Ensuring against IP leaks - a challenge?

Derelict

So, my question is really - Does anyone else get unexpected results using http://whatismyip.host?

No.

MoonKnight

@tonynibbles:

So, my question is really - Does anyone else get unexpected results using http://whatismyip.host?

No :)

Derelict

This post actually looks like spam.

tonynibbles

Well, it might be a bit wordy but I can assure you it's not spam - a genuine query as to whether this is just me or not.

Thanks for the replies, I'm still at a loss as to where my fault is and why this site and only this site reports my IP, but I will persevere.

johnpoz

So I just turned my policy route rule to send client out vpn. I then made sure client was using quad9 for dns vs pfsense as resolver and hit up whats my IP and your website both showing my vpn IP.. So not sure what your doing exactly. But without details it will be impossible for anyone to help you spot what your doing wrong, etc.

Turned policy rule off and back to my normal wan IP from isp.

policyroutepng.png_thumb

Selection_027.png_thumb

Derelict

@tonynibbles:

Well, it might be a bit wordy but I can assure you it's not spam - a genuine query as to whether this is just me or not.

Thanks for the replies, I'm still at a loss as to where my fault is and why this site and only this site reports my IP, but I will persevere.

It is showing your IP address because you have your system configured to send it out the WAN not the OpenVPN.

No way to know what in your configuration is wrong unless you show us what you have done.

tonynibbles

Well, fwiw my system setup uses much of the advice in the techhelpguides article, VPNs are configured as a Gateway group consisting of four VPN connections, the load balancing handles when one becomes too slow.

A firewall rule on the LAN tells all outbound traffic to use the VPN Gateway Group.

I'm a little less familiar with the DNS setup, but I've used the DNS Resolver method ("Leak Prevention Method 2") from the tech help guides.

My setup appears to work well, apart from this one site which reports my IP. Everything else, Google, dnsleak, ipleak, whatismyip - they all report my VPN IP. This is why it's so frustrating - something's getting through but I can't be sure how.

There are so many settings in PFsense it seems impossible to convey every detail of my config - I suppose a better question would be, what tools do people use to debug this?

![Screen Shot 2018-04-16 at 23.01.14.png](/public/imported_attachments/1/Screen Shot 2018-04-16 at 23.01.14.png)
![Screen Shot 2018-04-16 at 23.01.14.png_thumb](/public/imported_attachments/1/Screen Shot 2018-04-16 at 23.01.14.png_thumb)

Derelict

Packet captures and wireshark.

Diagnostics > States

tonynibbles

Hmmm, ok.

Now in states, I can see that if I use Google.com, the request uses one of my VPN connections, but on the other website, the request goes out on WAN. Damn.

tonynibbles

FFFFFFFF

OK. I've got it!

I am running pfBlocker and have it set to create an alias group of Amazon servers. Requests to these destination IPs are set to bypass the VPN (mostly for content streaming), but in this case because that website was hosted on AWS, it was being delivered on the WAN not the VPN. Hence, it could see my IP.

This is the dumbest thing. Thanks for the heads up on figuring this out, was doing my nut in.
What a doofus.

pdfteam

No. I am getting same IP results with whatismyip.host and other websites such as whatismyip.live

I am using PureVPN and visited both websites. Here are the results:

http://whatismyip.live IP results:

http://whatismyip.host results: