Netgate SG-1000 microFirewall

Author Topic: Ensuring against IP leaks - a challenge?  (Read 225 times)

0 Members and 1 Guest are viewing this topic.

Offline tonynibbles

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Ensuring against IP leaks - a challenge?
« on: April 13, 2018, 04:55:56 pm »
Hi everyone,

(first post, n00b, yes hi)

I bought a Netgate SG-3100 at the start of the year and, apart from the occasional ups and downs, I've have been pretty pleased with it and pfSense.
I run a few OpenVPN connections (grouped, for failover - great pfSense feature) and the majority of my network traffic runs through them. Overall, along with DNS leak prevention, privacy-wise, things seem pretty good - much thanks to the excellent guide on techhelpguides.

I can check my exposed IP on sites like google.com, www.whatismyip.com, dnsleaktest.com, astrill.com/vpn-leak-test - any number of sites and they all report the IP of my active VPN connection.

BUT - there is one site which reports my actual IP. The beautifully simple http://whatismyip.host - and it's driven me a bit mad!
I even contacted them to ask how they're achieving such an excellent result and they suggested it might be my VPN provider setting the X-Forwarded-For header - but alas, I've checked and this isn't the case.

So, my question is really - Does anyone else get unexpected results using http://whatismyip.host?
« Last Edit: April 13, 2018, 06:46:36 pm by tonynibbles »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10275
  • Karma: +1177/-313
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #1 on: April 14, 2018, 03:21:38 am »
Quote
So, my question is really - Does anyone else get unexpected results using http://whatismyip.host?

No.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline CiscoX

  • Jr. Member
  • **
  • Posts: 30
  • Karma: +2/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #2 on: April 14, 2018, 03:43:22 am »
So, my question is really - Does anyone else get unexpected results using http://whatismyip.host?

No :)
Intel i5-7400
8GB DDR4 2133Mhz
Samsung SSD 120

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10275
  • Karma: +1177/-313
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #3 on: April 14, 2018, 10:41:29 am »
This post actually looks like spam.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline tonynibbles

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #4 on: April 15, 2018, 08:50:49 am »
Well, it might be a bit wordy but I can assure you it's not spam - a genuine query as to whether this is just me or not.

Thanks for the replies, I'm still at a loss as to where my fault is and why this site and only this site reports my IP, but I will persevere.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 15775
  • Karma: +1503/-210
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #5 on: April 15, 2018, 09:50:39 am »
So I just turned my policy route rule to send client out vpn.  I then made sure client was using quad9 for dns vs pfsense as resolver and hit up whats my IP and your website both showing my vpn IP.. So not sure what your doing exactly.  But without details it will be impossible for anyone to help you spot what your doing wrong, etc.

Turned policy rule off and back to my normal wan IP from isp.



« Last Edit: April 15, 2018, 09:55:14 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.3-RELEASE (work)
1x SG-3100 2.4.3-RELEASE (work)
1x SG-4860 2.4.3-RELEASE (home)

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10275
  • Karma: +1177/-313
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #6 on: April 15, 2018, 12:07:43 pm »
Well, it might be a bit wordy but I can assure you it's not spam - a genuine query as to whether this is just me or not.

Thanks for the replies, I'm still at a loss as to where my fault is and why this site and only this site reports my IP, but I will persevere.

It is showing your IP address because you have your system configured to send it out the WAN not the OpenVPN.

No way to know what in your configuration is wrong unless you show us what you have done.

Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline tonynibbles

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #7 on: April 16, 2018, 05:31:31 pm »
Well, fwiw my system setup uses much of the advice in the techhelpguides article, VPNs are configured as a Gateway group consisting of four VPN connections, the load balancing handles when one becomes too slow.

A firewall rule on the LAN tells all outbound traffic to use the VPN Gateway Group.

I'm a little less familiar with the DNS setup, but I've used the DNS Resolver method ("Leak Prevention Method 2") from the tech help guides.

My setup appears to work well, apart from this one site which reports my IP. Everything else, Google, dnsleak, ipleak, whatismyip - they all report my VPN IP. This is why it's so frustrating - something's getting through but I can't be sure how.

There are so many settings in PFsense it seems impossible to convey every detail of my config - I suppose a better question would be, what tools do people use to debug this?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10275
  • Karma: +1177/-313
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #8 on: April 16, 2018, 05:35:15 pm »
Packet captures and wireshark.

Diagnostics > States
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline tonynibbles

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #9 on: April 16, 2018, 05:50:03 pm »
Hmmm, ok.

Now in states, I can see that if I use Google.com, the request uses one of my VPN connections, but on the other website, the request goes out on WAN. Damn.


Offline tonynibbles

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #10 on: April 16, 2018, 05:57:31 pm »
FFFFFFFF

OK. I've got it!

I am running pfBlocker and have it set to create an alias group of Amazon servers. Requests to these destination IPs are set to bypass the VPN (mostly for content streaming), but in this case because that website was hosted on AWS, it was being delivered on the WAN not the VPN. Hence, it could see my IP.

This is the dumbest thing. Thanks for the heads up on figuring this out, was doing my nut in.
What a doofus.

Offline pdfteam

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: Ensuring against IP leaks - a challenge?
« Reply #11 on: April 19, 2018, 05:32:59 am »
No. I am getting same IP results with whatismyip.host and other  websites such as whatismyip.live 

I am using PureVPN and visited both websites. Here are the results:


http://whatismyip.live  IP results:



http://whatismyip.host results: