Has This Tunnel Been Breached?

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
wingfin
Posts: 3
Joined: Sun Apr 14, 2019 6:57 pm

Has This Tunnel Been Breached?

Post by wingfin » Sun Apr 14, 2019 8:10 pm

Hi,
Once I installed EtherApe on my Debian Thinkpad I began noticing some internet providers allowed the vpngate tunnel to be breached. (see image1)Image Voxitity.net had it's own HTTPS at this provider and the last provider, too.
Going back a month ago I turned off the IVP6 because my downloads were showing up going through the vpngate tunnel and then jumped to another part of EtherApe to show the download continuing between two IPV6 addresses, which really looked like a bad breach.


For example, My tunnel came through vpngate's 224.0.0.251 to T500b.local while you can see Torix.ca was breaching before the download started... Image , but once the download started then ...ipv6.telus.net began taking all the traffic on this EtherApe monitoring software. Here is the image after I started a downloadImage

I used the linux command to stop ipv6 on the old laptop so only ipv4 worked and the "breach?" stopped and data flowed only through the vpngate tunnel.

Thanks for your input,

wingfin
Posts: 3
Joined: Sun Apr 14, 2019 6:57 pm

Re: Has This Tunnel Been Breached?

Post by wingfin » Wed Apr 17, 2019 8:05 pm

I see this is not an easily answered topic.

From this public access wifi (I did not require a password to join the wifi internet router, I get this:
Image

As you can see my assigned router ip tells me my VPN tunnel to Japan is good, but within a few seconds 10.128.128.128 skips the tunnel and communicates with my router point rather than going to the end of the tunnel. Image
Now, maybe EtherApe is not displaying the connections properly... So I will pass this on to them and see what they say.

Thanks everyone!

wingfin
Posts: 3
Joined: Sun Apr 14, 2019 6:57 pm

Re: Has This Tunnel Been Breached?

Post by wingfin » Wed Apr 17, 2019 8:53 pm

Hi,

So I made a post of theis same situation from a different router, but the post failed.
So Here is another. but I think I will get the input from EtherApe to see if thier software has a display problem drawing the link to my router-ip rather than to the end of the tunnel.

wingfin
Posts: 3
Joined: Sun Apr 14, 2019 6:57 pm

Re: Has This Tunnel Been Breached?

Post by wingfin » Sat Apr 20, 2019 5:13 pm

I just discovered a mimicking flow of data that duplicates the data-flow while outside the vpntunnel.

Image

The VPN tunnel is from 192.168.255.76(my wifi) to 211.223.130.244(Korea).
At the same time with the same flow patterns there is data flowing from googleusercontent.com(I'm downloading a page from http://www.spiritofmaat.com/archive/may3/helfrich.htm ) which has nothing to do with google as you can see) to 10.211.1.21 (Which is this routers ip address)

Similar flow used to use ipv6 codes on this thinkpad, but I disable my computer from sending or receiving ipv6, then it all stopped... so now it has finally switched to doing the same thing with ipv4 after a couple of months not seeing this split in data flow.

My question is... Don't worry about it? Cause it's happening to everyone as the phoenix rises?

I'm just curious how this stuff works... for educational purposes.
Thanks for you input,
Wing

Post Reply