Vpn Failsafe And Layering

[whitehat]

I've been really frustrated over the past couple of years by VPN's disconnecting and leaking real IP's. It's never been a life or death issue for me, but it's plenty annoying and when I introduce people to the concept of a VPN or proxy and set them up with it I really want it to work without betraying them.

I know that disconnects happen, especially when you've been connected for long periods of time. Can't change that. But is there some way to tell Windows, OS X, and/or Linux that "when this VPN [or proxy] gets disconnected I want you to disconnect from the Internet/Access Point and do not send any traffic unless I've reconnected?".

Also, I'm wondering if it's possible to get some additional layers, like with a simple proxy chain. I've never heard of anyone getting a chain of VPN's to work, although I used to do VPS + VPN pretty easily. How about proxies + VPN? If I tell application X, like a torrent client or email program or whatever, to use this HTTP or SOCKS5 proxy while my OpenVPN is running then will the traffic going to application X pass through both the OpenVPN and proxy or will the proxy essentially operate independently of the VPN?

What I mean is, normally the VPN knows your "real" IP as well as the server IP is assigns to you. The same is true of a SOCKS 5 or HTTP proxy. But can we make it where traffic goes from you to the VPN then from the VPN to the proxy, such that the proxy never sees your real IP and the external Internet never sees the IP of the VPN?

Edited September 3, 2012 by whitehat

[Mr-Protocol]

Check this out: http://mr-protocol.b...tunnel-diy.html

If I were to use Tor while my VPN was active from a hotel. It would VPN the Tor traffic to my house, and then out to Tor.

Caution, it will be sloooooooooow.

[whitehat]

Wow! This looks extremely interesting; I'm going to have to go over it and try out the commands soon.

You're right of course, there's always a significant tradeoff of speed for security. I really just want to figure out how to properly anonymize like this, just for some unknown/unlikely possible future need, not for regular usage. Like if I go overseas and need to send some politically sensitive data home some day. Or if they leak a new "Tron" movie, I might not be able to resist downloading it :)

For the record I did find a bit of a second-rate solution to my other problem, which was that if the VPN disconnects you might not want your real IP to be exposed to the torrent or whatever servers you're connected to, etc. It's a rudimentary script: http://vpnetmon.webs.com/

Edited September 4, 2012 by whitehat

[Pwnd2Pwnr]

Damn, you guys rock. That is what makes this forum great... Keep on preaching, technophiles! I will keep listening to the gospel!

[digip]

I use a VPN service that I've been more than happy with, and haven't ever noticed disconnects. I do know when Im disconencted though, becuase I'm generally using Putty or SCP over the VPN and leave it up all day, and when I close my VPN, putty dies and so does the SCP, so if I see that happen while the VPN is in use, while its not the greatest alarm of sorts, it lets me know when I've lost connection to the VPN, which so far only happens when do it manually. I'm also not far from where my VPN service provider is, only few hundred miles or so from where I connect through, so its been very stable and speeds for most part have been better than through my ISP in general. Seems to bypass my upload speed caps somehow, from 3mb to 10mb, so I'm happy with it. You're still in AU though, right? Wouldn't do you much good to use the VPN service I'm on since its US based out of NY, Miami and San Francisco locations, but if you can find a decent provider close to you, disconnects shouldn't be much of an issue.

Edited September 4, 2012 by digip

[01000010]

Are you on Comcast Dig?

[digip]

Are you on Comcast Dig?

Yup.

[01000010]

I was thinking that is how they make it so your phone works ok when your upload is maxed. What do you think?

[digip]

I don't use their phone service, nor RENT a modem from them. I own my modem, and it has no ports for phone lines.

[BuckoA51]

If anonymity is your aim, isn't chaining a bad idea? I mean, if you're in a VPN your IP address is mixed in with everyone elses, if you chain through a proxy, you might then be the only person on that proxy from your VPN, thus making yourself more unique.