Google knows my location when my Wireguard server is under double NAT

luisnez · 2024-03-04T19:52:14.660Z

Hi everyone, I don’t know if this is a bug or maybe something that is not documented and needs to be documented. I have a Slate AX router at home running as a Wireguard server, and I have another router that I use when I travel. I have done the port forwarding correctly on the Slate AX and everything works fine for me and I have never had any problems.

But I have noticed that for some reason Google knows my location under double NAT, and Google is the only website that I have tried that manages to get it. Why is this? When I leave the Slate AX as the only router, Google cannot locate me, but if I have it under another router (double NAT) Google manages to get my location.

Microsoft? It shows my server location… any other website? it works! Google? It shows the same exact city I’m in, exposing me completely.

By the way, I’m not talking about using Google Maps or other apps that can find your location through your phone. I’m simply referring to anonymously on a random PC visiting the regular Google website (www.google.com) and seeing your physical location, like “France”, displayed in the bottom left corner.

packetmonkey · 2024-03-04T21:35:39.572Z

Are you logged into Google on your phone and is it connected to your VPN?

luisnez · 2024-03-04T22:33:03.835Z

These tests are on a PC with different browsers with all cookies cleared.
it comes down to this:

Slate Ax under double nat? leaks the location.
Slate Ax as the main router? doesn’t leak the location even using an android or mobile device.

packetmonkey · 2024-03-05T01:40:46.015Z

As it is only Google, it still sounds like you have another device that is giving away your location. If you are logged into Google on a device that is connected to the VPN and one that is not, it could be reporting either of them. For instance, if you have your phone disconnected from WiFi, but still logged into Google, it could be reporting your location from there.

But if other sites are reporting the correct location, it doesn’t sound like a bug or a networking issue to me.

admon · 2024-03-05T06:01:50.084Z

Should be Google, Double NAT won’t expose your location.

mohsent · 2024-03-05T09:49:36.279Z

Open up flags config in your Chorme: chrome://flags/ then search for Experimental QUIC protocol and disable it.

luisnez · 2024-03-06T02:07:09.116Z

I know that double NAT shouldn’t expose the location at first glance, but it’s weird. I think it’s something that should be investigated in depth by GLInet.

luisnez · 2024-03-06T02:07:48.696Z

Thanks, I’ll experiment to see if that was the reason.

doczenith1 · 2024-03-06T13:48:14.380Z

There are plenty of ways to get your location other than an IP address. If hiding/changing your location is important to you then do some Googling to better understand how to hide your location properly. This is not a GL-iNet issue.

xize11 · 2024-03-06T16:51:14.081Z

To be honest google uses various ways

wether it is a Chromium based browser, or a Android device they all do not respect the dns resolver in your settings, instead they use their own, in browser this is often a setting exposed in the browser, if you really want to avoid it use dns hijacking.
google fingerprints by persisting cookies, so if they have the exact info, it has fingerprinted you, instead it shows that, however this is not always used by them or often for a limited time until it invalidates, and sometimes triggered by typing wrong addresses as your interest in the search.
from webshop tracking what you have put in those fields.
dns origin mismatch with your own ip, this gives them a idea you are behind a proxy or vpn due to mismatching geo.

so best i can advise is use dns hijacking, make sure dns are not leaking this is sometimes harder than possible.

Especially if policy routing is involved, but from my experience works better in gl-inet than OpenWrts through the pbr app by Strangri.

For dnsleaks you can use, ipleak.net, dnsleaktest.com.

packetmonkey · 2024-03-06T18:38:44.275Z

To add to this, for machines I absolutely don’t want leaking, I have a firewall rule to allow it to access the vpn and right after that a firewall rule denying all other traffic for that host. As long as you build your policy properly, that should prevent leakage around the vpn.

frank-the-tank · 2024-11-02T08:05:26.409Z

I’m dealing with the exact same problem. Did you find a solution?

AdamK · 2024-11-08T20:10:12.145Z

There are many ways to have location exposed. By GPS (on a phone), signing into a personal Google account, searching things relevant to your true location, etc. Google is smart, but it doesn't mean you have to worry about your work laptop exposing your location... your IP is still your Wireguard server's, it's just your browser (ex. Google Chrome) that thinks you're not where your IP says you are

Happi · 2024-11-09T07:37:53.857Z

luisnez:

Google website (www.google.com ) and seeing your physical location, like “France”, displayed in the bottom left corner.

Seeing "France" is hardly giving away your location, unless, of course, you want to appear to be in another country!
Only a guess but is the PC set to the French language?

xize11 · 2024-11-09T07:56:17.170Z

Happi:

Only a guess but is the PC set to the French language?

I don't think they check os yet, maybe on phones.

What they will do however is check language of the browser, they can use a clever social engineering trick in where they use client side javascript to read the local api of the browser rather than the public ip.

either you have to block javascript or use a transparant proxy which adds a javascript on top messing what google reads, which breaks the trust in https aswell, not really useful and complicated, not sure if it works to change browsers language maybe it took it directly from the system.

Quidn · 2024-11-09T14:16:47.072Z

packetmonkey:

it still sounds like you have another device that is giving away your location

+1

luisnez:

something that should be investigated in depth by GLInet.

I don't think this is needed and pretty sure it's not at all related to the router itself in any way.

frank-the-tank:

I’m dealing with the exact same problem. Did you find a solution?

If you turn off the router Wi-Fi and connect it with wired ethernet directly to a PC that doesn't have any wireless adapter, your "new" location won't be exposed.

Then, change one by one and you'll eventually find the cause.