I want to use a Beryl router to conceal my real IP address. I am concerned that even with a VPN and Internet Kill Switch it might leak intermittently (for a few milliseconds) when VPN disconnects, for example.
I can’t a afford a SINGLE packet going outside the VPN.
Would it make sense to:
- Use iptables to block ALL traffict except outgoing to my VPN server?
- Block firmware autoupdate so I can validate leakage and not worry about potential future firmware bug introduction?
Auto update can already be disabled in the Firmware upgrade section.
The VPN has a kill switch, meaning if there is no connection to the VPN, clients can’t access the internet. I’m pretty sure this is instant.
You can use these tools to check for possible leaks:
If your IP is hidden, and the dns leak tests show the DNS of your vpn provider, you’re protected
hi, for what it is worth,
my experience, no way hide/protect yourself by tweaking the router that is being used to hide the public address.
in your use-case, using dnscheckers in the cloud is not a real test,
no way should that be considered proof or trustworthy.
and even if you can
prove it works now 10 times in a row,
at some point, have to assume something will go wrong,
your ip is leaked, you are exposed, you will not know in a timely manner.
hi, in this case, no way to prove that it works
perfectly each and every time the connection is killed and re-started.
one possible solution that i use: rent a cheap cloud vm for $2.99US/month
either run your sensitive apps on that vm or use the vm as a network middle man.
— on local machine, in a virtual machine,
run an operating system such as tails and lock it down so it can only tunnel traffic to that cloud vm.
you can lock down the vm firewall, lock down the host firewall.
— on the cloud vm, lots of options
- could run shadowsocks server, stunnel, tor, socks5, etc…
- inbound vpn, outbound vpn, openvpn, wireguard, tailscale
the first vpn is from your local machine to the vm.
the second vpn is from the vm to vpn provider, i use mullvad.