Jump to content
TorGuard

Search the Community

Showing results for tags 'vpn'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 44 results

  1. Dear Community, First you all know the drill by now - " The Intro " we would all have a better world if remembered to practice " Baby Love " lyrics : https://genius.com/Mothers-finest-baby-love-lyrics and video : https://www.youtube.com/watch?v=Z1LCj0Gkq94 Since version OPNsense 18.7 - you may install stubby and getdns on OPNsense by simply issuing command # pkg install getdns ( Special Thanks and Kudos to Franco and the marvelous OPNsense Development Team ) - Please disregard and do not use any guides and / or tutorials which pre-date this one which covers installation and configuration of DNS Privacy on OPNsense FireWall. This is an updated guide / tutorial which explains how to setup adding DNS-Over-TLS support for OPNsense. I run GetDns and Stubby forwarded to and integrated with Unbound. For those who wish to explore Stubby and GetDns - this method is the one recommended by DNSPRIVACY - see here : https://getdnsapi.net/ https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Daemon+-+Stubby https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Clients#DNSPrivacyClients-Unbound - please read this carefully - you will note that it indicates : Unbound As A DNS TLS Client Features:Unbound can be run as a local caching forwarder, configured to use SSL upstream, however it cannot yet authenticate upstreams, re-use TCP/TLS connections, be configured for Opportunistic mode or send several of the privacy related options (padding, ECS privacy) etc. Some users combine Unbound (as a caching proxy with other features such as DNS Blacklisting) and Stubby (as a fully featured TLS forwarder). These are the reasons I choose to use GetDns and Stubby with Unbound. Those reasons being so that I can take full advantage of all of the most secure privacy features available when running DNS OVER TLS. What I give you here is the absolute best method of implementation and deployment of DNS OVER TLS. For any and all who may be wondering why DNS OVER TLS is all the rage - read this: https://tenta.com/blog/post/2017/12/dns-over-tls-vs-dnscrypt I always set up DNS OVER TLS first before configuring OpenVPN and / or WireGuard on OPNsense - this DNS solution works flawlessly with either VPN protocol. So here we go. So get ahead and issue command # pkg install getdns in order to get started. After installing getdns which includes stubby follow the steps below. 1 - Now Ryan Steinmetz aka zi - the port maintainer and developer of this port was kind enough to include a start up script ( stubby.in ) for this package. See the stubby.in here in the raw : https://svnweb.freebsd.org/ports/head/dns/getdns/files/stubby.in?view=markup. All I had to do was ask him and he did for any and all who elect to use this great piece of FreeBSD software. 2 - Now to put all of this together, The stubby.in file is located here - /usr/local/etc/rc.d/stubby by default. First though Stubby needs Unbound root.key - run this command before getting started: # su -m unbound -c /usr/local/sbin/unbound-anchor Then - A - Issue this command : # mv /usr/local/etc/rc.d/stubby /usr/local/etc/rc.d/stubby.sh Make it executable - I run two commands - it works for me: # chmod 744 /usr/local/etc/rc.d/stubby.sh # chmod a+x /usr/local/etc/rc.d/stubby.sh B - Yes must enable Stubby Daemon in the file - open file by : nano /usr/local/etc/rc.d/stubby.sh go to line 27 - : ${stubby_enable="NO"} change the setting to : ${stubby_enable="YES"} - that is all you have to do to this file. It comes pre-configured. Save and exit. 3 - You can and should also check real time status of DNS Privacy Servers as they are experimental and are not always stable - you can monitor DNS TLS Servers Real Time Status here below: https://dnsprivacy.org/jenkins/job/dnsprivacy-monitoring/ I have read here: https://www.monperrus.net/martin/randomization-encryption-dns-requests that Also, it is good to set up some servers that listens on port 443 and others on port 853, so as to be resilient if you are on a network with blocked ports. You can also blend IPv4 and IPv6 addresses. Now you must configure Stubby to resolve DNS OVER TLS - nano /usr/local/etc/stubby/stubby.yml VERY IMPORTANT UPDATE: After checking, rechecking and the triple checking on this website mentioned above : https://www.immuniweb.com/ssl/?id=Su8SeUQ4 I have made some very serious discoveries regarding which DNS Privacy Test Servers to use. The bottom line that I strongly suggest you only choose to deploy servers which support the TLSv1.3 protocol. See here for information and importance of TLSv1.3 : https://kinsta.com/blog/tls-1-3/ I will save you some considerable leg work and post below the best configuration for your stubby.yml file. Here it is: nano /usr/local/etc/stubby/stubby.yml resolution_type: GETDNS_RESOLUTION_STUB round_robin_upstreams: 1 tls_authentication: GETDNS_AUTHENTICATION_REQUIRED tls_query_padding_blocksize: 128 edns_client_subnet_private: 1 idle_timeout: 60000 listen_addresses: - [email protected] dns_transport_list: - GETDNS_TRANSPORT_TLS tls_connection_retries: 5 tls_backoff_time: 900 timeout: 2000 upstream_recursive_servers: # IPV4 Servers ### DNS Privacy Test Servers ### #The DNS Warden DNS TLS Primary Server alternate tls_auth_name: adblock-dot.dnswarden.com and dot1.dnswarden.com - address_data: 116.203.70.156 tls_auth_name: "uncensored-dot.dnswarden.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: aPns02lcGrDxnJQcRSHN8Cfx0XG+IXwqy5ishTQtzR0= #The DNS Warden DNS TLS Secondary Server alternate tls_auth_name: adblock-dot.dnswarden.com and dot2.dnswarden.com - address_data: 116.203.35.255 tls_auth_name: "uncensored-dot.dnswarden.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: aPns02lcGrDxnJQcRSHN8Cfx0XG+IXwqy5ishTQtzR0= ### Test servers ### #The BlahDNS German DNS TLS Server - address_data: 159.69.198.101 tls_auth_name: "dot-de.blahdns.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: RzMGlPVE8DlsiA9DQRuW9CoVkwFBjS8j+we5PZ3eE0c= #The BlahDNS Japan DNS TLS Server - address_data: 108.61.201.119 tls_auth_name: "dot-jp.blahdns.com" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: 427fIEGdHRXL9C6i+PzEk+CstsrmNGXJaAnu9ECu+Hk= ## The Surfnet/Sinodun DNS TLS Server - address_data: 145.100.185.18 tls_port: 853 tls_auth_name: "dnsovertls3.sinodun.com" tls_pubkey_pinset: - digest: "sha256" value: 5SpFz7JEPzF71hditH1v2dBhSErPUMcLPJx1uk2svT8= # The securedns.eu DNS TLS Server alternate tls_auth_name: ads-dot.securedns.eu - address_data: 146.185.167.43 tls_auth_name: "dot.securedns.eu" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: h3mufC43MEqRD6uE4lz6gAgULZ5/riqH/E+U+jE3H8g= #The dns.seby.io - Vultr DNS TLS Server - address_data: 139.99.222.72 tls_auth_name: "dot.seby.io" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: 8A/1KQQiN+aFWenQon076nAINhlZjGkB15C4E/qogGw= #The Primary appliedprivacy.net DNS TLS Server - address_data: 37.252.185.232 tls_auth_name: "dot1.appliedprivacy.net" tls_port: 443 tls_pubkey_pinset: - digest: "sha256" value: TvTo5uauOH66/Vnxl2QHwBhN9xdU0Zp1Jeqi+byC1p4= #The Secure DNS Project by PumpleX DNS TLS Server - address_data: 51.38.83.141 tls_auth_name: "dns.oszx.co" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: yevnTQfRqEOU1W8rUBABZRgToMgAwRn0eH7zJeBcq0s= #The ibksturm DNS TLS Server - address_data: 178.82.102.190 tls_auth_name: "ibksturm.synology.me" tls_port: 853 tls_pubkey_pinset: - digest: "sha256" value: TjpalBJr0Ir27Dr59lXky4PXN0yTAoW92ddF8lBxYBQ= Save and Exit All of these name servers listed above DO NOT log ! repeat DO NOT log ! your DNS queries. In full disclosure some name servers claim to log traffic volume only. See here for details : https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers and look under " Logging " column. Use either or both of these two methods to verify QNAME Minimisation A - Run command : drill txt qnamemintest.internet.nl and / or B - Run command: dig txt qnamemintest.internet.nl +short and / or dig -t txt qnamemintest.internet.nl ( for more complete readout including DNSSEC results ). AD = Authenticated Data (for DNSSEC only; indicates that the data was authenticated) The results in any of these scenarios will show either: "HOORAY - QNAME minimisation is enabled on your resolver !” or “NO - QNAME minimisation is NOT enabled on your resolver .” Reference https://discourse.pi-hole.net/t/unbound-and-qname-minimisation/10038/4 You will and should get HOORAY ! - if you used the name servers listed in this guide for your Stubby configuration. Note: Starting with Unbound 1.7.2 qname minimisation is enabled by default. However, I still add these settings manually. These settings are entered under Unbound " Custom Options": qname-minimisation: yes qname-minimisation-strict: yes harden-below-nxdomain: yes 4 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/stubby.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # nano /etc/rc.conf.d/stubby - in the new file enter the following two lines: stubby_enable="YES" stubby_bootup_run="/usr/local/etc/rc.d/stubby.sh" Save and exit / then make the file executable - once again - works for me : # chmod 744 /etc/rc.conf.d/stubby # chmod a+x /etc/rc.conf.d/stubby 5- Now you must configure your Unbound DNS Server to use Stubby for DNS Over TLS. UNBOUND GENERAL SETTINGS Network Interfaces = Select ALL ! Under Custom options enter the following : server: do-not-query-localhost: no forward-zone: name: "." # Allow all DNS queries forward-addr: [email protected] ## END OF ENTRY Outgoing Network Interfaces = Select ALL ! Make Sure to NOT CHECK - DO NOT CHECK - the box for DNS Query Forwarding. Save and Apply Settings Next -Under System > Settings > General Settings Set the first DNS Server to 127.0.0.1 with no gateway selected / Make sure that DNS server option A - Allow DNS server list to be overridden by DHCP/PPP on WAN - Is Not I repeat - Is Not Checked ! and DNS server option B - Do not use the DNS Forwarder/Resolver as a DNS server for the firewall Is Not - I repeat - Is Not Checked ! I now only run 127.0.0.1 ( Localhost ) configured as the only DNS SERVER on my WAN interface. If others were added to WAN, when I ran dig or drill commands /etc/resolv.conf allowed those addresses to be queried. I only want to use Stubby yml Name Servers for DNS TLS , so this was the determinative factor in my reasoning and decision. - Save and Apply Settings C'est Fini C'est Ci Bon C'est Magnifique Reboot your router just to sure. Lastly, you can check your DNS at GRC DNS Nameserver Spoofability Test - DNSLeak.com - or any such service. Your results will render the DNS PRIVACY Name Servers which you selected in your stubby.yml configuration file. You are now running DNS OVER TLS with GETDNS plus STUBBY ( a fully featured TLS forwarder ) along with an Unbound DNS Caching Server. VERY IMPORTANT TIP: Please note that right at the top of the main DNS Privacy Test Servers Homepage ( https://dnsprivacy.org/wiki/display/DP/DNS+Privacy+Test+Servers ) It Ominously Declares: DoT servers The following servers are experimental DNS-over-TLS servers. Note that they are experimental offerings (mainly by individuals/small organisations) with no guarantees on the lifetime of the service, service level provided. The level of logging may also vary (see the individual websites where available) - the information here about logging has not been verified. Also note that the single SPKI pins published here for many of these servers are subject to change (e.g on Certificate renewal) and should be used with care!! For these reasons it is most important to check and verify your SPKI pin(s) for TLS authentication manually yourself from time to time. There are sure fire methods