Hi,
I have recently set up OpenVPN on a Debian VPS, with Clients tested on Windows XP and 7.
All works fine and when I check the IP address on sites like 'What's my IP' and also using Firefox plugin to check external IP I get the VPS static IP address as expected.
Something weird though - on my phpbb forum, I logged in as administrator and on the log it showed the Client web IP address! I checked on my Wordpress blog and posted a comment and found it showed up as originating at the Client web IP address as well.
Is this normal? Has anyone experienced this? If not, what should I be checking for?
[SOLVED] IP address of client still visible
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
npv
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jan 13, 2011 8:59 pm
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: IP address of client still visible
Hello,
Is this client web IP address that external address of your firewall/router? Is your client system directly connected to the internet somewhere?
Dunno. Perhaps try deleting any local cookies for that site and and trying again.
-Stephen
Is this client web IP address that external address of your firewall/router? Is your client system directly connected to the internet somewhere?
Dunno. Perhaps try deleting any local cookies for that site and and trying again.
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
npv
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jan 13, 2011 8:59 pm
Re: IP address of client still visible
Hi,
Yes, it is the external IP of the router for the Client.
The cookie thing got me thinking - yes the wordpress has a cookie with the router IP address in it - however it is creating that from the visit via the VPN - I checked on Chrome and Seamonkey too. phpBB creates SID cookies which are encoded so not sure if the ip is in with the cookie - probably is though.
I have tried from various browsers with and without the cookies enabled, so it must be something from the configuration - tried XP and Win7 to exclude problems with Win7.
Is there anything in the configuration for using browsers I need to do? I simply log on to the VPN and continue with using the browser and thought it had worked OK - I have not touched any of the proxy settings, but somehow the original IP address is passing through the VPN in some form, although the new IP address is being presented to the web site.
I have created a php script on one of my web sites and this shows the $_SERVER['REMOTE_ADDR'] to be the vps IP address as expected.
Will continue to investigate by picking apart what is sent, but any other thoughts welcome. Given that one of the many reasons people use a VPN is to obfuscate the client IP this seems very strange.
Alistair
Yes, it is the external IP of the router for the Client.
The cookie thing got me thinking - yes the wordpress has a cookie with the router IP address in it - however it is creating that from the visit via the VPN - I checked on Chrome and Seamonkey too. phpBB creates SID cookies which are encoded so not sure if the ip is in with the cookie - probably is though.
I have tried from various browsers with and without the cookies enabled, so it must be something from the configuration - tried XP and Win7 to exclude problems with Win7.
Is there anything in the configuration for using browsers I need to do? I simply log on to the VPN and continue with using the browser and thought it had worked OK - I have not touched any of the proxy settings, but somehow the original IP address is passing through the VPN in some form, although the new IP address is being presented to the web site.
I have created a php script on one of my web sites and this shows the $_SERVER['REMOTE_ADDR'] to be the vps IP address as expected.
Will continue to investigate by picking apart what is sent, but any other thoughts welcome. Given that one of the many reasons people use a VPN is to obfuscate the client IP this seems very strange.
Alistair
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: IP address of client still visible
A simple test would be to run a trace from your client system to the host of the bulletin board you're connecting to. OpenVPN doesn't interact packets at the application layer. From what you've described, it sounds like you are making your vpn end-point the default gateway--that being said, the only packets being emitted from your local router on behalf of your vpn client would be those maintaining the vpn tunnel itself.
-S
-S
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
npv
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jan 13, 2011 8:59 pm
Re: IP address of client still visible
Not sure how I do a trace within the VPN - is there any routine to do this?
re: cookies.
The wordpress and phpbb are both capturing the IP address at the Client level somehow and this is the Client router IP address (the Client is going on to the internet to connect to the VPN server) - they are then storing as cookie or in the database.
My question is whether the configuration of the OpenVPN server or Client can be changed to stop this happening or to get the external software to use the server IP address which is being used by the web server that you connect to - this shows the VPN server IP address as expected.
Thanks
Alistair
re: cookies.
The wordpress and phpbb are both capturing the IP address at the Client level somehow and this is the Client router IP address (the Client is going on to the internet to connect to the VPN server) - they are then storing as cookie or in the database.
My question is whether the configuration of the OpenVPN server or Client can be changed to stop this happening or to get the external software to use the server IP address which is being used by the web server that you connect to - this shows the VPN server IP address as expected.
Thanks
Alistair
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: IP address of client still visible
On any windows system, from cmd.exe, you can use: tracert -d forums.destination.net
What you should see are lines showing the remote end-point of your VPN followed by additional lines showing the route of your packet to the destination server.
Unless you have a persistent cookie on your windows system that has stored the original, non-vpn IP address of your client, I can't see how the phbb software could possibly be aware of of the non-vpn address unless your vpn connection is misconfigured.
-Stephen
What you should see are lines showing the remote end-point of your VPN followed by additional lines showing the route of your packet to the destination server.
Unless you have a persistent cookie on your windows system that has stored the original, non-vpn IP address of your client, I can't see how the phbb software could possibly be aware of of the non-vpn address unless your vpn connection is misconfigured.
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
npv
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jan 13, 2011 8:59 pm
Re: IP address of client still visible
Hi,
I think you are right - I have tried on Linux Client too - same problem.
I am doing some more research and changes to configs and will come back with my findings - one quick question though - should the Client external IP address show up in the openvpn-status.log as Real Address - virtual address is 10.8.0.6?
The logs also keep referring to the Client IP being 'Learnt'
Alistair
I think you are right - I have tried on Linux Client too - same problem.
I am doing some more research and changes to configs and will come back with my findings - one quick question though - should the Client external IP address show up in the openvpn-status.log as Real Address - virtual address is 10.8.0.6?
The logs also keep referring to the Client IP being 'Learnt'
Alistair
-
npv
- OpenVpn Newbie
- Posts: 5
- Joined: Thu Jan 13, 2011 8:59 pm
Re: IP address of client still visible
Hi,
Follow-up: the OpenVPN configuration is not the problem.
When I test using another website not hosted on the VPS server I get the correct IP address of the VPS server given in $_SERVER['REMOTE_ADDR'].
When I test on a website hosted on the VPS server I get the Client IP address.
I am using NGINX, but think it might be something to do with the NAT routing on the VPS. Will investigate further, but I don't think it is a problem as such.
Thanks for your input.
Alistair
Follow-up: the OpenVPN configuration is not the problem.
When I test using another website not hosted on the VPS server I get the correct IP address of the VPS server given in $_SERVER['REMOTE_ADDR'].
When I test on a website hosted on the VPS server I get the Client IP address.
I am using NGINX, but think it might be something to do with the NAT routing on the VPS. Will investigate further, but I don't think it is a problem as such.
Thanks for your input.
Alistair