPN leakage issue. That is, you want all of your Internet traffic to use the VPN tunnel. And, if the VPN tunnel dies or stops working, you want nothing at all to reach the Internet.

    The other aspect of the DNS leakage issue concerns the DNS server(s) that your VPN connection is using. If it's using DNS servers assigned by your ISP, you can be tracked through the VPN, even if there is no VPN leakage. That is, as your traffic leaves the VPN exit server, there would be queries ("What's the IP address of some.website.org?") to your ISP's DNS server(s).

    Using Mullvad, run the test at www.grc.com/dns. It will identify and test all DNS servers being used via the VPN tunnel. If any of them have any connection to your ISP, you have a DNS leak. Most VPN services run private DNS servers, while others use various third-party ones. If your VPN configuration is using your ISP's DNS servers, you need to fix that.
     
  3. masthf

    masthf Registered Member

    Joined:
    Jan 28, 2014
    Posts:
    2
    Thanks so much. The test seemed ok (i.e. only revealed Mullvad). I guess the Mullvad client is taking care of the DNS issue? Is there a risk that it might stop working and reveal my IP etc? Do I need to implement independent fail safe measures you think? Or is the risk only academic?
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    You're probably safe with Mullvad alone.

    But even so, it can't hurt to use a firewall as backup.
     
  5. Alexandru

    Alexandru Registered Member

    Joined:
    Jan 18, 2014
    Posts:
    15
    Location:
    Netherlands
    I would suggest to check your settings at www.whoer.net in extend mode as well. Flash has a very big risk
     
  6. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
  7. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Thanks for the list.

    I find it funny how some of them chastise you for not having JavaScript enabled...saying you are noticeable. Ok then, tell me some info about me then :D
     
  8. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    If some TLA gets weblogs and cookie etc data from several popular sites, it can develop user profiles based on (among other things) JavaScript-whitelisting patterns.

    Even so, none of that is very useful if users (1) compartmentalize activity in multiple VMs, each with its own browser etc setup, (2) only visit a particular site in one of those VMs, and (3) minimize similarities in JavaScript-whitelisting (and other) patterns.

    For example, none of my other pseudonyms has ever visited Wilders. And mirimir never visits special-interest sites that they frequent. Although there's some overlap for searching, we have different preferences, and search for different things. It's rather like cultivating multiple-personality disorder ;)
     
  9. Seven64

    Seven64 Guest

    I disable IPv6 and turn Off Teredo Tunneling.

    How to do this:
    Disable IPv6
    http://www.addictivetips.com/windows-tips/how-to-disable-ipv6-in-windows-7/

    Turn Off Teredo by Using Graphical User Interface

    Click Start, then Control Panel.
    Click on “System and Maintenance” link.
    Click on “Device Manager”.

    Click Continue on UAC prompt.
    In device manager, click the “View” menu and select (tick) “Show hidden devices”.
    Expand the “Network Adapters” tree.
    Right click on “Teredo Tunneling Pseudo-Interface” and select “Disable”.
     
  10. RollingThunder

    RollingThunder Registered Member

    Joined:
    Nov 21, 2013
    Posts:
    187
    Location:
    https://www.eff.org/issues/anonymity
    I am interested can anyone tell me the download speeds when using Millvad assuming Comcast 50 Mbit per second over Usenet with socket lock. My usenet account is https://www.tweaknews.eu 50 Mbit and 30 threads. I currently use iVPN and I range from 1.5 meg to 4 meg per second depending on breakout.

     
  11. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    :D :D :D
     
Loading...
Thread Status:
Not open for further replies.