IP address leaking...
-
So I set up an openvpn client. Assigned an interface and gateway. Have a rule on the lan to route traffic from several hosts through the VPN gateway. All seems well. When I go to various websites my IP appears to be the VPN IP. No issues. Even have a floating rule that will block traffic from those devices to the default wan.
The issue is, when. I go to a site like "www.whatismyip.com" I get my VPN IP... But when I refresh the page, I get my home isp IP. From then on out, I get my home IP.
Can anyone tell me why this is?
I don't even use my ISP DNS.
-
@szehner said in IP address leaking...:
So I set up an openvpn client.
You are using a commercial VPN service, right ?
When you install their client software on your PC (phone), the issue doesn't exist, right ?If "www.whatismyip.com" shows your ISP IP, then that means that they received traffic from that IP ... which means 'some' traffic was not routed over the VPN, but straight out over the WAN.
(this is what I make of it, never used a VPN like that myself)edit : And lets think a little bit.
You would find another answer right away if you asked yourself this question : "What would I do if I was hosting "www.whatismyip.com" or working for them ?
Visit and read their entire web site. Go over it, all the pages.
Why are they doing what they are doing ?
A site costs money. Where does the money come from ? Who is paying them ?Here is what I would do, if I worked for them :
I would place a cookie for every visitor that visits "www.whatismyip.com".
As we all visit them ones using our native ISP IP, my browser will have their cookie that links my actual ISP to me.
If I re visited them again using an VPN, I would compare the new VPN IP with my secret list.
This secret list contains the IPs of all the VPN services tat pay me.
If they haven't paid me, I would show your real ISP IP, as I can just ask the cookie ^^
If the IP is known one, it's part of the networks of one of the VPN services that paid me, I would say "Congratulations, your are safe !!"Be assured : I'm just inventing all this.
Be assured : IF all traffic exiting your pfSense WAN goes over the VPN tunnel, the tunnel that goes to your VPN supplier, nothing goes over the WAN itself, then only your VPN supplier sees and uses your IP ISP. For everybody else on the internet : they see the " VPN supplier WAN IP", and that's what you want.
Checking if 'nothing' goes out over 'WAN' is easy.
Diagnostics > Packet Capture
You want to capture the traffic that does NOT goes to the IP of the VPN supplier. Traffic that goes to the VPN supplier would be part of the tunnel.
The traffic that doesn't go over the tunnel would be the leaked traffic. -
Ok but here is the thing, this shouldnt happen after I clear the browser cache. When I do, I get the VPN ip again, then right after a refresh it's my home ip again.
I also don't think it's a webrtc or a cookie thing because when I curl opendns in command line, I immediately get my home up.
-
@szehner
“Even have a floating rule that will block traffic from those devices to the default wan.“So your floating rule isn’t being matched then if you see your ISP address on the site.
Seems like a misconfig somewhere.
Can you share your floating rule, and your interface firewall rule that you’re using for policy routing -
I can share. Screenshots or is there a better way to share the config with you?
-
@szehner
Screenshots here so we can all see -
@michmoor ok I'll get those when I can. I ran a quick pcap before I left for work. Keep in mind I don't really know what I'm doing. But I did see something I thought was weird in the cap.
It said something like myipadress-spectrum.ovpn
Could my ISP (spectrum) be doing something creepy when it sees stuff on the default open VPN port?
-
@szehner
If your packets are being encrypted while in transit there is nothing the ISP can do to unscramble the data and peek inside.
We just need to see how you configured your routing. -
Here is what I could grab when I stopped home. Was in a hurry. I can get more detail if you need. Thanks for offering to help. This is really puzzling me.