to make sure that you are using the correct value for any upstream nameserver ( aka tls_pubkey_pinset value ) - Go to https://blahdns.com/ and scroll down to the section to the yellow section entitled What is DNS OVER TLS click on it and it will open up. When you do it will state some general information, but what you want to pay attention to is this section: How to get SPKI gnutls-cli --print-cert -p 853 185.49.141.37 - where you must pkg install gnutls OR echo | openssl s_client -connect '185.49.141.37:853' 2>/dev/null | openssl x509 -pubkey -noout | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | openssl enc -base64 Remember to change port to 443 or port for IPV6 if different than standard 853 where applicable. https://www.dnsleaktest.com/ https://www.perfect-privacy.com/dns-leaktest https://cryptoip.info/dns-leak-test https://www.grc.com/dns/dns.htm https://www.vpninsights.com/dns-leak-test and last but not least https://cmdns.dev.dns-oarc.net/ for a thorough in depth DNS Test https://bash.ws/dnsleak/test/ Now all you need to do is run is a properly configured VPN Service. By doing so, running DNS over TLS with Stubby and GetDns will keep your VPN provider from spying on your encrypted DNS look ups - and also your DNS providers both the ISP ( replaced by encrypted Stubby ) and your Encrypted TLS DNS Service Provider will see your IP as the one from your encrypted tunneled VPN provider. I am convinced this setup is the right strategy for both security and privacy. I think it to be the best practice for all those most serious about multi-layered cyber security. Special thanks to all who helped me with this project. Thank you all and God Bless Always In Peace, directnupe
  2. Dear Community, Original OPNsnese Forum Post Here : https://forum.opnsense.org/index.php?topic=13461.0 And I quote " Jimi ": I see that we meet again hmmm " see here: https://youtu.be/gFAQWjdCO8o and for the purpose as stated by the leader of The Family Stone " I Want To Take You Higher - see here : https://www.youtube.com/watch?v=LQkdiJQIX5Y Now after the intro - let's get down to business. This tutorial guide details dead simple GUARANTEED method(s) to get WIREGUARD Client up and running on OPNsense Firewall. I will explore the one I prefer first. Some of you may remember my work with GETDNS and STUBBY. Please read Mimugmail's comments ( the developer and maintainer of os-wireguard-devel plugin ) below in the first reply to this tutorial. He was kind enough to inform me of a few points so no one does extra work. Specifically, Mimugmail details methods for easier OPNsense ports installation and / or easier method to install WireGuard and WireGuard-Go packages. This installation is for commercial WireGuard Clients ONLY ! - where creation of keys and how to exchange them is not needed. The keys are generated and managed by your WireGuard VPN service provider - in my case - TorGuard. 1 - As per Mimugmail's advice you can choose to install WireGuard either through ports or pkg install method. From his reply : You can install wireguard just via # pkg install wireguard && pkg install wireguard-go The pkg versions are always the latest which were available at the time of the release. The version you mention here is already in the ports tree but the pkg will be in the next minor release. To speed this up you could also do on your opnsense installation: # opnsense-code ports && cd /usr/ports/net/wireguard && make install - As I wanted the latest package ( I did not care to wait for pkg update on OPNsense and I do not like installing the entire OPNsense Ports collection on my OPNsnese Instance ) - I did the following and it worked out great. 2 - Go to https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/ as OPNsense is based on FreeBSD 11 - actually Hardened BSD - but that package is from April wireguard 0.0.20190406_1 - the current version is - July 2019 wireguard 0.0.20190702 . First install bash # pkg install bash ( as it is need by WireGuard-GO ). Scroll down page on FreeBSD package website ( find wireguard and wireguard-go ) Then issue these commands: # pkg add -f https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-go-0.0.20190517.txz and # pkg add -f https://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/wireguard-0.0.20190702.txz - As I said, this will install latest versions of these packages. Ready to get this going and up and running then follow steps below. 3 - To begin you need to get your WIREGUARD configuration files from the TORGUARD website. To do so login your TORGUARD account then go to Tools ( along the top of Login Page ) from drop Down Menu click on Enable WIREGUARD Access. You will then be in your TorGuard Account Area. You will see this message along the top : Below is a list of WireGuard VPN Servers, Please click enable in front of the servers you like to connect to, and use the returned keys shown to connect. Currently, TORGUARD offers WIREGUARD Servers in USA - New York ( quite actually situated in Clifton, New Jersey ), Asia - Singapore and Europe - UK. Click on your preferred Server - Enable WIREGUARD. This will result in a green box below the now grayed out box - which states now Disable WIREGUARD - naturally leave your server enabled as you want to connect to the now enabled server. Next, .Download Config file as the box allows you to do now that you have enabled your WIREGUARD Server. You will also see in the adjoining box the following : Location VPN Server Keys Manage USA - New York 1 159.xx.xxx.xx:xxx Server Public key: 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= Your Private Key: cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= Your Address: 10.xx.x.xxx/24 4 - Now I used this guide as the template for my manual installation of WIREGUARD on OPNsense see here : https://genneko.github.io/playing-with-bsd/networking/freebsd-wireguard-quicklook/ I will make this simple for you step by step. You may sing and / or hum along as we proceed. A- First - configure WireGuard Client. TorGuard, AzireVPN, VPN.ac, Mullvad, IVPN, are commercial VPN providers which offer LIVE ! WireGuard Services now. I use TorGuard here is a sample file. Keys are dummies - only used for illustrative purposes in this tutorial- Use your real WireGuard configuration file here: Create file by command line - # nano /usr/local/etc/wireguard/wg0.conf - and enter the configuration file below ( copy and paste ) - substitute your real one. Save and Close. Done with this file. # TorGuard WireGuard Config [Interface] PrivateKey = cE2ecALeE5B+urJhDrJlVFmf38cJLAvqekONvjvpqUA= ListenPort = 51820 DNS = 104.223.91.210 Address = 10.xx.x.xxx/24 [Peer] PublicKey = 62lKu9HsDVbyiPenApnc4sfmSYTHOVfFgL3pyB+cBL4= AllowedIPs = 0.0.0.0/0 Endpoint = 159.xx.xx.xxx:xxx PersistentKeepalive = 25 B - Secondly, run command via SSH # wg-quick up wg0 ( wireguard-go is in package and this action creates wireguard interface ) You may also run # wireguard-go wg0 to create wg0 but I prefer the first method mentioned here. 5 - Configure WireGuard Service with rc.d - for automatic startup/shutdown of the tunnel. In order to achieve this there’s already an rc.d script /usr/local/etc/rc.d/wireguard which came with the wireguard package. You need to issue this command : # mv /usr/local/etc/rc.d/wireguard /usr/local/etc/rc.d/wireguard.sh then enter the file - # nano /usr/local/etc/rc.d/wireguard.sh Then go to bottom of file - lines 46 and 47 - change : ${wireguard_enable="NO"} to : ${wireguard_enable="YES"} and then add wg0 on line 47 : ${wireguard_interfaces=""} to : ${wireguard_interfaces="wg0"} ( wgZero ) - Save and Close - Make it executable, I run two commands - it works for me: # chmod a+x /usr/local/etc/rc.d/wireguard.sh # chmod 744 /usr/local/etc/rc.d/wireguard.sh - Done with this file. 6 - In order to have OPNsense use default start up script ( /usr/local/etc/rc.d/wireguard.sh ) at boot time you will have to create a boot time start up script for it in /etc/rc.conf.d/. Not to prolong this - do the following : # nano /etc/rc.conf.d/wireguard - in the new file enter the following two lines: wireguard_enable="YES" wireguard_bootup_run="/usr/local/etc/rc.d/wireguard.sh" Save and Close - Make it executable- # chmod a+x /etc/rc.conf.d/wireguard # chmod 744 /etc/rc.conf.d/wireguard / Done with this file. 7 - Now head to OPNsense WEBGUI in order to configure Wireguard Interface ( created earlier ) and FireWall Rule. First, on Left Side WebGui Column - go to Interfaces > Assignments -you will see wg0 interface - click (+) add button /symbol. Once the wg0 interface is listed as OPT ( 1 - 2 depending on your setup ) - Click underneath it - - enter checks in " Prevent interface removal' and " Enabled " - and enter description - I call mine " WIRE " - DO NOTHING ELSE HERE ! Save and Apply - Done with this phase. Second - Firewall Rule - on Left Side WebGui Column - go to Firewall > NAT > Outbound > Once on this Landing Page put a Dot in radio button Hybrid outbound NAT rule generation - Click on Save - Do Not - Repeat Do Not Click Save and Apply At This Time - Instead Click on Add (+) Button on right side top of page - on the page which opens change Interface from WAN in drop down menu to your Wireguard ( wg0 ) Interface - in my case " WIRE " as I labeled it in the description of the interface I added earlier. Next - Change Source Address to " Lan net " and Translation/target to Interface address. Enter " Description -e.g. " Made For Wire " now Click " Save " at bottom of page. You will be taken back to Firewall:Nat:Outbound Landing Page - Click on " Apply Changes " in right upper hand corner - Done with Firewall Rule for Lan. Repeat Firewall Rule Operation for all of your other Lan Interface Subnets if you choose to do so. When using these updated packages as I did, in order to stop nagging messages to re-install outdated OPNsense wireguard and wireguard-go packages use FreeBSD pkg lock option. Issue commands in order : # pkg lock wireguard and # pkg lock wireguard-go It may be necessary to reboot OPNsense after locking wireguard and wireguard-go packages in order to restart WireGuard from command line. Your WireGuard Client is now installed and ready - you may enter command # /usr/local/etc/rc.d/wireguard.sh restart in order to start it up. You may also reboot your OPNsense Router. Lastly, issue command # wg show which prints out your WireGuard Connection statistics and configuration. I will install wireguard via # pkg install wireguard && pkg install wireguard-go as my go to method in the future. Peace and Grace Be Unto All God's Creation
  3. Does anyone use this software and have any insight at all? I don't use it often but it's my preferred method if I have to find something old or rare to listen to. Will just having a normal torguard vpn running protect privacy or does the client itself leak our information? Is there a process to setting up vpn, soulseekqt, or both to keep our data safe?
  4. Hello everyone, I'm not sure if I'm the only one experiencing lots of blocking since yesterday when trying to access Netflix USA. Streaming services are pretty much the main use for the VPN service so if this is not working anymore I might have to try another service. I am using a Linux desktop and trying to watch locally via Browser and even this is not working for a couple of days now. I updated the version to 3.91.0 but still no luck. Does anyone have an idea what might be the issue? Verification via the TorGuard client is positive. I am in any of the locations I have tried so far. Got stuck with New York because seemingly the fastest connection because I am connecting from Europe. Output of ip route show (where 172.27.10.0/24 is my local network and .11 is the system I am working on): Thanks for any suggestions in advance. Yours ViiJay.
  5. How to create VPN Killswitch with Windows 7/8/10 Firewall Stop leaks when VPN disconnects. Introduction Having troubles with your VPN disconnecting and exposing your true IP address(es)? With the Windows firewall you can eliminate accidental leakage. What's the difference between TorGuards VPN Client killswitch and a Firewall killswitch? Simple, the client disables your main network interface, while the firewall simply blocks all traffic without disabling any network interface. The main problem with any third party application that disables your network adapter is when the VPN connection is terminated, there is a very small window where your IP address can be leaked. Let's not forget to mention that if the client cannot disable the adapter, perhaps due to: security suite, permissions, or when a malfunctioning operating system interferes. A firewall, especially Windows Firewall will have minimum chances of failure if configured correctly; it is arguably the best firewall for Windows in my opinion. Requirements: TorGuard VPN Client Windows (Tested with 7/8/10) No third-party firewall Step 1: Setting main network adapter from Public to Private Step 2: Open Windows Firewall with Advanced Security Step 3: Backup Current Firewall Policy Step 4: Create Outbound Rule Step 5: Block all Connections for Private/Domain Step 6: Giving internet permission to applications manually Final Notes + WARNINGS If you ever get a firewall popup to add program, make sure to uncheck Private networks and only have Public networks checked before clicking Allow access; If you fail to monitor this, the killswitch will be pointless. Never allow any program to automatically add firewall exceptions. You should only do this manually or whenever you get prompted by Windows Firewall. This isn't a setup and forget solution. Existing firewall rules that are assigned the Private/Domain network spaces will be able to still connect, usually it's just local network related stuff. It would be good if you reviewed all rules and adjust them accordingly to your needs.
  6. Okay, so I've done a lot of reading, it's safe to say. I asked tech support on the live chat, however, I think I had just too many questions and information and didn't know what answers I really needed. From the top. I purchased Torguard in an effort to torrent, without getting the little notices that say 'hey, knock that sh** off.' I have gotten two copyright infringement notices from ATT so far, rather, the owner of the connection has. I've since had to work my way back to actually getting the logins (albeit not through her) and I don't want to get her into any more trouble. That being said. I've read, I learned Torguard was rated highly for VPN & torrenting, and I got the anonymous proxy to go with it. There is a plethora of information out there but nothing that I can completely wrap my head around, even having a strong working knowledge of computers since Windows 95 and B&W monitors. I'm not new, but I am new to this. I understand the VPN software is an easy little click and its supposedly on, I can verify to some extent that it is working, but I cannot be sure that it remains connected or that the connection drops with the VPN - which I am not even sure of how to notice if it drops! There are ***proxy*** configuration pages for different torrent programs, but I don't see information on port forwarding, or setting up the connection to the VPN directly, and the ones that I do see have equally as many posts complaining that they have leaks due to the connection dropping and the client using data outside the vpn tunnel. I don't need a 100% hand walkthrough, but a guide or video that points to the answers would be awesome. Answers that aren't immediately thwarted by one thing or another - proper configuration for my situation, I suppose. The ISP is ATT Uverse, they have provided a 5268AC, which I connect to through a wireless adapter to ethernet (connection is faster, idk why, it just is). I am running Comodo Firewall on the machine and I would like to use bitcomet or something similar, because I would like to have access to the KAD network. I have been trying to figure this out for hours and I can't...I know I need to open ports, I don't know where to do that, the concept just plain eludes me right now, and I know this stuff well enough to be dangerous but apparently not well enough to be safe! HELP! Please, and thank you!
  7. 186542_1511348159

    DD-WRT OpenVPN client setup with Dedicated IP

    Hi all, I could really use your assistance and input with the setup of my DD-WRT router with a Dedicated IP. I have been struggling with this for a while now and about to throw in the towel. Please forgive my newby-ness... my tech skills from bygone days of app development are quite rusty I'm running an older Netgear with DD-WRT v24-sp2 (03/25/13) as a gateway. I have another router without VPN. I flashed the router myself and, with much assistance from TorGuard Support (you guys are awesome), I finally got the darned thing running a VPN. The only problem is that it was not using my Dedicated IP. After much "internet education", I managed to work through some of the configuration. I now have internet access through it... BUT I have 3 persistent problems: it takes ages for the VPN to get established when the router reboots my real location and IP are visible... not the IP and location of the VPN connection keeps dropping and re-initiating (see log below) I'm likely doing something very wrong, but for the life of me I can't figure out what it is. Below are the screenshot of my OpenVPN Client setup, as well as an extract of my last log (I replaced my dedicated IP with [X.X.X.X]. If anyone could provide me some direction or feedback, I would be really be grateful! State Server: : Local Address: Remote Address: Client: RECONNECTING: connection-reset Local Address: Remote Address: Log 20180602 11:20:21 Socket Buffers: R=[87380->131072] S=[16384->131072] 20180602 11:20:21 I Attempting to establish TCP connection with [AF_INET]67.158.54.48:443 [nonblock] 20180602 11:20:22 I TCP connection established with [AF_INET]67.158.54.48:443 20180602 11:20:22 I TCPv4_CLIENT link local: [undef] 20180602 11:20:22 I TCPv4_CLIENT link remote: [AF_INET]67.158.54.48:443 20180602 11:20:22 TLS: Initial packet from [AF_INET]67.158.54.48:443 sid=78501a3c b15bd1dc 20180602 11:20:23 N Connection reset restarting [0] 20180602 11:20:23 I SIGUSR1[soft connection-reset] received process restarting 20180602 11:20:23 Restart pause 5 second(s) 20180602 11:20:28 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
  8. Hey so i paid for a Proxy specifically. After I completed the purchase... I downloaded it, and only have the option of running a VPN. I was needing a proxy though. Can someone please help me figure this out.? Thank you, Trevor.
  9. Hi Guys, I want to be in VPN no matter what device is connected to my router so, seems like my ASUS RT-AC88U can connect as a client to VPN services by PPTP, L2TP and OpenVPN. Question is, how can I do it? If I opt in for OpenVPN, seems like I need a .ovpn file to import. Any ideas? Thanks
  10. crunkazcanbe

    Plex not working through vpn

    Trying to get Plex working over VPN but having issues due to needing port 32400 . If need be I can change the port but that's the default . Could I get any help please . Picture attached
  11. So I attach a laptop at work to Xfinity's hotspots (mainly to browse outside of my job's network) and use the TorGuard client to further protect what I'm doing. The signal from the hotspot is really strong and whenever I don't use TG's VPN, it's remains solid throughout the day. If I connect to a VPN, it'll generally disconnect after 10-15 minutes, sometimes quicker, sometimes longer. I know it's doing it since I have app kill enabled for the browser, just in case. I read in Xfinity's forums that they block VPN's on the public wifi's (I don't seem to have the same problem at home - at least not as much). Are there specific settings that I should be using to get around these constant disconnects? I read that setting TorGuard to TCP:80 will do the trick and I'm trying it, but thought I would reach out to see if anyone else is having problems or has specific answers. Thanks!
  12. Matt_H

    MLB.TV with Anonymous VPN

    Is anyone able to watch MLB.TV streaming games over Anonymous VPN this season? Any game I attempt to watch I get a regional blackout error. I attempted Chicago, Toronto, Turkey, and Iceland servers, all with the same results. I was able to watch games over Anonymous VPN last season.
  13. Hello, I am on the TorGuard VPN client and Windows (and browsers) still see my real location. If I go here https://ipleak.net/ is see my local IP and the VPN IP. It says I have a webRTC leak. I assume their is a chrome extension that can help for my chrome browser....but I am more concerned with Windows location still seeing where I am. Any advice? Thanks
  14. First.Impressions

    Fraud Status

    Hi, I just bought TorGuard VPN annual service. When I logged in to my account the status says “FRAUD”. At the time I registered I was using my current vpn provider via a vpn server in Mexico. Can you either remove the “fraud” status or cancel my account, and all charges, immediately?
  15. This is a how-to configure PMS and Torguard VPN running under a Synology NAS on DSM 6.1.4 in 10 EASY steps. This assumes the following: * You have Plex Media Server installed on your Synology box. * You'll need to open port 32400 on your router. * PMS will need to be configured for remote access with a manually-specified port (32400). * This uses a VPN configuration run from your Synology box, and not your router. Step 1: Configure the Synology VPN connection as instructed here: https://torguard.net/knowledgebase.php?action=displayarticle&id=237 Step 2: Connect to said VPN, and find out what your external IP is by going to Synology Control Panel > External Access > DDNS > Add > External address (IPv4) and copying the IP address there. If you have DDNS configured, it'll show up on the list of DDNS service providers and you don't need to go into the Add menu. Step 3: Log in to your torguard.net account and go to https://torguard.net/tgconf.php?action=vpn-openvpnconfig to make a new OpenVPN config file with the following parameters: Hostname/IP "Custom" > use the IP you obtained from Step 2 Protocol TCP Port of your choice, but take note as you'll need to give this again in Step 5 Encryption Cipher should be something with CBC (make sure you use CBC, as DSM doesn't seem to support GCM) Click on Generate Config Save this somewhere you can get to it later. Step 4: While you're in torguard.net, go to the Client Area > Management Actions > Request Port Forward Step 5: Request the following: Protocol TCP Port 32400, click + IP Address: the IP you got from Step 2 Protocol: TCP Encryption: something similar to the port/cipher above in Step 3 Click on "Submit Request" and wait a few minutes (might take longer if you're doing this at 2am and there's nobody to comply with your request); once the Status goes to green and "Active" your port is now open and available. If it says "The port tcp:32400 on ***.***.***.*** is already used on the requested server - please choose a different IP or port." then you're all set here. Step 6: On your Synology DSM, go ahead and create a new VPN connection using the new config file you created in Step 3. Step 7: Restart PMS using the Package Center. Once it restarts, click on the URL in the package, and ensure the server successfully signs in under Settings > General Step 8: Connect to the VPN. Step 9: On your browser (ideally on a network outside your home), navigate to https://app.plex.tv/ Step 10: Enjoy your media! Notes: * It's important that you select Custom in the OpenVPN config generator. If you use any of the pre-determined hostnames, the IP provided may not be the correct IP with the open port, and the connection will fail. * If the external VPN IP changes, you'll need to do this again from Step 1, although I'm told that the IP shouldn't change. Any feedback is welcome and appreciated!
  16. I got a Socks5 error while i was downloading a torrent on vuze. I was using a VPN at the same time. Will the vpn protect me from risk and exposure despite the socks5 proxy failing. The Socks5 icon went from green to yellow at the bottom of vuze however the routing icon sayed green throughout. Sorry im new to this. Thank you answers appreciated.
  17. TorGuard

    Year Review

    Introduction Hello, I have been a TorGuard customer for roughly a year now, since last April. I’ve experienced some of the worst VPN providers and some of the best; the last VPN service I was with was good but expensive, so I went on the prowl to seek something that had a better price for what I was getting. One main reason that made me decide to choose TorGuard as my primary provider, was their prices. The VPN package alone isn’t much of a deal breaker, but the “Privacy Bundle†is. You get access to all TorGuard’s HTTPS/HTTP/SOCKS proxies plus their VPN service for a couple bucks more which is totally a steal. It’s much cheaper to purchase a subscription yearly instead of monthly, this is where I decided it would be cost effective in the long run. Next reason was that they do not log or monitor any user traffic, besides the automated security measures they have put in place to protect their network from outgoing spam or ddos. They offer free DNS servers in USA and France which also have no logs, you can rest assured whatever you are accessing isn’t being monitored by a third entity. You cannot go wrong with choosing TorGuard as a VPN provider, they provide top notch support to all customers, good reasonable pricing and fast servers all around the globe. Available connection methods: ovpn/pptp/l2tp/anyconnect/sstp/ssl/http/socks/ssh — Up to 5 simultaneous connections. They offer many different pre-defined openvpn configurations as well as a custom generator to fine tune as per your liking. Ports can be forwarded to most server locations instantly from the portforward dashboard, simply enter the port you want to forward and the server IP. Your VPN account uses separate login details(different from dashboard/forums) for enhanced privacy and security, the user/password can be changed at any time from the client dashboard. You aren't required to enter any identifiable information upon signing up, you could put your name as John Doe if you wanted, become anonymous with TorGuard. VPN Client Software TorGuard's VPN client is easy to navigate, sporting a minimalist interface to access all vital components. It is loaded with a lot of different configurable settings and features. The main features that stand out in the client are the following: DNS/WebRTC/IPV6 leak protection, killswitch, stealth proxies, built in anyconnect support. The client works well on Windows 10, all features I've tested do their job as advertised. The client supports: Windows, Mac OSX, Ubuntu 86/64bit, Redhat 86/64bit, Arch 86/64bit, and of course if you do not want to use the client you can always use the provided .ovpn configs (for your router or another configuration setup, etcetera). Ciphers/Encryption Specs: Customer Service Support normally responds to tickets within two hours or less, with the exception sometimes it may take up to 24 hours depending how busy they are; best time frame I have found was between the hours of 5am and 6pm. Staff are responsive, they do their best to help you with what ever problem you may have. Livechat is more intended for pre-sales questions, since staff cannot confirm who you are if you try to ask a question related to your account, such support related questions should be directed to a ticket instead. Staff frequently update their blog to announce latest security concerns for various different topics and as well new features to keep you informed regarding their services: https://torguard.net/blog/category/torguard-updates/ Servers/Speed I am not aiming for maximize speed, instead, to achieve a strong layer of protection with TorGuard's services. My ideal setup looks like this: My Computer > TorGuard VPN(TCP, AES-256) > TorGuard Proxies(Load Balanced) > Tor Network. While this setup is not the best for speed, it does still work really well and can download stuff at reasonable rates. TorGuard servers are very reliable, I've been connected to a single VPN server location for weeks at a time; would be longer, but I end up changing locations/settings often. There is no bandwidth limits on any of the servers, TorGuard doesn't throttle users, you get unlimited bandwidth. Each month I find myself using over 1 terabyte DL/UL and haven't been restricted in anyway. TorGuard is the perfect choice for Torrents and or as a general VPN provider. The major selling point is the amount of servers you get access to, TorGuard claims to have over 1600 servers, available to 54+ different countries! End This review was not endorsed or paid for: it is solely based off my personal observations and information provided by TorGuard. Thank you for reading, hopefully you have gained some insight for how the services are like. If you want to try TorGuard out yourself, they offer a 7 day refund if for any reason you are unsatisfied with the service. Have a nice day. Check this out: Real Questions of Anonymity other VPN Service Provider’s Won’t Answer
  18. My office building's public WiFi blocks VPN connections. I was never able to connect to my former VPN host when on that network. I hoped that TorGuard's Stealth mode would solve this problem for me. Unfortunately, TorGuard VPN will not connect when I am connected to my office WiFi. I am using the Windows TG client. I have tried selecting the Los Angeles "Stealth" connection, both with and without the manual Stealth Proxy option. I have tried selecting other US connections, both with and without the Stealth Proxy option. Nothing works. The client just cycles between WAIT -> AUTH -> RECONNECTING endlessly. (When I'm not on my office WiFi, I have no problem getting TorGuard to connect properly.) I submitted a ticket to TorGuard Support, but they have been unhelpful. Anyone have any ideas what I can try? Are there log files for the Windows TG client that I can examine to see if there are any clues?
  19. I have experienced what seems to be a bug in TorGuard on iOS devices: If I enter a wrong password or user name, TorGuard will keep retrying to connect and will refuse to disconnect, effectively hijacking the device's entire network connection. You will need to kill VPN entirely on the device to regain control of your network. I have had it happen on both an iPhone and an iPad. Has anyone else seen this?
  20. Requirements: openconnect vpnc vpnc-scripts Install requirements: Ubuntu/Raspbian # Update repository sudo apt-get update # Install openconnect and vpnc scripts sudo apt-get install openconnect vpnc-scripts -y Openwrt/Lede (current available openconnect does not work, you need to compile your own) # Update repository opkg update # Install openconnect and vpnc scripts opkg install openconnect vpnc-scripts Connect to VPN: Method 1 (password stored in a file) (password is stored in plain text) # Method 1 - Password stored in file sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port </home/pi/torguard/userpass.txt Method 2 (pass password in command) (password is in plain text) # Method 2 - Pass password echo YourPass | sudo openconnect -u YourUsername --authgroup=DEFAULT -b --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=YourServerCert --pfs Server:Port My results with Raspberry Pi 3 Model B on factory system is 20/20Mb/s during Kodi was running full HD stream. With openconnect, RaspberryPi can be used as streaming service with high vpn encryption provided by TorGuard. Autostart - Method 1 There are plenty of vpnc scripts which can be used. In case of Raspberry Pi 3 Model