The concept of unblocking geo-specific contents is possible only by masking Internet Protocol addresses (IP) and if suppose there is an IP leak, then the entire live streaming services that happen overseas would suffer. Such leaks are common when we use an unsecured internet service and anybody could easily track our sensitive information that too in few minutes. Dynamic Name System (DNS) is the process of allocating machine understandable IP address to the corresponding web URLs. During this process, there are a lot of chances that the DNS leaks are possible even without our knowledge. So to be free from such leaks, it is advisable to go for secured VPN services that safeguard our privacy and allows hassle-free access across the globe.
Even with some virtual private networks (VPN), few people have to suffer the above-mentioned problem as the VPN provider has not implemented proper safety measures. Sometimes, they outsource their DNS allocation activities to third parties which are vulnerable to such attacks. Also, few VPNs do log your data and this becomes a potential source for the hackers to trace the IP addresses. Therefore, we should be careful in choosing a VPN that ensures protection against such leaks.
What is DNS Leaks?
DNS being the process of translating the human understandable web addresses to machine-readable numerical codes, a simple carelessness in handling the data might result in a hacked situation. For example, let us consider the URL ‘www.google.com’ is the human understandable and easy to remember web address whereas the corresponding IP address is ‘172.217.17.68’. Of course, only machines can understand and interpret what this numeric code means and it really means a lot to those digital computing devices to carry out further series of operations.
During this conversion DNS, leaks happen mainly because of the storage or logging of data by the Internet Service Provider (ISP). Not all the ISPs have up to date security measures in place because of the associated cost. Indeed people are looking for cheaper services unaware of the future information thefts. Only forward thinking people pay attention to these details and would go for secured tunnels for data transmission like VPNs. Also, the increasing awareness in data security and the wide usage of VPN for a variety of purposes has slashed down its cost drastically. It’s really good to get such services at affordable prices.
IPv4 Leak
IPv4 stands for Internet Protocol version 4 and it is one of the standards that describes and defines IP addresses. It uses a 32-bit space for IP addresses and it means that any internet service provider can hold up to 2^32 IP addresses. With the increase in the website’s count and the internet usage percentage, this 32-bit space is not enough to support the current needs. Though it is running out of its space issues, we cannot completely neglect or take away its deployments which have happened several years back.
Another issue with the usage of IPv4 is the IPv4 Leaks that mainly occurs at the Operating System (OS) level. It happens most popularly with the Windows and where it sends the IP address to the ISP as per the default settings, even when we use a VPN. This means that even when are connected to a secure VPN, your IP address gets leaked. This does not happen when our data passes through the VPN tunnel but even before passing through it, at the OS level. We can always use the website ipleak.net to check whether we face IPv4 leak problems.
How to Fix IPv4 Leak?
The VPN providers themselves have taken measures to resolve this IP leak issue at their VPN Client software. The possible fixes through their applications are
- DNS Leak Protection: This is a facility or option that most leading VPN providers enable it as a default option in their Client software. But we can always disable it when it is not required. It ensures that all internet traffic passes through the encrypted VPN tunnel and not even a single request is diverted to the default ISP. Therefore, even when the OS fails to direct internet traffic to the VPN, the job is done by the VPN Client software. So, there is no chance for such an IPv4 leak when we use a VPNClient with this option enabled.
- Internet Kill Switch: This is yet another option to protect us from IP leaks during connection failures. With a VPN we can connect to the internet even through a public wifi network without the fear of data security as our data is guarded by the VPN tunnel. But what happens when there is a connection failure and such interruptions are always there in a public network. Here comes the use of Internet Kill Switch that can be enabled by the VPN Client software to terminate all our interrupted sessions. This closes all our applications and clears the data logs if any. So, even when there is a connection failure nobody could trace our IP when we have enabled this option.
Though most VPNs have them in their software as an inbuilt option, the open source default OpenVPN client does not have the facility. But we can add-on this option to OpenVPN as well.
