How to fix IP being revealed when using VPN

[Chicog]

Recently it has been revealed there is now a way to expose your real IP address when using a VPN or other proxy. The method revolves around using the WebRTC (Web Real-Time Communication) API and STUN (Session Traversal Utilities for NAT). Fortunately, there are some simple fixes for this issue.

To test if your browser(s) are unprotected, enable your VPN connection and go here:https://diafygi.github.io/webrtc-ips/

https://ironsocket.com/blog/security-alert-fix-browser-prevent-real-ip-address-showing/

Edited February 4, 2015 by Chicog

[IMHO]

Interesting - and amazing just how many holes there are... and still to uncover.

[bubba]

I am running OS X and just tried the script given on the link above. I tried two different VPN services and three browsers. My real IP address was revealed using Chrome and Firefox on both VPN connections, but it was not revealed using Safari.

Using the fixes given in the link worked for both Chrome and Firefox and they no longer return my real IP address.

Thanks for the tip!

Edited February 5, 2015 by bubba

[ardsong]

another option would be to use the TOR system with e.g. an email program, with encryption. you may also try to use Tails O.S.. It works from an USB stick uses the TOR system and leaves no traces on the computer used, it is ideal for safe use in internet-caffees.

[rainman333]

you can use http://ipleak.net/ to test as well.

"

What is a "WebRTC leaks"?

WebRTC implement STUN (Session Traversal Utilities for Nat), a protocol that allows to discover the public IP address. To disable it:

• Google Chrome users: Add the WebRTC Block Extension from the Chrome Store.
• Mozilla Firefox: Type about:config” in the address bar. Scroll down to “media.peerconnection.enabled”, double click to set it to false."

[hawker9000]

I am running OS X and just tried the script given on the link above. I tried two different VPN services and three browsers. My real IP address was revealed using Chrome and Firefox on both VPN connections, but it was not revealed using Safari.

Using the fixes given in the link worked for both Chrome and Firefox and they no longer return my real IP address.

Thanks for the tip!

I haven't tried it (yet), but as I understand it, unless a user has added WebRTC manually, the IP leak doesn't occur with IE either. By all means, someone please correct me if I'm wrong.

[KhunBENQ]

The mentioned test does not reveal my real IP address.

I am now on a Japanese VPN server (CyberGhost VPN).

Your local IP addresses:

• 10.129.26.70
• 169.254.160.207
• 192.168.1.199

Your public IP addresses:

• 161.202.xx.xx

161.202... is the Japanese server.

Edited February 5, 2015 by KhunBENQ

[KhunBENQ]

Back on my real IP. Starting with 101.108....

Your local IP addresses:

• 169.254.123.74
• 169.254.160.207
• 192.168.1.199

Your public IP addresses:

• 101.108.xx.xx

So I am not exposed to the problem.

Edited February 5, 2015 by KhunBENQ

[bartender100]

Used the test in the first post and it showed my real IP as 192.168.0.100

This is what a search of that IP brings up

Definition: 192.168.0.100 is an IP address used relatively infrequently on home networks. Certain few models of broadband router have 192.168.0.100 as their own default address, while on other local networks a router can be configured to issue it to client devices.

So is that good or bad? Its not showing I am in Thailand

[chilli42]

I use a VPN service called Anonymizer Universal. So far, it's bulletproof. Of course it's not free.

[topt]

I am running OS X and just tried the script given on the link above. I tried two different VPN services and three browsers. My real IP address was revealed using Chrome and Firefox on both VPN connections, but it was not revealed using Safari.

Using the fixes given in the link worked for both Chrome and Firefox and they no longer return my real IP address.

Thanks for the tip!

I haven't tried it (yet), but as I understand it, unless a user has added WebRTC manually, the IP leak doesn't occur with IE either. By all means, someone please correct me if I'm wrong.

Just tried it without the VPN on using IE11 and nothing shows for me either.

However in Chrome it does?

Cannot try VPN as it has decided to stop working - a free version.........

[KhunBENQ]

Used the test in the first post and it showed my real IP as 192.168.0.100

This is what a search of that IP brings up

Definition: 192.168.0.100 is an IP address used relatively infrequently on home networks. Certain few models of broadband router have 192.168.0.100 as their own default address, while on other local networks a router can be configured to issue it to client devices.

