I have a paid openvpn service and I am trying to understand some of the basics of network traffic through openvpn. The setup was fairly easy, all of the configuring was done through Gnome's "Network Connections" GUI interface. I was able to sniff my unencrypted wireless traffic, and all the traffic was encrypted and routed through a server elsewhere in the wolrd, as one would expect.

I assumed this sort of network routing would prevent people from determining where the traffic is coming from, but when I use the "locate me" function available at various websites it finds my exact locations without fail. Should this be expected? Am I misunderstanding what sort of protection openvpn provides or is something possibly misconfigured? I understand this isn't a proxy service, just openvpn I guess I thought openvpn provided more than just encrypted traffic.

I have used TOR and PRIVOXY, which I truely enjoy...it's just that at times with these two services ip traffic can quickly slow to a crawl. The benefit I have seen is pretty damn good anonymity....again I am just wondering if I just have a sevre lack of knowledge here...
Thanks in advance
kim

When a VPN-connection is configured properly, the 'locate me' function must show the IP-address of the VPN-router, through which you're serfing the web.

Are you sure that the VPN-connection is your default route and all traffic goes through it?

Have you written to the support of the VPN-service ?

If the OpenVPN server is in the same geographic region as your machine, which is sometimes preferable for performance reasons, then that could explain it.

Check the IP address on your device, and then google 'what is my IP address' to see how remote servers see you.
If they see a different IP to the one configured locally, you are as anonymous as the service you are using is trustworthy

1 members found this post helpful.

I should have said this already...kinda tired when I started the thread.

I did do a traceroute from whatsmyip.org and it ended at the openvpn server in germany, and my ip address shows up while browsing, as a german ip (I live in the states). It's just the "locate me" java script that pin points exactly where I am. I still feel fairly confident that I am bwosing anonymously, as I can always deny the "locate me" function if a website asks, I am just very confused as to how only that traffic would not route through the openvpn server. I guess I could sniff what happens when I execute that function.....

@Lexus45
I am not sure that ALL traffic is routed correctly, but I did sniff my wireless packets (no wireless encryption) and saw that all traffic leaving my computer was openvpn traffic routed only to/from the openvpn server. That was at least a good sign. And I did write the support team, I just doubt I will get a timely or helpful response
Thanks again

Good point - try using an addon which blocks scripts. It could be that locateme queries the system for its ip directly.

I read a little bit (more) about how this works...It has to do with google's wifi logging and and my mac address. Basically google's car drove around collecting wifi data (if you remember the huffs and puffs about it) and gps data and correlating the two. Since I am using a local unecrypted wifi hotspot it's mac address was uploaded to google's data base along with the gps data, and when I allow that ap to run it sends my mac address and the mac address of the router I am connected to, to search this data base and bam...It sees what wifi router I am using and where it was when they drove by.

Now I am pretty sketchy on these details, but I think I get the jist even if I can't formulate the words
This explains why
A. its location is so scarry accurate
B. It has really nothing to do with my current ip path

I sniffed the traffic locally and after my router so I could see what was going on. Still looks good after my router, but locally when I run the script to allow location services, you can see a TLS handshake and a small amount of data sent to google, I believe this is my computers info that gets run through google gear database or whatever they call it.

So nikmit I think you were right. just keep it simple stupid , my public ip is elsewhere and everything is sent through that ip, all the anonymity lies in the trust of my paid service...

I doubt one can surf the net without any chance of being caught. It depends on the reasons you are doing such extreme steps. Governments could track you down and maybe a few security companies.

I would consider this kind of precautions as common sense rather than an attempt to hide something sensitive. If you are accessing something readily available on the web chances are it is not that secret.
In this age of mass data hoarding and mining however I like to avoid becoming a part of the statistics as far as it is feasible.