How To Test Vpn Connection
How to Check If Your VPN Connection Is Secure? Top Recommended VPN. 30-Day Money-Back Guarantee. How to Check If Your VPN Connection Is Secure? Despite this, it’s always important once in a while to check and confirm that you have a stable working connection, and that all the security protocols you’re paying for through subscription are in place. Jun 05, 2019 The best thing to do is to get the tools that will help test a VPN. Testing a VPN will let the user know if the VPN is doing its job or not. At times, even a poorly set up VPN can lead to errors which make the PC leak data and expose the user’s IP address.
VPNs are great for security, but one of the big reasons many people use one is to mask or change their IP address. This lets you get around location-based restrictions on content, or check if your provider is throttling your connection. Unfortunately, a new security flaw can reveal your real IP address to prying eyes, even if you’re using a VPN, and it’s easy to exploit. Here’s how it works, and what you can do about it.
What’s All This Now? Is My Data At Risk?
Advertisement
Let’s back up a bit. A Virtual Private Network, or a VPN, is great for encrypting your data and boosting security, but it’s also useful to obscure your IP address. Your IP address is assigned to your internet connection by your service provider, and it can reveal who your service provider is and (in general) where you’re located. If you’ve ever visited YouTube and seen “Sorry, this video isn’t available in your country,” or tried to sign up for a new service only to find out your country isn’t supported, your IP address is how they know.
Why You Should Be Using a VPN (and How to Choose One)
You may know what a VPN, or Virtual Private Network, is; you probably don’t use one. You really…
Read more ReadAdvertisement
Many people use VPNs specifically to get around those location restrictions. When you sign in to a VPN, usually you can choose an “exit server,” or a location your VPN will “pretend” you’re actually located. Usually that’s enough to convince a service you’re in a supported country.
The Always Up-to-Date Guide to Streaming Blocked Content Overseas
Regardless of which end of whatever pond you’re on, region blocked content is annoying. Whether…
Read more
ReadAdvertisement
However, a recently discovered security flaw allows remote sites to take advantage of WebRTC (Web Real Time Communication, a feature built in to most browsers) to reveal a user’s true IP address, even if they’re connected to a VPN. As far as we know, sites aren’t taking advantage of the flaw yet, but considering services like Hulu, Spotify, Netflix, and others are taking steps to identify and lock out VPN users, it’s not a stretch to assume they’ll start.
A few lines of code is all it takes to remove the location protection you get from using a VPN, and figure out where you’re actually located and who your internet service provider really is (who can then tie your address back to who you are specifically.) While the vulnerability is primarily browser-based right now, any application that can render web pages (and uses WebRTC) is affected, meaning anyone who wants to can see past your VPN to where you really are and who you really are. Advertisers, data brokers, and governments can use it to peek through your VPN to find out where your connection is really coming from. If you use services like BitTorrent, have a set-top box like a Roku, or just stream music or movies on your computer through a site that’s not available in your country (or you’re an expat and live abroad), the apps and services you use could suddenly stop working.
Advertisement
How Can I Check If My VPN Is Affected?
Advertisement
The flaw was documented by developer Daniel Roesler over at GitHub. Roesler explains how the process works:
Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made that will return the local and public IP addresses for the user. These request results are available to javascript, so you can now obtain a users local and public IP addresses in javascript. This demo is an example implementation of that.
Additionally, these STUN requests are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus or Ghostery. This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.
Advertisement
To see if your VPN is affected:
- Visit a site like What Is My IP Address and jot down your actual ISP-provided IP address.
- Log in to your VPN, choose an exit server in another country (or use whichever exit server you prefer) and verify you’re connected.
- Go back to What Is My IP Address and check your IP address again. You should see a new address, one that corresponds with your VPN and the country you selected.
- Visit Roseler’s WebRTC test page and note the IP address displayed on the page.
If both tools show your VPN’s IP address, then you’re in the clear. However, if What Is My IP Address shows your VPN and the WebRTC test shows your normal IP address, then your browser is leaking your ISP-provided address to the world.
Advertisement
When TorrentFreak talked to VPN providers about the problem, including our favorite, Private Internet Access, that noted that they could duplicate the issue, but they weren’t sure how they could stop the vulnerabilty on their end. Since the IP check takes place directly between the user and the site they’re connected to, it’s difficult to block. Even so, they published a blog post warning users about the issue. TorGuard, another of our favorite providers, also issued a warning to their users. Those warnings also say that the issue only appears to affect Windows users, but that’s not necessarily the case—many comments (and our own testing) note that depending on your VPN and how it’s configured, your IP address may be leaked even if you use a Mac or Linux system.
Five Best VPN Service Providers
A VPN, or a Virtual Private Network, is a great tool to protect your privacy and security while you …
Read more ReadAdvertisement
How Can I Protect Myself?
Advertisement
Luckily, you don’t have to wait for VPN providers to address the issue on their ends to protect yourself. There are a number of things you can do right now, and most of them are as easy as installing a plug-in, or disabling WebRTC in your browser.
The Easy Way: Disable WebRTC In Your Browser
Chrome, Firefox, and Opera (and browsers based on them) generally have WebRTC enabled by default. Safari and Internet Explorer don’t, and thus aren’t affected (unless you’ve specifically enabled WebRTC.) Either way, if the test above worked in your browser, you’re affected. You can always switch to a browser that doesn’t have WebRTC enabled, but since most of us like the browsers we use, here’s what to do:
- Chrome and Opera: Install the ScriptSafe extension from the Chrome Web Store. It’s overkill, but it’ll disable WebRTC in your browser. Opera users can use this add on as well, you’ll just have to jump through some hoops first.
- Firefox: You have two options. You can install the Disable WebRTC addon from Mozilla Add-ons (h/t to @YourAnonNews for the link), or disable WebRTC directly by opening a tab and going to “about:config” in the address bar. Find and set the “media.peerconnection.enabled” setting to false. (You could also install NoScript, which is much like ScriptSafe, but like we mentioned, it’s probably overkill.)
Advertisement
While Roeseler notes that privacy protecting browser extensions like AdBlock, uBlock, Ghostery, and Disconnect don’t stop this behavior, these methods will definitely do the job. We’ve tested them to make sure they work, and keep an eye out—your favorite ad blocker or privacy add-on will likely update to block WebRTC in the near future.
The Best Browser Extensions that Protect Your Privacy
There are a ton of browser extensions that promise to protect your privacy, which leads to some…
Read more
ReadAdvertisement
We should note that disabling WebRTC may break some webapps and services. Browser-based apps that use your microphone and camera (like some chat sites or Google Hangouts), or automatically know your location (like food delivery sites) for example, will stop working until you re-enable it.
The Better Way: Configure Your VPN on Your Router
Update: We’ve been talking to a number of people in the security community about this issue, and after those conversations, we’re not confident that configuring your VPN at the router level is any more effective (or rather, terribly effective at all) than blocking WebRTC at the browser. While we still recommend setting up your VPN at the router level for a number of reasons (outlined below), as far as this issue is concerned, right now, we’d suggest that you use one of the browser add-ons mentioned above while we all conduct more research into the root cause—and surefire remediation for it.
Advertisement
If you want a more surefire way to protect yourself beyond installing add-ons and making tweaks to your browser every time you install or update, there is a more permanent method. Run your VPN at your router instead of on your computer directly.
There are a number of benefits to this approach. For one, it protects all of the devices on your home network, even if they’re not vulnerable to this specific flaw. It also gives all of your devices, like your smartphones, tablets, set-top boxes, and smart appliances the same protection and encryption that your VPN gives your desktop.