So is that good or bad? Its not showing I am in Thailand

Real IP 192.168.xx.xx as a real (-> public) IP is a nonsense result (by the tool/test).

Its an internal address that your router uses.

In a way its not "bad" if the test shows a private address as "real"/public.

Edited February 5, 2015 by KhunBENQ

[KhunBENQ]

BUT!

ZenMate addon for Chrome fails the test.

The test reveals my real IP address instead of some "London" address, while at the same time the usual whatsmyip tests show the "London" address.

[bendejo]

Good stuff. 5 stars!

I wonder about my torrent ip. This (checkmytorrentip.com) stopped working some time ago.

Edited February 5, 2015 by bendejo

[deepcell]

I know my answer is not totally related to the IP issue being revealed, but is a good pratice to have the measure bellow fully working, otherwise change your IP from the internet is not enough, since you can be reached by your DNS leak.!

Be careful with DNS leak, you can always change your DNS by a public one, do not use your ISP DNS otherwise your location can be revealed easily. For a more safe approach you change the DNS in your machine and also in the router (the place where you should configure the ISP DNS).

For example: if you are using modem ADSL cable, then you need to access it and chage the DNS option there, unless you are using a modem+router (one device). The most important configuration to edit is located under LAN -> DHCP Server Config. look for Primary DNS server and Secondary DNS server then edit this information with your own DNS server or a public one like OpenDNS or Google Open DNS as you wish.

After that put the interface down and put it up again, then check your dns leak here -> ipleak dot net or dnsleaktest dot com or any other of your preference.

Then if you want to use TOR go for it... but I do not recommend, is preferable to use chained vpn than tor. (but this you need to figure out by yourself)

Good Luck!

Edited February 5, 2015 by deepcell

[Spouse]

I'm using Private Internet Access ($40 a year) and it's listed my real IP (as far I can tell) alongside the VPN IP address.

That doesn't sound good!

[JetsetBkk]

you can use http://ipleak.net/ to test as well.

"

What is a "WebRTC leaks"?

WebRTC implement STUN (Session Traversal Utilities for Nat), a protocol that allows to discover the public IP address. To disable it:

• Google Chrome users: Add the WebRTC Block Extension from the Chrome Store.
• Mozilla Firefox: Type about:config in the address bar. Scroll down to media.peerconnection.enabled, double click to set it to false."

My Firefox had that 'about:config' option set to "True" - the default.

So I toggled it to false.

I also added...

user_pref("media.peerconnection.enabled", false);

...to my "user.js" preferences file in my Firefox profile folder.

Edit:

Using Cyber Ghost 5:

1. When "media.peerconnection.enabled" was set to "true", the fake IP address was displayed (London) under the "Your public IP addresses:" heading. No other IP addresses were listed.

2. When "media.peerconnection.enabled" was set to "false", no IP addresses were displayed under either heading - local or public.

Edited February 5, 2015 by JetsetBkk

[hawker9000]

"you can use http://ipleak.net/ to test as well."

1) Without VPN enabled and using IE11, the above test revealed my ISP-assigned IP address (no surprise there).

2) With VPN enabled and using IE11, the above test showed my IP was not being leaked.

3) With VPN enabled and using Firefox, the above test also showed my IP was not being leaked (but I do have NoScript installed).

4) With VPN enabled and using Firefox with NoScript AND all scripts ENABLED on the ipleak page, my IP was still not being leaked.

The only IP revealed in doing the above tests 2-4 was the VPN server's address (i.e., the server's global or outside address, not the local one assigned to me).

*I do not have Chrome installed

** IE 11.0.15

[expatsupreme]

probably Obama hounds made this vpn leak all the time

I tried with my free vpn I use a lot to ...... and it leaks my real ip, but I used tor later and my vpn, bulletproof

thanks for this

[bendejo]

My Firefox had that 'about:config' option set to "True" - the default.

So I toggled it to false.

I also added...

user_pref("media.peerconnection.enabled", false);

...to my "user.js" preferences file in my Firefox profile folder.

When you edit data using about:config the result is stored in prefs.js

The stuff in user.js is an addendum added by add-ons and maybe other stuff, I'm looking at mine now and all entries are from my firewall software. No harm with redundant entries, I guess, but I can see how if you change a redundant value in one its function may be overridden by the other.

