Real IP leaking even if connected through OpenVPN tunnel…!!!



  • I’ve set up several VPN tunnmels (PureVPN & NordVPN).
    Nearly all external IP checking sites detect the Remote IP given (e.g. ipchicken.com whatsmyipaddress.com, etc…).

    ONLY ONE SITE –> IPFINGERPRINTS.COM <— IS DETECTING MY REAL IP!!!

    I can change it from one tunnel to another…
    Reset states…
    Reboot pfSense…
    Tried using a VPN Gateway Group (each TIER 1)…

    … always detecting my real IP.

    I’ve no clue why???

    I’ve the standard rules and NAT (which everyone seems to use):

    FIREWALL > RULES > LAN

    
    Action | Protocol | Source    | Port | Destination | Port | Gateway     | Queue | Schedule | Description
    -------------------------------------------------------------------------------------------------------------
    Pass     IPv4 *     VPN_HOST    *      *             *      VPN_GW_DHCP   none               Hosts from LAN to VPN    
    
    

    NAT > OUTBOUND

    
    Interface          | Source    | Src. Port | Destination   | Dest. Port    | NAT Adr.       | NAT Port  | Static    | Description
    ----------------------------------------------------------------------------------------------------------------------------------
    VPN_IF               VPN_HOST    *           *               *               VPN_GW adress    *                       Hosts from VPN_IF to Tunnel
    
    

    Any ideas… Would be pleased… 🙂

    P.S. … it is not WebRTC !!! Disabled on every browser…



  • PUSH…

    No one any idea…

    If I use e.g. the NordVPN Application on my laptop (goes through WAN), my real ip is hidden (same as the remote ip).
    If I send em through the pfSense tunnel, my real ip is revealed.

    SO WHAT IS THE DIFFERENCE???
    There should be no difference… OR???



  • Have you disabled WebRTC in your browser?



  • that is def a configuration issue on your devices/ router.

    i am using a sg2220 and with PIA and airvpn i do not get my “real” IP



  • Both your LAN and NAT rules use “VPN_HOST” as a source in their rule definition. This means that these rules do not take effect unless whatever is defined as “VPN_HOST” is true. But you did not specified what VPN_HOST is. Perhaps change your source to a wildcard ("*") to see if that changes the firewall & nat rule behavior, or provide clarification as to what “VPN_HOST”, as a source address, is restricted too.


  • Netgate

    There is no harm in just setting the Outbound NAT rule there to the whole subnet that VPN_HOST is on. Outbound NAT does not have any bearing on what traffic flows where. It only dictates what NAT occurs when traffic flows that way, so if the traffic is not routed out that interface, no outbound NAT will occur.

    But if VPN_HOST is used to both policy route and perform outbound NAT it will always match.

    Setting Outbound NAT for source any is almost never a good idea and generally ends up matching traffic that should not be natted at all.

    I policy routed a VM out a VPN and ipfingerprints.com reports the VPN egress address as it should.



  • Is all your DNS traffic (or at least DNS traffic for hosts from the VPN_HOST alias) routed through your VPN tunnels too?


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy