1

I am using the sshuttle VPN. It's NOT a browser plug-in or a simple proxy - it is a protocol agnostic, full VPN that sends all traffic out of any host you can ssh login to. It creates a bridge0 interface with pfctl and sends all traffic through it.

So my local system(OSX, using chrome) has IP 10.0.0.10 and is connected with sshuttle to a host out on the Internet. I have NO real/routable IPs assigned to this machine.

All of the simple "what is my IP" sites are showing me the VPN address, as I expect, but google knows my real IP and browserleaks knows my real IP - and they are getting it through webrtc leakage.

I don't understand this ... my local machine knows nothing about my real IP since my local machine only knows its local 10.0.0.10 address ... and ALL of my traffic (TCP and UDP) is going out the sshuttle tunnel ...

So how does webrtc on my browser ever know anything about my real IP ?

How is this leak occurring ?

Undo
  • 450
  • 5
  • 14
user227963
  • 201
  • 1
  • 2
  • 1
    Have a look http://security.stackexchange.com/q/105128/24382 here. Nearly a dup. Edit: You can hide of your ip address with a browserplugin or with newer or not so data greedy browser in the settings. – Dr.Ü Aug 07 '16 at 22:08
  • Yes, I did read http://security.stackexchange.com/q/105128/24382 but ... as with all discussions of webrtc bypassing the VPN, they simply describe how webrtc works and how it gets the address information to leak, etc. My situation is one where ALL traffic is diverted out a new bridge0 interface and the browser/OS has no idea what the routable IP is on the other side of its DHCP assigned 10.0.0.10 address ... so I *think* this means that my VPN (sshuttle) is faulty, because I *think* webrtc should not be able to do what I see it doing. – user227963 Aug 08 '16 at 03:30
  • Have you tried getting some Wireshark captures? 10.0.0.0/8 is not routed through your vpn - maybe some other clients in your network are leaking your ip address? – Dr.Ü Aug 08 '16 at 10:45
  • I have not done a wireshark capture yet ... but based on your comment about 10.0.0.0/8, I take it that you are also confused as to how my browser, on a system with IP 10.0.0.10, would be able to leak an IP it knows nothing about ? – user227963 Aug 08 '16 at 16:08

0 Answers0