I am just curious if there is any security concerns with using Viscosity as opposed to VPN software direct from the VPN company. I use Viscosity because Eddie, AirVPN's client, has trouble remembering settings. Is this just as secure as the native client, or are openvpn derived titles less secure? Also, most client applications involve "killswitches", or, the ability to block connections that are not going through the VPN. How if this accomplished; altering the defailt gateway or DNS? Is this something that viscosity can also do if configured correctly?
If you know what you're doing, you can use stock VPN clients, and lock stuff down using firewall rules. You can also mess with routing, but that stuff tends to be less clearcut than firewall rules. The "killswitch" term is rather misleading. Detecting VPN state, and then killing network-using stuff when the VPN is down, is just too slow. Even one leaked packet can pwn you.
I agree. As far as I'm aware, Viscosity has no killswitch per se. But it can run script files on event, meaning a script like the one below can be autorun on disconnect. But that is hardly effective. I doubt that really does anything at all in terms of security and privacy. So, it need to be paired with a strict firewall ruleset, if I understand correctly. I have set up Comodo firewall as AirVPN instructs, and it seems to be okay; it passes IP tests and DNS leak tests. This is in conjunction with Viscosity. Do you know of any other way to test it, other than ipleak.net? If you are familiar with Comodo firewall, do you have any suggestions? It can filter by MAC address. I hope that blocking anything anything not going through that TAP, with the exception of local addresses (192.168.1.1-192.168.255.255) will suffice. Thoughts?
Check out https://vpntesting.info/ methods. Basically, run loop scripts that ping and wget stuff. And torrent something, if you like. Log packets, excluding those to/from the VPN server. Interrupt and restore the uplink. See if any packets get logged.
