TorrentFreak had a great article on how to make sure you’re fully protected while using a VPN provider.
Before launching into more detail on some of the items they covered I want to touch on an important item not covered. Its very important that the internet connection be severed if the VPN tunnel goes down. Depending on the software used on your computer this may or may not happen. Same goes for how the VPN is implemented on your router.
Here’s the results of SecureRouter.org testing so far:
- HideMyAss on DD-WRT (installed via script) – continues to allow connections
- Astrill on DD-WRT (installed via MyPage) – shut down main connection
Client Side IP address Monitoring
“VPNetMon continuously watches the IP addresses of your PC. If the IP address of your VPN is not detected anymore, VPNetMon closes specified programs instantly. The program reacts so quickly that a new connection through your real IP will not be established by these applications,” creator Felix told TorrentFreak. Sounds like a good idea.
Stop DNS Leaks
“A DNS leak may happen whenever a DNS query ‘bypasses’ the routing table and gateway pushed by the OpenVPN server. The trigger on Windows systems may be as simple as a slight delay in the answer from the VPN DNS, or the VPN DNS unable to resolve some name,” explains Paolo from AirVPN to TorrentFreak.
Controlling DNS through your router prevents this problem cold. DD-WRT, Tomato and OpenWRT can be configured to go to a static DNS other than those provided by your ISP, such as OpenDNS and Google. Nevertheless it never hurts to double check at DNSLeakTest.com. Implementing the alternative client by client can be done too.
Double up your security for extra sensitive data transfers
Running a VPN inside a VPN is easy if you’re already running a VPN on your router… just start a VPN on your computer and you’re double wrapped.
The PPTP / IPv6 security flaw
Just don’t use PPTP. Use OpenVPN.
Pay for your VPN with untrackable currency.
You’re only paranoid if they’re not out to get you, but… this step is probably unnecessary. Using untrackable currency can be problematic and is probably unnecessary. If your VPN is not keeping logs having a payment record on file is a non-issue. Having said that using PayPal or Google Checkout is probably superior to using a debit or credit card.
Only use VPN providers that take your privacy seriously
“VPN providers who heavily log are useful if all you’re concerned about is securely communicating with the Internet through an open public WiFi connection, but not beyond that. For a run down of providers who do not log any data which would enable a 3rd party to identify a user, see our previous article here.” says TorrentFreak and rightly so.