[JetsetBkk]

My Firefox had that 'about:config' option set to "True" - the default.

So I toggled it to false.

I also added...

user_pref("media.peerconnection.enabled", false);

...to my "user.js" preferences file in my Firefox profile folder.

When you edit data using about:config the result is stored in prefs.js

The stuff in user.js is an addendum added by add-ons and maybe other stuff, I'm looking at mine now and all entries are from my firewall software. No harm with redundant entries, I guess, but I can see how if you change a redundant value in one its function may be overridden by the other.

The preferences in user.js override those in prefs.js. They are loaded after prefs.js.

I guess that's why it's called USER.js

I have loads of stuff in my user.js. A lot of it is to stop Firefox or add-ons getting updated without my permission. Here's a sample:

/*
 * Update stuff
 *
 *
 * app.update.enabled determines whether the application will auto-update
 * Possible values: true (default) - auto-update the application
 *                  false          - do not auto-update
 */
user_pref("app.update.enabled", false);

/* app.update.auto turns on app.update.mode and allows automatic download and install to take place
 * Possible values: true (default) - download and install updates automatically, possibly with a warning if incompatible extensions are installed (see app.update.mode)
 *                  false          - ask the user what he wants to do when an update is available
 * Caveats: app.update.enabled must be set to true for this preference to take effect
 */
user_pref("app.update.auto", false);

/*
 * app.update.mode determines which updates can be downloaded in background
 * and which ones requires an user prompt to be applied
 * Possible values: 0            - download all updates without any prompt
 *                  1 (default)  - download all updates only if there are no incompatibilities with enabled extensions, prompt otherwise
 *                  2            - download minor updates only, prompt for major updates, regardless of whether or not all enabled extensions are compatible
 * Caveats: app.update.enabled and app.update.auto must be set to true for this preference to take effect.
 */
user_pref("app.update.mode", 0);

/*
 * app.update.service.enabled allows Firefox to use the Mozilla Maintenance Service if it is installed
 */
user_pref("app.update.service.enabled", false);

/*
 * browser.search.update determines whether Firefox searches for updates for search engines
 * Possible values: True (default) - automatically check for updates to search plugins
 *                  False          - opposite of the above.
 */
user_pref("browser.search.update", false);

/*
 * extensions.update.autoUpdateDefault determines whether Firefox automatically updates extensions
 * Possible values: True           - automatically check for and install extension updates
 *                  False          - opposite of the above.
 */
user_pref("extensions.update.autoUpdateDefault", false);

/* 
 *   Other tweaks
 * 
 *   Disable the Delay When Installing New Extensions
 */
user_pref("security.dialog_enable_delay", 0); 
/* 
 *   Turn off URL greying
 */
user_pref("browser.urlbar.formatting.enabled", false);
/* 
 *   Unhide the "http" portion of a URL
 */
user_pref("browser.urlbar.trimURLs", false);
/* 
 *   Enable spell checker in multi-line & single-line text boxes
 */
user_pref("layout.spellcheckDefault", 2);
/* 
 *   Double underline style
 */
user_pref("ui.SpellCheckerUnderlineStyle", 4);
/* 
 *   Cycle through open tabs with Ctrl+Tab
 */
user_pref("browser.ctrlTab.previews", false);
/* 
 *   Disable Animations for Full Screen
 */
user_pref("browser.fullscreen.animateUp", 0);
/* 
 *   Click and hold on a hyperlink to show the context menu - turned off
 */
user_pref("ui.click_hold_context_menus", false);
/* 
 *   Instant Apply Preferences Without Closing Options Window
 */
user_pref("browser.preferences.instantApply", true);
/* 
 *   Middle-click in any textfield, addressbar or searchbox to paste clipboard
 */
user_pref("middlemouse.paste", true);

[Jaggg88]

Used the test in the first post and it showed my real IP as 192.168.0.100

This is what a search of that IP brings up

Definition: 192.168.0.100 is an IP address used relatively infrequently on home networks. Certain few models of broadband router have 192.168.0.100 as their own default address, while on other local networks a router can be configured to issue it to client devices.

So is that good or bad? Its not showing I am in Thailand

192 IP range is a public/local address and cannot geographically locate you. So that is good.

[jonwilly]

I use Zen mate and this allows me to tell the UK BBC that I am located in UK.

john

[NeverSure]

If you run a "test" on the internet and it tells you your IP is in one of the following blocks, it is in error because these aren't internet routable.

They are reserved for internal LAN and WAN use:

10.0.0.0/8

172.16.0.0/12

192.168.0.0/16

If you ask your router to use them on the internet the router will discard the request. You will probably find that your internal

IP's for your own nodes are taken from one of those blocks. Your internal nodes have IP's assigned by the router so it can "direct traffic"

and the router has the external IP assigned by the ISP.

Of course 127.0.0.1 is a loopback and isn't internet routable.

Cheers.

Edited February 10, 2015 by NeverSure

[hawker9000]

Used the test in the first post and it showed my real IP as 192.168.0.100

This is what a search of that IP brings up

Definition: 192.168.0.100 is an IP address used relatively infrequently on home networks. Certain few models of broadband router have 192.168.0.100 as their own default address, while on other local networks a router can be configured to issue it to client devices.

So is that good or bad? Its not showing I am in Thailand

192 IP range is a public/local address and cannot geographically locate you. So that is good.

Actually not the entire 192... address range. The 192.168... address range is RFC 1918 "private IP4 address space", which means these particular ~65K addresses can be, and most often are, used on private networks or LANs, such as a home or office network, but not on the Internet. (I.e., 192.1... thru 192.167... and 192.169... thru 192.254... ARE internet-routable or "public" IP4 addresses; there are two other private address ranges as well). Edge routers or other devices then use NAT - network address translation - to translate these private addresses to publicly routable addresses, like the static address your ISP might be providing you. The private IPs are non-unique - people all over the Internet using all the same ones. It's the public IPs which are unique, routable, and traceable. So if someone on the other end sees your "pre-NAT" private IP, that doesn't matter because it's untraceable.

Edited February 10, 2015 by hawker9000

[jcnbkk]

I am running OS X and just tried the script given on the link above. I tried two different VPN services and three browsers. My real IP address was revealed using Chrome and Firefox on both VPN connections, but it was not revealed using Safari.

Using the fixes given in the link worked for both Chrome and Firefox and they no longer return my real IP address.

Thanks for the tip!

May I ask which VPN you used with Safari?

[bubba]

I am running OS X and just tried the script given on the link above. I tried two different VPN services and three browsers. My real IP address was revealed using Chrome and Firefox on both VPN connections, but it was not revealed using Safari.

Using the fixes given in the link worked for both Chrome and Firefox and they no longer return my real IP address.

Thanks for the tip!

May I ask which VPN you used with Safari?

Sure. I tried Witopia from a couple of different servers/locations. I also tried Zenmate with the Chrome extension, but not from Safari.

[Xircal]

Some extended info for VPN'ers in case it's of interest to anyone: http://whoer.net/extended

[Xircal]

I'm using Private Internet Access ($40 a year) and it's listed my real IP (as far I can tell) alongside the VPN IP address.

That doesn't sound good!

Flash might be the culprit. Go to http://whoer.net/extended and see whether your real IP is listed in the Flash fields.

If it is, you need to edit the mms.cfg file which is located at C:\WINDOWS\sysWOW64\Macromed\Flash (assuming you have a 64-bit version of Windows) or C:\WINDOWS\system32\Macromed\Flash if you have the 32-bit flavour. Right click the file and choose "Run As Administrator" and then edit the file using Notepad by adding DisableSockets=1 underneath the existing entries. Save according to Step 4 below.

If "Run As Administrator" isn't present on the context menu, or you get Access Denied or similar, proceed as follows.

1. Open the mms.cfg file again and copy the existing entries to the Windows clipboard.
2. Close the file and then open Notepad.
3. Add the entries you copied to the blank file and then add DisableSockets=1 underneath those.
4. Click File | Save As | change Text documents to All Files | select coding UTF-8 and name it mms.cfg
5. Save to the My Documents folder.
6. Open C:\WINDOWS\sysWOW64\Macromed\Flash and then copy the mms.cfg file you just created to that location and choose to overwrite the existing file. Confirm if you get an Administrator prompt.
7. Go back to whoer.net site and you should be able to see N/A where you previously saw your real IP.

[Somtamnication]

Didn't work for me. Will keep researching.