Thinking about a VPN but clueless about how it would work

Real identity work happens on a completely different computer. Safer that way. All kinds of traces of identity get left on a computer and it's best to use a VPN on a dedicated computer or VM. And conversely, you might not want to leave traces of what you do in a VPN on a computer that is used for real identity work.

 

The leak tests found here: https://www.perfect-privacy.com/check-ip/
I have found to be pretty good, there are 4 tests in total and they seem accurate enough.

 

I'm confused.

PureVPN offers an add-on NAT firewall which I didn't worry about but because I figured I have Windows firewall and my router. however if I understand how the VPN works (unlikely) the VPN tunnels through both Windows firewall and the NAT / SPI firewall or my router, but when I check at https://www.grc.com/x/ne.dll?bh0bkyd2 all ports are stealthed, so what am I missing?

 

I'm using AirVpn and according to Shields Up ports 88 & 89 are open with all others stealthed.

 

@Krusty -- I doubt that the subscription is tied to IPsec. Can't you use OpenVPN?

GRC is reporting on the VPN exit server, not your device.

You can setup rules in Windows firewall. I think it goes like this. You set the main LAN connection as private, and the VPN as public. Then you block all traffic (incoming and outgoing) on private, except with the VPN server. On public, you block incoming traffic, but allow all outgoing traffic. There are no app-specific rules. Some Windows firewall guides will tell you to use them. They're misguided.

 

I'm sorry but I don't know what that means. If your are referring to the protocol, I'm current using SSTP. If not then I'm lost. Perhaps you mean using OpenDNS client? I wouldn't know how to configure that for my subscription. This is all very new to me.

Here is what the new Windows Defender Security Centre shows as the current setting of my firewall.

 

In the PureVPN app, in Preferences, hit "App Settings", and then toggle the "Selected Protocol" box. There should be an option like OpenVPN or high security, and 256-bit. Select that.

Your Windows Defender screenshot shows that Windows Firewall is on. But what you need to do is tweak Windows Firewall settings. Maybe someone else here can tell you exactly what to do. I've forgotten what little I knew about Windows

 

Ah, OK. I have two choices, TCP and UDP.

https://support.purevpn.com/difference-between-tcp-and-udp

It looks like TCP is more reliable but slower.

 

I'd say try UDP first, and TCP if it doesn't work.

 

Well they both work, sort of, but they cripple my download speed and latency.

 

When you are using the VPN, do any DNS leak web-sites show your ISP name?

 

Not since I changed to use OpenDNS.

 

I would stick with IKEVv2. One less headache for any beginner, unless your are "mirimir".
It's fast and secure enough.

 

It means, "Houston we have a problem" is the ISP name is shown.

 

Yeah, it was shown but not now. OpenDNS is shown though, but I'm only trying to stop my ISP snooping.

 

I would go with IKEVv2 protocol.

 

Same servers? Maybe OpenVPN takes more CPU, but latency change seems odd.

 

As soon as I check-marked "Switch to Secure DNS", any mentioning to my ISP name has disappeared.

 

In my case, IKEVv2 is faster than UDP or TCP, and with "Switch to Secure DNS", I really like it.

 

Well, "speed kills" they say

Sorry, had to But it might be worth checking security of IKEVv2 vs OpenVPN. If it matters, anyway.

 

Oh, yeah.
I did check that IKEVv.2
No DNS leak from DNS leak and DNS leak tests of numerous web-sites - only my VPN servers visible.
"your IPv6 is not leaking..."
WebRTC - no leak.

I've checked with about 7 different web-sites. If you have any recommendation, please let me know.
Thanks in advance.

P.S. An interesting thing.
First time in my life, Bluehell Firewall "overreacted" when I was trying to do the Panopticlick test. I needed to push "Allow Temporary" 5 times NoScript in order to pass that Bluehell firewall.

 

Any ideas how to "bypass" the time zone differences between your System's/Computer time and your new VPN time zone.
I got a "mismatch" with check2ip.com/ after I've pushed three times my NoScript "Allow temporarily..."

 

@zmechys -- I don't think that the timezone mismatch is something that you can "bypass". If you use the same VPN exit consistently, you can change your local timezone. Or you can switch to UTC.

About IKEVv2 security, I meant difficulty to MitM or otherwise compromise. Not just leakage.

 

Thank you, mirimir.
I always trust your serious knowledge on any privacy issues, including VPN's.

 

I recommend setting UTC as well. If you end up combining TOR with any VPN usage you will be bouncing all over the map. UTC generally eliminates time zone issues for me.