VPN Inquiry

[rjungarcia]

Hello everybody,

I would like to know about the VPN connection on Mac.

My Mac is behind a VPN via a wired internet. If i make my Mac's wireless connection active and it also connects to a non-VPN network, what would that become of my network?
Am i still protected by VPN or am i now exposed?

Thanks.

 

[jpn]

Hello everybody,

I would like to know about the VPN connection on Mac.

My Mac is behind a VPN via a wired internet. If i make my Mac's wireless connection active and it also connects to a non-VPN network, what would that become of my network?
Am i still protected by VPN or am i now exposed?

Thanks.

if the VPN is always on, and your configuration is:
yr computer → wifi → vpn → wired internet
then the answer is "most likely" yr requests do go out through VPN first.
however, it would be best to read through any documentation you have about how that VPN works.
but in most normal circumstances, yes, your internet connection even though originating through wifi then through wired internet is secure.

 

[Trojan37]

Hello everybody,

I would like to know about the VPN connection on Mac.

My Mac is behind a VPN via a wired internet. If i make my Mac's wireless connection active and it also connects to a non-VPN network, what would that become of my network?
Am i still protected by VPN or am i now exposed?

Thanks.

No vpn is really completely secure right now regardless of what you do or who your provider is. With the CVE-2019-14899 exploit any vpn connection be it openvpn, wiredguard, IPSec. Are all vulnerable to vpn hijacking. It’s due to an operating system flaw. So until Apple releases an update with a fix all vpn’s are vulnerable to this remote attack.

 

[iluvmacs99]

Hello everybody,

I would like to know about the VPN connection on Mac.

My Mac is behind a VPN via a wired internet. If i make my Mac's wireless connection active and it also connects to a non-VPN network, what would that become of my network?
Am i still protected by VPN or am i now exposed?

Thanks.

If you are behind a software VPN running on your computer, then all IP connections be it wired and wireless are protected by that software VPN. If you are running a Mac behind a hardware VPN connected to another hardware VPN like in a corporate environment, or just a corporate software VPN to a corporate VPN server and then you turn on your Mac's wireless connection and connect to a non-VPN network, then all your corporate activities will route through the hardware VPN, but all your wireless connections will route through the non-secured non VPN network.

 

[jtara]

VPNs do NOT "protect" against anything.

All they do is create a "tunnel" over the Internet to some remote endpoint where it emerges.

That remote endpoint might be: your corporate headquarters (perhaps you are in a remote branch office), your home router (perhaps you are using a mobile device away from home), a remote exit point of some commercial VPN provider (perhaps you want to use BBC Player in the U.S. and so you use a tunnel that emerges in the UK, or perhaps you for some reason want to hide activity from your ISP/school/company/parents...).

The data sent over the tunnel is encrypted, and so I guess you could say it "protects" against snooping for some part of the path. (All bets are off once it emerges from the other end of the tunnel, though!)

Of course, if you use modern browsers with default settings, the bulk of your web browsing is already encrypted (DNS - which would show points of contact - is not by default, but content is if the website you access uses https. This is double-encrypted within the tunnel. Other traffic which is not normally encrypted is additionally encrypted while within the tunnel.

Whoever controls the other end of the tunnel MIGHT offer some protection. For example, if you are a remote office VPNing into your corporate headquarters, presumably there will be a good firewall between the corporate headquarters and the Internet. A commercial VPN provider MIGHT offer some kind of spam/malware/virus/"bad content" protection.

Getting back to your question... if you turn on WiFi and connect to some WiFi network, I *believe* your Mac will route over the faster connection, whichever that is. If there are resources directly on the WiFi network that you access, of course those will pass through the WiFi interface and the VPN is not involved for those connections.

Should your wired connection momentarily fail, then your Mac will route ALL traffic over the WiFi, and then again, the VPN will not be involved at all.

----
FWIW, IMO the best place to implement a VPN is in your router, not on your Mac. (Though this depends on your intended usage). If you enable a VPN on your router, than traffic from both your Mac (and/or other wired computers) as well as WiFi devices (e.g. iPad, your iPhone while at home), etc. will also go through the VPN.

 

[Ambrosia7177]

Is your VPN on your Mac or is it located somehwere else - for example a VPN you connect to for work?

