April 19, 2023 at 9:39 am #12982john123Participant
Is it possible that IP leakage may occur while using the VPN Client, in particular for an unstable/intermittent internet connection, and are there any specific settings that will help prevent this?
ThanksApril 19, 2023 at 7:44 pm #12986
I hope that IP leakage is not a common issue while using a VPN client, as it is designed to protect your privacy and maintain anonymity. However, if you have a proven case of IP leakage, I would be more than glad to analyze the situation and help find a solution.May 19, 2023 at 10:42 am #13041john123Participant
Thanks for your reply. I don’t have a proven case. I was just speculating. If the VPN server you are connected to were to lose power is there potential for an IP leak?
I read your comment on how to implement a kill switch by adding a DWORD value to the registry. Does this safeguard against IP leaks in cases other than the client crashing? Is it possible to set up an application specific kill switch?
ThanksMay 20, 2023 at 10:46 am #13042
Indeed, this topic is currently a subject of active discussion. To provide some context, here’s an excerpt from one of the most recent emails I’ve received regarding the matter:
In my suggestion/vision, I appreciate the options that Tunsafe provided, such that all traffic is blocked if the VPN goes down, but there is an option to allow local traffic if the VPN goes down.
Also, I appreciate the ‘service mode’ and run-at-boot features that attempt traffic-blocking at startup, also implemented in Tunsafe.
KILLSWITCH DESIRED BEHAVIOR >>>
My hope is that WireSock disallows all network traffic while disconnected, with the option to allow local traffic (DHCP/DNS mainly). Advanced : Fine-tuned options to allow/disallow specific traffic types while disconnected.
My hope is that WireSock only allows the minimal amount of Internet Traffic (dhcp/dns/tcp/udp) while connecting, and mainly through its processes.
Once connected, my hope is that WireSock allows all traffic to occur through all processes, but only through the VPNs IP (with options to allow local traffic as described above). Additional process filters can occur with an ALG firewall, such as Simplewall/etc.
Advanced Features / Not Suggested:
(1) A feature that some VPN Clients have implemented is to allow certain applications to bypass the VPN. This allows a mixed-mode operation that some people want because of IP-discrimination (their email server blocks all VPN IP addresses, or a website does endless captcha challenges for all VPN IP addresses, etc). This feature would be very difficult to implement and I am not suggesting it, but wanted to include it because it seems related.
(2) There are few more theoretical features that could be implemented, but most seem beyond the scope of “KILLSWITCH”.May 20, 2023 at 10:48 am #13043
If you have any alternative suggestions or unique insights regarding the implementation, we’d greatly appreciate your input. Please feel free to share.June 13, 2023 at 10:53 pm #13091IXSoulParticipant
Is there a way to currently achieve that killswitch behavior with WireSock/WireSockUI?June 14, 2023 at 9:35 am #13092
It’s feasible to adjust the initial settings for the network driver, a setup that would halt all inbound and outbound network traffic until the VPN client becomes active. This strategy, however, could have extensive repercussions on the overall system functionality, possibly obstructing even DHCP operations.
In light of this, I am considering developing a buddy Windows Service as an alternative. This service would be programmed to initialize with the system startup and manage network traffic in a more selective manner, permitting only certain types of traffic based on a pre-established rule set (e.g. allow DHCP/DNS or/and allow all for selected network interfaces).
Without explicit approval from this service, any other traffic would be strictly denied unless it’s funneled through the VPN client. There, the traffic would be processed according to the configuration settings of the Wireguard VPN, ensuring secure and efficient handling of network operations.June 14, 2023 at 7:20 pm #13094IXSoulParticipant
Sounds like a good solution! Thank you for your hard work
- You must be logged in to reply to this topic.