URGENT - NEW IP Leak (AR 750S)


#1

Latest beta Build 1119 and official release 3.007 is leaking real IP address on change of server - this appeared fixed in previous builds (at least, it was fixed in AR300M builds).

Glitch


#2

Please explain and explain on how to reproduce.


#3

Do you mean OpenVPN? How do you find data leak? If you can explain more details for your testing will help us.


#4

Originally reported way back in June 2017 on old firmware:

Bug re-introduced in new firmware, discussed here

Johnex summed it up perfectly:

"Glitch is correct. The issue at the moment is that when you disconnect the VPN to connect to the other, during this time, any connected clients can connect to facebook, insta etc, any sites you use, and leak your information in the time it takes to click connect on the next VPN.

In the v2.x firmware internet was disabled for all clients if “force vpn” was selected, so even if you disconnect, the only thing that happens is no clients have internet, which is what we want.

v3 is automatically disabling the “force vpn” feature when disconnecting, causing this issue.
The solution is to have an option like in v2.x, letting the user decide when to disable the force vpn"

Bug was confirmed fixed here (kyson-lok post, Oct 24):

In a nutshell:
Using a VPN, if you change server there is a short window (between disconnect and re-connect) where your real IP is exposed.

I propose bringing back the “Force VPN” option so there can be no further confusion. Changing this to automatic in the new firmware doesn’t seem to be understood, even by the developers.
Force = NO internet if the connection to server drops.


#5

I have just double-checked and the leak is indeed fixed for the AR300M, build 3.005-1105.

Latest release firmware for the AR750S (3.007) and latest test build 1119 still leaks.

Glitch


Bug Reporting Thread For Firmware v3
#6

Verified and it does has leaks! Quite frustrating.

Will fix asap.


#7

Thanks for confirming!
Yes, I am sure, very frustrating for users and developers alike.
Looking froward to the fix.

G


#8

I have just loaded Build 1129 (for 750S) and this leak (change server) appears to be have been plugged.

HOWEVER, this automatic anti-leak option is not water-tight and does not operate as the old FORCE button used to:

If you try to switch to a server that does not connect (for example, in my case, I had the wrong password) then eventually it will time out and the “auto-force” will revert to “off” and your real IP will leak.

So again, for those of us that want NO INTERNET if NO VPN (ie. VPN drops, not connected, not available etc.) I ask that the FORCE VPN (ie. internet kill switch) checkbox be re-instated.

Thanks,
Glitch


#9

This should not be the case. If yes then we should fix this case.


#10

You can test by intentionally putting in a wrong password on VPN Config 2, then changing servers from Config 1 > Config 2.


#11

OK. Will fix asap! Thanks!


#12

For your info, I also just spotted a leak shortly after boot and before VPN was connected.


#13

I think I found the solution to the “boot” leak and changing servers leak:

Disable masquerading on WAN on Firewall.

See this new thread:


#14

Thanks for your sharing.