 

[jtara]

If you are behind a software VPN running on your computer, then all IP connections be it wired and wireless are protected by that software VPN.

That's not true.

First - again - a VPN doesn't "protect" anything. (Maybe you are thinking, instead, of a firewall?) It just routes traffic (some or all, depending on configuration) through a tunnel.

A VPN running on your Mac CAN'T "protect" traffic that goes through the WiFi interface. It tunnels some or all traffic to some remote endpoint. How would you get back to the WiFi network from the remote endpoint? It would have no way to reach the WiFi network.
[automerge]1578864431[/automerge]

Is your VPN on your Mac or is it located somehwere else - for example a VPN you connect to for work?

Hmmmm.... I may have misinterpreted. The poster needs to clarify.

I would like to know about the VPN connection on Mac.

... sounds like they are referring to a VPN running on the Mac. And that's what I assumed when I first read this.

but...

My Mac is behind a VPN via a wired internet.

... sounds like the VPN is running on a router, security appliance, etc. on their wired network.

It would be good to also clarify the details of the WiFi network. What's on the WiFi network? Local devices? Internet gateway? Both? It would be useful to know WHY you want to enable the wireless interface.

Any router on either the wired or wireless networks will advertise available routes. If both offer access to public Internet addresses, your Mac's software will use available information to route each request optimally.
[automerge]1578864674[/automerge]

 

[iluvmacs99]

VPN does protect you from
1, unauthorized snooping by providing an encrypted site to site communication between client and corporate server
2, mask your geolocation so your location can not be easily tracked. This protects your identity especially if you are a whistle blower or an investigative journalist exposing sensitive information of governmental agencies
3, prevent DNS re-routing from compromised hacked routers or public hotspots. Which basically means, if a VPN can not be established due to routers trying to re-route to a fake DNS, then it protects the user from using a compromised LAN or WLAN. Happens often in countries like Russia and China where they like to snoop on you if they know that you are from the west.
4, provides encrypted security over public wifispot and public wired hotspots from questionable sources, especially in airports where anyone can setup a public hotspot and fish people's data when they connect to the hotspot or wired lan. Again, it depends on the country you live in and are they part of the 5 eyes, 9 eyes, 14 eyes countries.

This is what I meant by privacy protection. However, a VPN does not provide malware and virus protection.

 

[rjungarcia]

Is your VPN on your Mac or is it located somehwere else - for example a VPN you connect to for work?

My wired Internet has a builtin VPN(openvpn setup). I also have a wireless network albeit no vpn. I was just wondering when both wired and wireless network on my Mac is active, will the VPN on the wired override the wireless?
[automerge]1578898686[/automerge]
hello guys. Thanks for all.

I have both wired and wireless network at home. The wired network(attached directly to my Mac) is behind a VPN and the wireless network is not. When i checked my IP address on my wired network(wireless disconnected), i do get the assigned VPN server that i choose. However, when both wired and wireless network are active on my Mac, NetRadar is able to locate my real IP address. I was just wondering, Does it mean that the the wireless network overrides the wired with regards to VPN?

Thanks again.

 

[Ambrosia7177]

That's not true.

First - again - a VPN doesn't "protect" anything. (Maybe you are thinking, instead, of a firewall?) It just routes traffic (some or all, depending on configuration) through a tunnel.

A VPN running on your Mac CAN'T "protect" traffic that goes through the WiFi interface. It tunnels some or all traffic to some remote endpoint. How would you get back to the WiFi network from the remote endpoint? It would have no way to reach the WiFi network.
[automerge]1578864431[/automerge]

@jtara, clearly you don't understand how a personal VPN works with your comments above...

A personal does create an encrypted tunnel between your Mac and the VPN provider. And that means it IS protecting traffic from things like your ISP, your WiFi provider, anyone using the WiFi, and anyone trying to do a Man-In-The-Middle attack over the "first hop" of the Internet - which is typically considered the most dangerous portion of the journey to your final destination (e.g. wwwMacRumors.com).

Please stop spreading misleading comments - especially about security.

VPN's are one of the best things consumers (and corproations) can do to protect communications on the Internet, and they are an important tool in anyone's "security toolbelt"!!
[automerge]1578924232[/automerge]

My wired Internet has a builtin VPN(openvpn setup). I also have a wireless network albeit no vpn. I was just wondering when both wired and wireless network on my Mac is active, will the VPN on the wired override the wireless?
[automerge]1578898686[/automerge]
hello guys. Thanks for all.

I have both wired and wireless network at home. The wired network(attached directly to my Mac) is behind a VPN and the wireless network is not. When i checked my IP address on my wired network(wireless disconnected), i do get the assigned VPN server that i choose. However, when both wired and wireless network are active on my Mac, NetRadar is able to locate my real IP address. I was just wondering, Does it mean that the the wireless network overrides the wired with regards to VPN?

Thanks again.

My advice would be to purchase a subscription to IVPN and install it on your local Mac. That way, whether you connect to the Internet through a wired or a wireless connection, you will have a local software VPN protecting your Mac at all times.

Furthermore, IVPN is located in Gilbraltar, so it is outside of the 5, 9 and 14 eyes.

Best VPN provider I have found, and the real deal since it gives you the best privacy you can find which is the main reason to use a VPN - security is secondary in my opinion.

https://www.ivpn.net/

 

[iluvmacs99]

My wired Internet has a builtin VPN(openvpn setup). I also have a wireless network albeit no vpn. I was just wondering when both wired and wireless network on my Mac is active, will the VPN on the wired override the wireless?
[automerge]1578898686[/automerge]
hello guys. Thanks for all.

I have both wired and wireless network at home. The wired network(attached directly to my Mac) is behind a VPN and the wireless network is not. When i checked my IP address on my wired network(wireless disconnected), i do get the assigned VPN server that i choose. However, when both wired and wireless network are active on my Mac, NetRadar is able to locate my real IP address. I was just wondering, Does it mean that the the wireless network overrides the wired with regards to VPN?

Thanks again.

What you are experiencing is an IP address leak and is quite common if you are running more than one encrypted tunnel. Basically, what you are doing is the same as split tunneling where one tunnel is encrypted and one is not but is setup to use trusted applications to bypass the VPN to configure other net appliances on the LAN and VLAN and in that process tags your real IP address. If you are concerned about this issue, you should disable your wired network temporarily and only activate your wireless network to ensure no leak is possible. Or else your VPN provider isn't very good in providing secure core no IP leak multi-layer VPN chain and some even put it through a Tor network before reaching the end point and this service, if you are using multiple net connections are usually reserved for the higher end privacy echelon service.

Another way is to configure your router to be a VPN client to your VPN provider with split tunnel capability. DD-WRT routers or the AsusWRT running Merlin are popular routers that support the most popular VPN service like ExpressVPN and NordVPN. I myself own the Asus router running Merlin. That way, your wired and wireless services will be handled by your router and will be the sole VPN client that handles the site to site encrypted tunnel communication so your Mac's wired and wireless communication will be secured. To prevent IP address leak, make sure to have ad-block activated in your browser and run a proxy browser (like Opera VPN) ontop of your VPN service or services. I run multiple chains of VPN when I'm in a 14 eyes country so my real IP address will not be easily sniffed out and it's really interesting that when I'm closer to Russia (which I was this year), the more security probes I was getting from them as they know I was from the West.

 

[Ambrosia7177]

One advantage of using IVPN is that the VPN client comes with a "kill switch" that when turned on will prevent you from being able to connect to the Internet (websites more specifically) while the VPN is down.

All it takes is a second to expose yourself, so a "kill switch" is mandatory for proper VPN protection.

 

[iluvmacs99]

One advantage of using IVPN is that the VPN client comes with a "kill switch" that when turned on will prevent you from being able to connect to the Internet (websites more specifically) while the VPN is down.

All it takes is a second to expose yourself, so a "kill switch" is mandatory for proper VPN protection.

I think my only concern in regards to IVPN is that it is based in Gibraltar, which is an EU member and has ties to the 14 eyes. I see that the EU is getting more aggressive in dictating what sort of software and even the ports that a smartphone should have; giving them the convenience in spying smart devices or retrieving smart devices. When I was in an EU member country last year, I was probed a few times and that is to be expected when I am in a 14 eyes country. I would use a VPN service that is NOT part of the 5 eyes, 9 eyes and 14 eyes member and has RAMdisk servers, so all logs and data will be wiped when the servers are confiscated by authorities and I would use a VPN service with a TESTED no logs policy; meaning that even under duress the provider will not and never reveal the logs of their members. That's because, a number of prominent VPN providers who claimed no logs policy eventually succumbed to the authorities and reveal their clients logs! So what's the point of having a VPN when they rat you out?!? Of course, some people can use nitrogen coolant to spray on the RAMdisk to keep the data in the RAM long enough for capturing and de-crypting on the media.

 

[jtara]

Still don't understand OP's setup. Would be useful if he can provide more information.

As I understand it, they have a wired network that has a router or security appliance that connects to some VPN. What "some VPN" is is unstated. We still don't know if the other end is a corporate network, or if they are using some consumer VPN service that comes out in a data center (somewhere... where?)

Still unclear exactly what is meant by "wired network has a built-in VPN". The VPN has to be implemented in SOME device. A router. A security appliance. Something. It's not "built in" to the wiring! A model number or manufacturer would be helpful.

No idea what is on the WiFi network.

Does the WiFi network have a separate router that has a different connection to the Internet?

Whose WiFi network? OP's own? Starbucks across the street?

Still don't know if this is a home network or at a work location. I can certainly understand if this is a work location, they may not know the details of what the IT department has set-up. There is some box sitting in some room or cabinet that implements the VPN. "built in" doesn't have any useful meaning.

The more details are provided, the more we can help.

 

[Ambrosia7177]

I think my only concern in regards to IVPN is that it is based in Gibraltar, which is an EU member and has ties to the 14 eyes. I see that the EU is getting more aggressive in dictating what sort of software and even the ports that a smartphone should have; giving them the convenience in spying smart devices or retrieving smart devices. When I was in an EU member country last year, I was probed a few times and that is to be expected when I am in a 14 eyes country. I would use a VPN service that is NOT part of the 5 eyes, 9 eyes and 14 eyes member and has RAMdisk servers, so all logs and data will be wiped when the servers are confiscated by authorities and I would use a VPN service with a TESTED no logs policy; meaning that even under duress the provider will not and never reveal the logs of their members. That's because, a number of prominent VPN providers who claimed no logs policy eventually succumbed to the authorities and reveal their clients logs! So what's the point of having a VPN when they rat you out?!? Of course, some people can use nitrogen coolant to spray on the RAMdisk to keep the data in the RAM long enough for capturing and de-crypting on the media.

A few things...

1.) I agree that Gilbraltar is in a grey area, and since I am an American and you are in the EU, you should know better what the EU is up to than me.

At the same time, what VPN is better?

I have spent A LOT of time researching this topic, and at least as of 2018, I felt that IVPN was by far the best choice as far as "The Eyes" go and quality of service, quality f client, cleit features (e.g. "kill switch"), etc.

Things are a moving target, and if you have better recommendations then I am all ears - or should I say "All eyes"?!


2.) It is important to understand that when it comes to privacy and security, so much of what you use is based *purely* on TRUST and GUT-INSTINCT.

As I often tell people... Unless you wrote the code, or part of the vendor, you just have to TRUST that what people say they wll do is true.

As mentioned in #1, if you have better ideas, I'd love to hear them. But based on my research, Gibraltar is much more secure than anything out there.

 

[jtara]

As mentioned in #1, if you have better ideas, I'd love to hear them. But based on my research, Gibraltar is much more secure than anything out there.

IVPN's exit points are located in different countries around the world, and they are almost ALL in "eyes" countries, if that matters to you. They don't even have an exit point in Gibralter.

https://www.ivpn.net/en/status/

www.ivpn.net

The company is registered in Gibraltar, which would have some impact on legal process, perhaps creating some barriers to legal process. However, as you have stated they have facilities in mostly "eyes" countries, those facilities would all be subject to both the laws and technical capabilities (of government/intelligence organizations) of the host countries.

So, not really sure what this buys you.

Personally, I would rather facilities be in "eyes" countries than not. The choice is between my government potentially spying on me, or another government spying on me and/or attempting to sow chaos. I am in the U.S. If I were in Australia, my choice might be different.

OP still hasn't stated their purpose in using a VPN. It sounds like it is just "there" and they don't know any details beyond that. So, I am guessing this is at work. Ask somebody in IT, if that won't ruffle feathers.

My best guess, based on lack of detail, is a work network controlled by IT department, and the "WiFi" is a personal hotspot on their phone. Just a wild guess.

FWIW, I have two use cases for VPNs:

- I have an IPSEC VPN configured on my home router that I sometimes use when away, especially when e.g. at a tech conference or meeting where the possibility of sophisticated hacking is high. I use IPSEC because I have have Apple devices, IPSEC support is built-in, and I trust Apple. I have reasonable trust in my semi-open-source router software, and the VPN part is open source.

- I do have OpenVPN installed on devices and have in the past run an OpenVPN server on my router. I now prefer IPSEC. I might use OpenVPN if I were going to be somewhere where IPSEC will not work.

- I have a subscription to PrivateTunnel. I currently have no real use for it. I've used it in the past occasionally to watch some British streaming content that is not available in the U.S. But realized that I'm not as big a Monty Python and Are You Being Served fan as I thought...

 

[rjungarcia]

What you are experiencing is an IP address leak and is quite common if you are running more than one encrypted tunnel. Basically, what you are doing is the same as split tunneling where one tunnel is encrypted and one is not but is setup to use trusted applications to bypass the VPN to configure other net appliances on the LAN and VLAN and in that process tags your real IP address. If you are concerned about this issue, you should disable your wired network temporarily and only activate your wireless network to ensure no leak is possible. Or else your VPN provider isn't very good in providing secure core no IP leak multi-layer VPN chain and some even put it through a Tor network before reaching the end point and this service, if you are using multiple net connections are usually reserved for the higher end privacy echelon service.

Another way is to configure your router to be a VPN client to your VPN provider with split tunnel capability. DD-WRT routers or the AsusWRT running Merlin are popular routers that support the most popular VPN service like ExpressVPN and NordVPN. I myself own the Asus router running Merlin. That way, your wired and wireless services will be handled by your router and will be the sole VPN client that handles the site to site encrypted tunnel communication so your Mac's wired and wireless communication will be secured. To prevent IP address leak, make sure to have ad-block activated in your browser and run a proxy browser (like Opera VPN) ontop of your VPN service or services. I run multiple chains of VPN when I'm in a 14 eyes country so my real IP address will not be easily sniffed out and it's really interesting that when I'm closer to Russia (which I was this year), the more security probes I was getting from them as they know I was from the West.

Thanks a lot. That is very helpful.

 

[rjungarcia]

Still don't understand OP's setup. Would be useful if he can provide more information.

As I understand it, they have a wired network that has a router or security appliance that connects to some VPN. What "some VPN" is is unstated. We still don't know if the other end is a corporate network, or if they are using some consumer VPN service that comes out in a data center (somewhere... where?)

Still unclear exactly what is meant by "wired network has a built-in VPN". The VPN has to be implemented in SOME device. A router. A security appliance. Something. It's not "built in" to the wiring! A model number or manufacturer would be helpful.

No idea what is on the WiFi network.

Does the WiFi network have a separate router that has a different connection to the Internet?

Whose WiFi network? OP's own? Starbucks across the street?

Still don't know if this is a home network or at a work location. I can certainly understand if this is a work location, they may not know the details of what the IT department has set-up. There is some box sitting in some room or cabinet that implements the VPN. "built in" doesn't have any useful meaning.

The more details are provided, the more we can help.

Hi Jtara. Am not so technical with computers.

Both wired and wireless networks are at home. My wired network is ASUS and VPN(vyprvpn) is activated. While my wireless network is set up with Apple hardware(several Airports), which doesn't have VPN. My printers and other hardware are also link to the wireless network. I would not like to mess around with the wireless network setup anymore.

My Original post came about because when i wanted to Print something, i have to activate my wifi(on my mac) to connect to the printer. otherwise(everytime) my mac is only connected to the wired.

Nothing more, my inquisitive mind just wanted to know it that little time i turn on my wifi, my IP address is already visible/exposed.

Thanks Jtara and everybody.

 

[jtara]

My wired network is ASUS and VPN(vyprvpn) is activated. While my wireless network is set up with Apple hardware(several Airports), which doesn't have VPN.

Now that is somewhat helpful.

ASUS makes many products, from wireless routers to laptops to desktop mother boards. What ASUS product are we talking about? Can you find it, and look at the nameplate on the bottom and give us a model number? Is it a wireless router? If so, did you turn off the wireless? Or is the wireless on, and the Airports augment this for additional locations around the house?

I'm not very familiar with Airports, but others here will be. Are they plugged into your wired network? I'm not sure if Airports have a "mesh" mode, where they will backhaul to another wireless router, is that perhaps how you are using them, as "extenders"? (People who have Airports please chime in!)

FWIW, I have an ASUS router RT-AC88 and I use the AsusWRT-Merlin third-party firmware. So, I have good familiarity with ASUS routers. I've shut off the WiFi on it, though, because the WiFi processors have been dying it has to be rebooted every couple of hours for the WiFi to work, but the main processor still works reliabily to handle the Internet connection. About to replace it completely with some dedicated firewall. Still haven't decided on Netgate SG-3100 or something else. Anyway, currently I use my ASUS router ONLY for Internet connection/VPN/firewall currently. I've recently gotten a Ubiquiti AP-nanoHD "flying saucer" style (much more attractive than ASUS gamer dress...) access point which is working reliably for me, and if I had a larger place, I would get more Ubiquiti access points.

It is beginning to sound like your "wireless network" (Airports) is hung off of your wired network, and so the VPN in the ASUS router is always in play, regardless of whether you connect wired or wireless from any device.

But we need more details to confirm.

Like what plugs into what!

P.S. If you are using the Airports in some extender mode, you will get better performance if you can wire them all to your wired network, if that is practical. At least those that can be easily wired.

 

[iluvmacs99]

Now that is somewhat helpful.

ASUS makes many products, from wireless routers to laptops to desktop mother boards. What ASUS product are we talking about? Can you find it, and look at the nameplate on the bottom and give us a model number? Is it a wireless router? If so, did you turn off the wireless? Or is the wireless on, and the Airports augment this for additional locations around the house?

I'm not very familiar with Airports, but others here will be. Are they plugged into your wired network? I'm not sure if Airports have a "mesh" mode, where they will backhaul to another wireless router, is that perhaps how you are using them, as "extenders"? (People who have Airports please chime in!)

FWIW, I have an ASUS router RT-AC88 and I use the AsusWRT-Merlin third-party firmware. So, I have good familiarity with ASUS routers. I've shut off the WiFi on it, though, because the WiFi processors have been dying it has to be rebooted every couple of hours for the WiFi to work, but the main processor still works reliabily to handle the Internet connection. About to replace it completely with some dedicated firewall. Still haven't decided on Netgate SG-3100 or something else. Anyway, currently I use my ASUS router ONLY for Internet connection/VPN/firewall currently. I've recently gotten a Ubiquiti AP-nanoHD "flying saucer" style (much more attractive than ASUS gamer dress...) access point which is working reliably for me, and if I had a larger place, I would get more Ubiquiti access points.

It is beginning to sound like your "wireless network" (Airports) is hung off of your wired network, and so the VPN in the ASUS router is always in play, regardless of whether you connect wired or wireless from any device.

But we need more details to confirm.

Like what plugs into what!

P.S. If you are using the Airports in some extender mode, you will get better performance if you can wire them all to your wired network, if that is practical. At least those that can be easily wired.

I think the OP is using Bonjour and AirPrint which, while makes it super easy to locate AirPrint capable printers using an iPhone, iPad and Macs and any Apple appliances that use Bonjour including a Windows PC running iTunes, it broadcasts the IP address like a glow stick and unfortunately, it won't work with a VPN. I tried so I know how the OP feels. This is part of the compromise -- when things are easy to use with Apple, the security level is low. Having said that and in my case, the secured aspect of my work that I need total privacy and security is done via a VPN and if I want to print it, it goes to a cabled printer. Or else, it is saved to a secured LAN server as PDF. When I'm offline, then I use another computer in another VLAN to print those documents without any IP leaks, because it is on a VLAN.

I think the OP's level of I.T implementation knowledge will be a challenge to take it out of the Apple's eco-system and still works with AirPrint and Bonjour.

I think it is important to note what is it that you want to keep private? Is your work so delicate that any exposure of your identity will be a life and death situation like the Journalist who got butchered last year in the Embassy, or you are just using a VPN to hide your IP conducting illegal activities that you don't want to get caught?

 

[iluvmacs99]

A few things...

1.) I agree that Gilbraltar is in a grey area, and since I am an American and you are in the EU, you should know better what the EU is up to than me.

At the same time, what VPN is better?

I have spent A LOT of time researching this topic, and at least as of 2018, I felt that IVPN was by far the best choice as far as "The Eyes" go and quality of service, quality f client, cleit features (e.g. "kill switch"), etc.

Things are a moving target, and if you have better recommendations then I am all ears - or should I say "All eyes"?!


2.) It is important to understand that when it comes to privacy and security, so much of what you use is based *purely* on TRUST and GUT-INSTINCT.

As I often tell people... Unless you wrote the code, or part of the vendor, you just have to TRUST that what people say they wll do is true.

As mentioned in #1, if you have better ideas, I'd love to hear them. But based on my research, Gibraltar is much more secure than anything out there.

Choosing a VPN I think is based on what are you planning to do with it. I don't think there is such a thing as the best VPN, because that's only based on a person's opinion and experience use case.

If a person plans to use a VPN to circumvent censorship and prevent the ISP from tracking and recording illegal torrent activities or underage activities or working in the darkweb, there are VPN providers out there that provide specialties in those fields that provide the best speeds, anonymity and access to those areas of interest to each individual client.

However, there are many users who use VPN not only to circumvent local censorship, but engage in transparency and whistleblowing of hidden government activities. Many of these individuals all have a certain level of fear and anxiety, because these activities are to educate the citizens and make government more transparent, but these governmental agencies all HATE the word transparency. So they will do anything in their powers to arrest and hunt these individuals down in order to restore their hidden agendas. It was Edward Snowden who brought our attention to the 5 eyes, 9eyes and 14 eyes. Before Snowden, there was some awareness that these entities exist, but what he did and as well as what Wikileaks did helped bring transparency and awareness of these covert operations within governmental agencies. It is this aspect of VPN that many individuals choose to basically protect their identity. So people who work in this field of providing third party transparency are usually the ones that are target of the attacks, including IVPN who came out to trash a certain individual who didn't rate IVPN that highly. Why come out in the public and trash an individual, unless their company's reaction has some basis of concern. If someone questions your security issues and where you are located, then address it and improve upon it rather than coming out, defending your company's position and then dismiss it. Then the company looks no different that those governmental agencies who did the same to individuals who advocate transparency on behalf of the country's citizens. I look for these. No company is clean; correct, but we all use our own intuition and best judgement to choose what is best for our own use case.

 

[rjungarcia]

Now that is somewhat helpful.

ASUS makes many products, from wireless routers to laptops to desktop mother boards. What ASUS product are we talking about? Can you find it, and look at the nameplate on the bottom and give us a model number? Is it a wireless router? If so, did you turn off the wireless? Or is the wireless on, and the Airports augment this for additional locations around the house?

I'm not very familiar with Airports, but others here will be. Are they plugged into your wired network? I'm not sure if Airports have a "mesh" mode, where they will backhaul to another wireless router, is that perhaps how you are using them, as "extenders"? (People who have Airports please chime in!)

FWIW, I have an ASUS router RT-AC88 and I use the AsusWRT-Merlin third-party firmware. So, I have good familiarity with ASUS routers. I've shut off the WiFi on it, though, because the WiFi processors have been dying it has to be rebooted every couple of hours for the WiFi to work, but the main processor still works reliabily to handle the Internet connection. About to replace it completely with some dedicated firewall. Still haven't decided on Netgate SG-3100 or something else. Anyway, currently I use my ASUS router ONLY for Internet connection/VPN/firewall currently. I've recently gotten a Ubiquiti AP-nanoHD "flying saucer" style (much more attractive than ASUS gamer dress...) access point which is working reliably for me, and if I had a larger place, I would get more Ubiquiti access points.

It is beginning to sound like your "wireless network" (Airports) is hung off of your wired network, and so the VPN in the ASUS router is always in play, regardless of whether you connect wired or wireless from any device.

But we need more details to confirm.