B, it has onboard WLAN which does not perform very well, I don't get 20Mb/s with it. Connecting USB Wireless N did not solve the issue as it seems that RPi does not provide enough power to get more out of WLAN. For that reason I used external USB HUB with own power supply providing with power wireless or any other device, so that Raspberry itself has enough power. I ran into second problem. Without additional installation or manuall commands typing in terminal, you can't use second wlan that easy. Many suggest methods like to install some additional software for managing wireless, where I do not need onboard wireless at all to boot with the OS. But disabling it turns out often for newbies that they don't remember how to turn it on. That is the reason why I do suggest a very simple method for newbies, especially those who never did deal with this topics before. Using Raspeberry's LAN port is not a problem. I do get 90Mb/s, which is actually almost 100% what 100Mb/Lan card can offer. LAN is always preferable if possible. I will keep this example for the factory delivery of RPi and reffer to Raspberry Pi 3 Model B in this guide. Requirements: CA certificate from TorGuard. You can get it here. Save your password for VPN service into file in plain text, I will use this path in this guide /home/pi/torguard/onlypass-plain.txt Server's fingerprint (SHA1). (If you don't know how to find it, connect manually without and it will print sha1 fingerprint) (you can also always ask TorGuard support for assistance) XTERM xterm is not installed by default, you can install it with this command: sudo apt-get update; sudo apt-get install xterm -y Create a script to start openconnect in new terminal window Path in this guide: /home/pi/Desktop/tg.sh Example of tg.sh: sudo openconnect --verbose --pid-file=/var/run/openconnect.pid -u demouser --authgroup=DEFAULT -b --reconnect-timeout=200 --passwd-on-stdin --cafile=/home/pi/torguard/ca.crt --servercert=FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF --pfs 1.2.3.4:22 </home/pi/torguard/onlypass-plain.txt Create a script for autostarting VPN connection on boot. Path in this guide: /home/pi/Desktop/autostart-openconnect-at-sharedip.sh Because we need separate terminal window where we always can see what is going on, we need to start VPN after desktop has been loaded. There are several ways to achive it, but one simple is xterm: sleep 20 sudo xterm -e "bash /home/pi/Desktop/tg.sh;bash" Xterm starts a new window running a script where new terminal window is not closed after sh command has been run, because if it closes, you closed your VPN connection. Here I use 20 seconds to wait until everything loads or vpn will fail to connect. It works also with 10 seconds, but I would not recommend lower value. For more advanced setups, please use vpnc scripts. Edit LXDE session start script for current user Path to start script: /home/pi/.config/lxsession/LXDE-pi/autostart Add command to run a a script autoconnecting to VPN, add to : /home/pi/.config/lxsession/LXDE-pi/autostart Here I do disable onboard wlan0 because I use USB device and if you don't do that, then VPN will connect over wlan0. sudo ifconfig wlan0 down # Disable onboard Wifi @sudo /home/pi/Desktop/autostart-openconnect-at-sharedip.sh # Connect correctly over wlan1 (Here we have second time sudo, but it will not harm anything, it will only ensure, that if you forget sudo in your tg.sh, then autostart will still work) (You need to have root privileges to be able to access vpns folder) Reboot I hope it helps some newbies to get started with this amazing VPN service. On factory RPi and openconnect, I get 30Mb on download constantly which is great result and is enough for almost anything, including streaming in HD. Those who have/need faster connections, they will need to buy better device. But all in all, you can use RPi as Media Center together with IPTV behind TorGuards VPN and it is working very well, everything works very stable. This is much better replacement for any smart tv around and costs barely € 35. I think there is no cheaper device performing better for this price. If you know any, please show me the results, I would love to test them. Once again, TorGuard, thank you very much for such a great service!
  21. Hello all. I upgraded from 380.61 to 380.65. Has anybody gotten the VPN to work with the new version? I applied all of the regular settings but i need a few new options. I looked in the logs and saw the following below. Feb 10 15:03:42 rc_service: httpds 1724:notify_rc start_vpnclient1 Feb 10 15:03:42 openvpn[1961]: Options error: Unrecognized option or missing or extra parameter(s) in config.ovpn:32: push (2.4.0) Feb 10 15:03:42 openvpn[1961]: Use --help for more information. Feb 10 15:03:42 syslog: VPN_LOG_ERROR: 522: Starting OpenVPN failed... New Drop down menu options in 380.65 Cipher Negotiation - Enable (With Fallback) , disable, enable Negotiable ciphers - AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC Legacy/fallback cipher - (List of different ciphers) Compression - Disabled, None, LZO, LZO Adaptive, LZ4
  22. Not bad at all for simply connecting but as you see, even connecting to torguard brings issues if your ISP is spying on you. This is very good example of something, where other tests show you that everyhing is ok but this test clearly shows you that your ISP is hijacking DNS. You need to have Java installed on your pc to run these tests, it does not work in chrome, but on firefox it does even if using combination of proxifier and foxyproxy (because java tool does all the job, not the browser itself) TEST NOW WITH ANALYZR Good article in german explaining it a little bit and includes the test itself. Send your tests to TorGuard support, they will help you very fast with any leaks, problems or even unintentionally missconfigured device like to open ports which you do not want at all opened. Here is one example (it provides a link which you can send to torguard support if your tests show any issues): More test results (example):
  23. Hi, I made this Script to start uTorrent after 60 seconds while my VPN Connection is trying to connect. timeout 15 start c:\Users\USERNAME\AppData\Roaming\uTorrent\uTorrent.exe exit Since I noticed it takes some time to get my Dedicated IP address. TorGuard started the Script a little to early I hope someone have use for it Best Regards, BrooBee
  24. The TG Vpn update of November 19, 2016 has somehow changed my Adapter Settings for my ethernet, wfi, and it's very own TAP windows adapter settings affecting no response from the DNS Server. So basically, I could not connect to the internet (by ethernet or wifi) and I figured it out by myself on how to fix the issue. I had to make sure that I had to change IPv4 and IPv6 Settings on said adapters to obtain IPv4 and IPv6 addresses and DNS Server Addresses automatically and it would fix the issue... BUT then the settings would change so I have to figure out which adapter had the settings changed, whether be it TG (TAP) adapter or my own Ethernet or wifi adapters, I have to manually fix it. Is this some kind of glitch??? or error?
  25. Using VPN specifically for private torrent downloading. Followed Knowledge Base instructions and used the checkMyTorrent tool but error is "offline (timed out)" which isn't covered. I have tried different proxy setups but cannot get it started. Is there another guide or way to set bittorrent/utorrent up with Torguard VPN??
×