Page 1 of 1

Has This Tunnel Been Breached?

Posted: Sun Apr 14, 2019 8:10 pm
by wingfin
Once I installed EtherApe on my Debian Thinkpad I began noticing some internet providers allowed the vpngate tunnel to be breached. (see image1)Image had it's own HTTPS at this provider and the last provider, too.
Going back a month ago I turned off the IVP6 because my downloads were showing up going through the vpngate tunnel and then jumped to another part of EtherApe to show the download continuing between two IPV6 addresses, which really looked like a bad breach.

For example, My tunnel came through vpngate's to T500b.local while you can see was breaching before the download started... Image , but once the download started then began taking all the traffic on this EtherApe monitoring software. Here is the image after I started a downloadImage

I used the linux command to stop ipv6 on the old laptop so only ipv4 worked and the "breach?" stopped and data flowed only through the vpngate tunnel.

Thanks for your input,

Re: Has This Tunnel Been Breached?

Posted: Wed Apr 17, 2019 8:05 pm
by wingfin
I see this is not an easily answered topic.

From this public access wifi (I did not require a password to join the wifi internet router, I get this:

As you can see my assigned router ip tells me my VPN tunnel to Japan is good, but within a few seconds skips the tunnel and communicates with my router point rather than going to the end of the tunnel. Image
Now, maybe EtherApe is not displaying the connections properly... So I will pass this on to them and see what they say.

Thanks everyone!

Re: Has This Tunnel Been Breached?

Posted: Wed Apr 17, 2019 8:53 pm
by wingfin

So I made a post of theis same situation from a different router, but the post failed.
So Here is another. but I think I will get the input from EtherApe to see if thier software has a display problem drawing the link to my router-ip rather than to the end of the tunnel.

Re: Has This Tunnel Been Breached?

Posted: Sat Apr 20, 2019 5:13 pm
by wingfin
I just discovered a mimicking flow of data that duplicates the data-flow while outside the vpntunnel.


The VPN tunnel is from wifi) to
At the same time with the same flow patterns there is data flowing from'm downloading a page from ) which has nothing to do with google as you can see) to (Which is this routers ip address)

Similar flow used to use ipv6 codes on this thinkpad, but I disable my computer from sending or receiving ipv6, then it all stopped... so now it has finally switched to doing the same thing with ipv4 after a couple of months not seeing this split in data flow.

My question is... Don't worry about it? Cause it's happening to everyone as the phoenix rises?

I'm just curious how this stuff works... for educational purposes.
Thanks for you input,