Like what plugs into what!

P.S. If you are using the Airports in some extender mode, you will get better performance if you can wire them all to your wired network, if that is practical. At least those that can be easily wired.

Hello again Jtara.
i have an ASUS RT-AC3200 wired to my Mac and has its own ISP. It's VPN is activated using openvpn(vyprvpn account). and it's WIFI is turned off.
While our household Wireless network is using the extended airports(airport extremes, airport expresses and a time capsule. A Printer is attached to it asd a couple of external hard drives. and it has a different ISP from my wired ASUS. No VPN with the wireless network.

I just want to know if during that little time that i to connect my "wired" mac to the wireless network, and both wired(with vpn) and wireless(non-vpn) connections are active(say to print or access some files on the wireless network), is my true IP address visible?

Thanks.
[automerge]1579052248[/automerge]

I think the OP is using Bonjour and AirPrint which, while makes it super easy to locate AirPrint capable printers using an iPhone, iPad and Macs and any Apple appliances that use Bonjour including a Windows PC running iTunes, it broadcasts the IP address like a glow stick and unfortunately, it won't work with a VPN. I tried so I know how the OP feels. This is part of the compromise -- when things are easy to use with Apple, the security level is low. Having said that and in my case, the secured aspect of my work that I need total privacy and security is done via a VPN and if I want to print it, it goes to a cabled printer. Or else, it is saved to a secured LAN server as PDF. When I'm offline, then I use another computer in another VLAN to print those documents without any IP leaks, because it is on a VLAN.

I think the OP's level of I.T implementation knowledge will be a challenge to take it out of the Apple's eco-system and still works with AirPrint and Bonjour.

I think it is important to note what is it that you want to keep private? Is your work so delicate that any exposure of your identity will be a life and death situation like the Journalist who got butchered last year in the Embassy, or you are just using a VPN to hide your IP conducting illegal activities that you don't want to get caught?

Thanks a lot iluvmacs99.
I really don't have time to tinker on my household's wireless net as i would get blamed for something i might do. I just want to use the wireless whenever i have to Print something as we have a common printer at home attached to the wireless network.
[automerge]1579052735[/automerge]

Hello again Jtara.
i have an ASUS RT-AC3200 wired to my Mac and has its own ISP. It's VPN is activated using openvpn(vyprvpn account). and it's WIFI is turned off.
While our household Wireless network is using the extended airports(airport extremes, airport expresses and a time capsule. A Printer is attached to it asd a couple of external hard drives. and it has a different ISP from my wired ASUS. No VPN with the wireless network.

I just want to know if during that little time that i to connect my "wired" mac to the wireless network, and both wired(with vpn) and wireless(non-vpn) connections are active(say to print or access some files on the wireless network), is my true IP address visible?

Thanks.
[automerge]1579052248[/automerge]


Thanks a lot iluvmacs99.
I really don't have time to tinker on my household's wireless net as i would get blamed for something i might do. I just want to use the wireless whenever i have to Print something as we have a common printer at home attached to the wireless network.

I think the OP is using Bonjour and AirPrint which, while makes it super easy to locate AirPrint capable printers using an iPhone, iPad and Macs and any Apple appliances that use Bonjour including a Windows PC running iTunes, it broadcasts the IP address like a glow stick and unfortunately, it won't work with a VPN. I tried so I know how the OP feels. This is part of the compromise -- when things are easy to use with Apple, the security level is low. Having said that and in my case, the secured aspect of my work that I need total privacy and security is done via a VPN and if I want to print it, it goes to a cabled printer. Or else, it is saved to a secured LAN server as PDF. When I'm offline, then I use another computer in another VLAN to print those documents without any IP leaks, because it is on a VLAN.

I think the OP's level of I.T implementation knowledge will be a challenge to take it out of the Apple's eco-system and still works with AirPrint and Bonjour.

I think it is important to note what is it that you want to keep private? Is your work so delicate that any exposure of your identity will be a life and death situation like the Journalist who got butchered last year in the Embassy, or you are just using a VPN to hide your IP conducting illegal activities that you don't want to get caught?

And nothing illegal iluvmacs99, just that i'm in the medical field and i keep sensitive data of my patients and i communicate a lot with my fellow surgeons around.