Advertisement
There are caveats, though. For one, if you’re the type who likes to change exit servers often (e.g., one day you want to browse as though you’re in Japan, another in Iceland, and another in the US), this means you’ll have to tweak your router setup every time you want to switch locations. Similarly, if you only need to be connected sometimes but not others—like you use a VPN for work but not when you’re streaming Netflix, you’ll need to enable or disable your VPN on your router every time you need to switch. That process can be easy or complicated, depending on your router, and your VPN.
Many VPN service providers suggest you set up your VPN at the router level anyway. Some even sell specific routers that come pre-configured to use their service, but odds are you can use your existing router (as long as it’s not provided by your internet service provider). Log in to your router’s admin page, and check your “security” or “connection” options. Depending on your model, you’ll see a VPN section, where you can type in the name of the VPN provider you’re connecting to, their server hostnames, and your username and password. Once it’s enabled, all of your traffic will be encrypted.
Advertisement
If you don’t see it, all isn’t lost. Check with your VPN provider and let them know what type of router you have. They may have instructions to walk you through the process. If they don’t, see if your router is supported by open-source router firmwares like DD-WRT ( search supported devices here), Open WRT (see supported devices here), or Tomato (see supported devices here). We’ve shown you how to install and set up DD-WRT and configure Tomato before, so if you’re new, start with our guides. All of those custom firmwares will allow you to set up your VPN at the router level.
How to Supercharge Your Router with DD-WRT
Few routers utilize their full potential out of the box because their firmware limits their…
Read more ReadAdvertisement
This vulnerability is serious, but on the bright side, it’s easily mitigated. If anything, it’s a reminder to never take your privacy for granted, even if you use all the right tools to protect it. When we talked about how to protect yourself from DNS leaks, we made the same point: Blindly trusting a privacy tool because it says the right things is a bad idea. Trust, but verify, and take your privacy and security into your own hands.
Advertisement
How to Boost Your Internet Security with DNSCrypt
When you use HTTPS or SSL, your web browsing traffic is encrypted. When you use a VPN, all of your…
Read more ReadTitle photo made using Nemo. Additional photos by James Lee, Paul Joseph, and Walt Stoneburner.
Advertisement
I am trying to connect to a VPN Server (BestUKVPN) but I'm failing each time I try.
I get a '691 error' but the username and password are OK.
I searched and I am told that 'port 1723' or 'GRE protocol port 47' being blocked can cause this issue as well.
How can I check them and, in case they are blocked, unblock them?
Sopalajo de Arrierez3 Answers
Thats all u need.
Oh and to unblock them, this page may help
GRE is a protocol, not a port. (A lot of people say 'My router isn't blocking any ports' but that's irrelevant.) Your router needs to understand how that protocol works. In particular, assuming that you're using NAT (Network Address Translation), the router will need to replace your private IP address with its public IP address in the outbound packets, then do the reverse on the inbound packets. If your router doesn't understand GRE then you either need to upgrade the firmware or replace the hardware - you'll need to check the manufacturer's documentation.
You could also try a different type of VPN connection. PPTP uses GRE, but L2TP/IPSec and SSTP don't. However, the VPN server will need to support them, and it will need a digital certificate; you will also need a certificate on your computer for L2TP/IPSec. It looks as if 'BestUKVPN' only support PPTP, so you'll need to decide whether it's more work to change your router or your server.
How To Test Vpn Connection Free
From command line, to check Windows Firewall rules for 1723 port:
If you have no results, there are no references to any 1723 port (supposedly not blocking).
If yes, try to search more details about the involved rule. For example:
Then edit AllPorts.txt file and search for 1723 to obtain more info.
To check GRE protocol, try:
and repeat the procedure.
Of course, you are always supposed to be able to perform this search at Windows Firewall screen, on Windows Control Panel.
NOTE: I assume you are talking about checking outgoing 1723 TCP port and outgoing GRE protocol. Incoming firewalling rules are only needed if you have some VPN server running inside your computer.
Sopalajo de ArrierezSopalajo de Arrierez