IPv6 DNS leaks
The increasing in the use of internet has resulted in a demand for more IP addresses. This is similar to an increase in population leading to a demand in their living places. In computer terminology, we can compare the IP addresses to the house of human beings they reside. Logically speaking, the address for any web page that resides on the internet is the IP address and the previously used IPv4 is not at all enough. Therefore, there comes the new IP standard which is IPv6. It uses 128-bit space to store the addresses and thus we would have 2^128 IP addresses. This is indeed a great number that can hold the increasing web addresses. As with IPv4, the problem of IP leaks is common in Ipv6 as well. The operating system recognizes that the request is from the ISP and not from the VPN provider and just it sends the IP to the default ISP. So again, we should face the same issue irrespective of its advancement in the space management. We can detect whether we suffer an IPv6 leak, from the website test-ipv6.com as the previously mentioned ipleak.com does not predict v6 leaks at all.
How to Fix IPv6 Leaks?
We can fix the Ipv6 leaks just applying or disabling certain default system settings. Let us look at those in detail.
- Disabling IPv6 in the OS: This is the most preferred option as whichever VPN or software we use, the IP leak protection is guaranteed. Almost every Operating System supports this facility by a simple set of instructions. The problem here is every request is treated as IPv4 although the website supports v6.
- Disabling Ipv6 in the VPN Client: Many at times the users are unaware of such leaks and therefore it is better that they choose a VPN which has IPv6 Leak Protection option in its own client software. So, such headaches are handled by the VPN providers by default and we can even have the option to discard it. So, all internet traffic passes through the VPN tunnel when it employs a DNS leak protection. But the same problem arises here as well as the websites are treated as IPv4 and not as v6 and there is no use of the expanded addresses.
- VPN with inbuilt IPv6 leak protection: This is the best solution to the IPv6 leak problems as the VPN by itself can handle both v6 as well as its leaks. As of now only a few VPNs has updated their Client software to resolve the issue while others just jump to use Ipv4. It is expected from all other VPNs with a forward thinking that they should implement Ipv6 leak protection and not merely a skip.
Windows 10 DNS Client Flaw
Windows 7 sends DNS requests one after the other by the server preference. Therefore, it was easy to force all internet traffic through the VPN tunnel to provide IP leak protection. But windows 8 uses ‘Smart Multi-Homed Name resolution’ in which the DNS requests are handled in a manner similar to that in Windows 7 unless there is a DNS server failure. If there is such a failure, then the DNS requests are sent in parallel to non-preferred servers. This is mainly to optimize the system performance with respect to the speed and of course, only Microsoft knows how successful they are! Those parallel requests cannot be forced only through a VPN tunnel and it enters the default ISP as well and thus leading to a DNS leak. The scenario is even worse in Windows 10 as irrespective of the DNS server failures, it sends requests in parallel to gain faster access. Again, we cannot expect the DNS request to pass through the VPN tunnel and that causes a leak. Even US-CERT, a government body to ensure the US cyber security, has already issued alert messages to the Microsoft team to resolve the issue.
How to Fix Windows 10 DNS Client Flaw?
The possible fixes for this issue are as below.
- OpenVPN Plugin: Simple OpenVPN plugin is available to resolve the Windows 10 DNS leak issue and also we can customize OpenVPN clients for this need, with a standard .ovpn configuration file. The built-in plug-in works well with all versions of Windows including the home editions and it is advisable to use it.
- Disabling Smart Multi- Homed Name Resolution: This is a yet another solution but it is employed at the cost of lacking few advanced features that Microsoft offers us for speedy DNS requests. Anyhow, it is better to give up advancements rather than leaking our IP. The worst thing is it is not available for Windows home editions and ultimately we need to rely on the plug-ins.
What is WebRTC and how it leaks your IP?
WebRTC (Web Real-Time Communication) is a standard that allows Voice calling, Video Chatting, and P2P file sharing via the browser that we use. Browsers such as Firefox, Chrome, Opera, etc support this feature and they leak the IP addresses irrespective of the usage of proxy or a VPN. This is commonly referred to as a WebRTC bug as it occurs because of having implemented the WebRTC feature in the browser. Some other browsers such as Internet Explorer, Safari, etc does not support the feature and therefore they are free from such bugs.
How to Fix WebRTC Leaks?
- Disable the WebRTC feature: A simple solution to resolve this issue is just disabling the WebRTC feature in the browser settings. It means that we can no more enjoy the real-time communication services such as voice calling, etc but we are free from WebRTC leaks.
- Using Browser Plug-ins: We can also use specialized browser plug-ins to deactivate the feature. Some of them are uBlock, Statutory, Disable WebRTC, NoScript, etc. These plug-ins automatically block WebRTC features provided by the browser that e use.
VPN Connection Drop and Internet Kill Switch
The connection drop is a common problem even when we use the best VPN provider, as it depends on a variety of factors such as geographic locations, third party servers used by the VPN provider, poor connections, etc. The connection failures are expected especially when we use a public Wi-Fi for a VPN connection. Here, the failure is not because of the VPN but it is due to the public Wi-Fi network. In this case, we might be unaware that we are using the internet without the VPN. So, there is the possibility of exposing our true IP to hackers or government online regulatory bodies that place restrictions.
Internet Kill Switch
The use of kill switch is the possible solution to the problem as it terminates the connection whenever there is a VPN drop out. There is a wide possibility to deploy a kill switch in our VPN application and are as below
- Built-in Kill Switch: Most VPN providers have this option built in their VPN client itself and all we need to do is to enable the option. This is perhaps the easier ways to deploy the kill switch with the VPN network.
- Firewall Rules: We can frame the firewall rules in such a manner that the access to internet cancels itself at the moment when there is a VPN connection failure. The only thing is we need to frame it by ourselves as per the needs. Here is a great flexibility that we can define what a VPN connection failure by ourselves. Anyhow, it does not suit to common internet users who has no technical knowledge.
- Configuring software that monitors connection failures: There is software for the VPN such as Vuze BitTorrent Client that allows torrenting only through VPN. This is very much useful for frequent torrent users who continue download for hours. But it primarily not a kill switch but the prohibition of blocking P2P file sharing outside VPN makes it a look alike.
Use Firewalls to fix leaks
Firewalls are the greatest methods to guard against IP leaks and DNS leaks. It acts as a shield and all internet traffic should enter the shield before accessing the VPN tunnel. The most important feature of a firewall is that it can be framed according to our needs by simple ‘yes’ or ‘no’ checks. These are often referred to as the firewall rules and the strength of a firewall indeed lies in those rules. Here is the general list of steps that we need to do to escape from such leaks.
- Force all Internet Traffic through Firewall first: All the internet traffic before passing through the VPN tunnel should be filtered through the firewall. It is the firewall that should determine whether a request should enter the network or that needs to be rejected. By this filtration process, unwanted requests are trapped at the initial check itself.
- Create an exception to allow the VPN IP address: The firewall should be made in such a way that it should not block the VPNs IP address. So that the data is safely sent to the VPN tunnel without a leak.
- The exception to allow the VPN DNS servers: There should be by some means that the firewall should recognize the DNS servers of the VPN provider so that it does not block those requests as well
- Allow other VPN devices: Request from other VPN devices such as a router, etc also should not be blocked by the firewall, as most of the VPNs allow simultaneous logins from different devices.
Conclusion
People who are concerned about the DNS leaks should periodically check the websites (ipleak.net, test-ipv6.com, doileak.com) that help to identify whether we have a leak in our network. Anytime if we find a leak, we should either go for a VPN that offers such leaks protection and Internet Kill Switch or at least a third party solution to fix the issue. However, a VPN is one of the effective and simpler ways to the achieve leak protection.