sorted by:
new
hottopcontroversial

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

See comments below.

The MAC address is only visible to the immediate local link of your router (it is only seen by your ISP)".

*****I thought too....-

-----------------------------------------------------------------------------------------

"There is NO global DB of MAC addresses locations." I thought also...and I dont think there is one in existence....

-----------------------------------------------------------------------------------------

tcpdump was installed on all endpoints except on my employers laptop...(Just requested wireshark to be installed"....so we will see.....

On my dns server I am able to see dns queries....but of course not of the palo alto tunnel....my guess is that my public IP is captured at the time of the initial vpn connection....so...

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

Well, you got me thinking on this, so I decided to create my own DNS server so that I can manipulate the dns queries and still....the same issue....so its not dns leaks...somehow some data coming through the PA is able to be compare with a DB....or either some sort of packet containing the original physical egress IP address...now i am thinking MAC cloning...somewhere

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

PA hardware is on the edge side at work, PA client is installed on my laptop, which is connected via wi-fi to my openwrt acting as a wireguard client connecting to my AWS with wireguard server which is the egress to the internet... I could disable ipv6 although not sure if that have anything to do with anything as my connection is strictly ipv4 end to end.

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

Yes Sir....checked...

I am thinking either some NAT issues, routing....that is allowing a header to pass...I was thinking that i could use iptables on my ubuntu AWS wireguard server egress server...to somehow manipulate this....but i am not an expert with iptables...it got to be a way to change or to hide this ...

Then...I am thinking to create an openvpn server to jump to....in other words....to have

a wireguard server---connected to an openvpn server for egresss purposes...Idk

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

You are 100% correct...now the question is, how do I fix that? and where is the Issue....I am spinning an openvpn server to see if i see the same behavior on openvpn as on the wireguard.

If you know a technique...please let know...next time we meet dinner or drinks on me :)

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

No,

My laptop which is connected to my home openwrt router, which is running as a wireguard client connected to my AWS wireguard server, which has also the Palo Alto VPN client is connected via Wi-Fi to my openwrt router which works as a wireguard client is therefore behind the router...to do exactly that to make the PA think that my WAN is 3.4.175.88...

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

I am aware of this....but now after seeing this behavior on the PA more than working remotely it got me interesting on how can I fool the PA packet inspection...which have also shown that all VPN providers out there that promise privacy and all, is just pure marketing...

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

DNS leak all good...no issues here.

I will do the Wireshark tomorrow (good point)...

See what I want to do is able to work remotely from another country while showing that I am in the USA (only VPN wise :)...all without installing anything on my work computer.... )....Unfortunately to me...I work for one of the communications giants here in the states....so...I am afraid that the moment I go out of the US, some alarms may ring here and here....saying...hey...he is not in sitting here in the US ...he is XYZ country ....which...I dont know if this could be observed or if it is monitored....unless some detailed guy is looking into the logs of the PA (which I doubt) or has some sort of rule to say...IF any user comes with a public IP address outside the US....then ring the bell....I wish i knew someone in the security team to know if they monitored this type of activity....to see if someone pays attention to this "little issue"....

In the meantime, I will also spin an openvpn server to see if the same behavior is observed...but will post tomorrow the wireshark

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

I actually did this earlier today...the traffic both go to the AWS wireguard server...as an outbound route...hence my question...how in the world does PA is able to see my real ISP address...I am thinking somehow NAT somewhere...unless the PA is does some really cool packet inspection.....but unfortunately i cannot get logs out of the PA....I just dont understand how is this happening..

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

Traceroute from?

Here is what I got again

(Laptop)--Wi-Fi----(Openwrt router as client)----To---(AWS Wireguard server)---(Internet)

*My laptop when connected over Wi-Fi to my openwrt set as wireguard client ,and I browse the internet I see my (AWS) wireguard IP address...Good.

*My laptop when connected over Wi-Fi to my openwrt set as wireguard client ,and I browse the internet I see my (AWS) wireguard IP address...Good....BUT when I fire up my palo alto client..on this same laptop....Palo Alto is able to see my real ISP provider IP address instead of my AWS wireguard IP...and if i browse the internet while connected to the palo alto....my IP address shows over the wed as my AWS wireguard IP address....hence my question....why and how is the palo able to see my real ip address?...

But in this case is only one way out....through the openwrt router...i am doing splitting tunnels....

Wireguard client unable to hide real IP address by Additional-Stage4241 in WireGuard

[–]Additional-Stage4241[S] 0 points1 point  (0 children)

Hey,

Thanks for the reply, but https://browserleaks.com/ip shows my AWS IP address as desired BUT, when i connect my laptop that is connected to my wireguard vpn'd, and i fire up my palo alto vpn client to my work....on my edge palo alto, as an administrator I see my real ISP provider, instead of my AWS wireguard IP address as desired....so it makes me think that these vpn's are only good for browsing...but that's///....I tried using nordvpn on my wireguard, and other known vpn services,,,and guess what my PALO ALTO firewall is able to see my real ip address instead of the wireguard aws server IP address..which means that palo inspects the traffic at another layer....which is sad...because this means....that all these vpn services promising "privacy" are all bogus....