VPN PPPOE IP Leak
-
Hi,
Apologies if this has been discussed before I have had a look on the forums with no apparent luck. I also have had a lengthy trouble shooting session with Private Internet Access to try and route the issues out so this forum is my last hope!
The situation:
My setup includes routing certain IPs down the VPN tunnel (using Private Internet Access), while the rest just use the normal non-vpn connection. The system is all setup and running fine apart from that certain online IP leak tests result in my real IP address being shown on clients using the VPN connection. Note, it is not all websites, just a select few that reveal my actual IP on the devices using the VPN connection.
After lengthy discussion with PIA I have tried the following - I have flushed DNS on the devices, cleared cache and DNS on browers, cleared the cache on SQUID, and tried adjusting the VPN servers addresses. No luck.
After all of this one of the technicians at PIA mentioned that "if you need PPPOE for my internet connection, it should only provide the login and password for the internet access and not an actual second path which is why you are seeing a random connection of protected/not protected".
He then said he cannot offer direct support on what to do.
Does anyone know how I can resolve the above? Happy to send screenshots of my setup if necessary.
Thanks a lot for any help.
-
Hi
I tend to Set STATIC VPN Provided DNS Servers to prevent this.
They are forced via my DNS Server running on Windows Server 2008.
Have you set STATIC for DNS at all?
-
Hi Stan464,
Thanks for your response.
I do have static DNS, I actually use different DNS for VPN routed and Non-VPN traffic.
In regards to my issues, it turns out that it was SQUID that was leaking my IP address because (according to a wise man at Level1Techs) SQUID essentially ignores certain/all firewall rules. I'm sure there is a more technical way of explaining it but that is what I gathered.
My current solution is turning squid off.
My future solution is to set up VLANs so I have squid and non-vpn traffic on one subnet, and no squid and vpn traffic on another subnet. Unless others can think of a more effective method???
Either way, I hope this helps others in a similar situation.
Thanks for trying to help out though, appreciate it.
-
Hi
ahhh Squid! Fair enough, its unusual it would ignore you predefined rules, considering it would have to use a DNS Server of Sorts to deal with the traffic to begin with.
I set Satic DNS on both the PFSense Box & my DNS Server running on Windows Server 2008 just incase.
And no worries at all!
Stan464
/Closed