Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Forcing VPN on Mac OS X

Ali-Reza Anghaie ali at
Tue Sep 3 00:01:45 PDT 2013

Ah yes - thanks for reminding me.

DNSCrypt has worked well for our end-users and when configured not to
fail over - does the necessary trick on OS X: ..

And something that didn't work well at all (in the context of my last
message) was Radio Silence (

Again, this is the "regular end-user" response given the initial query.

If you really want to mitigate against OS wonkiness then your own
router / hw isolation via a Grugq Portal
( or using pfSense
( or DD-WRT

Honestly if you're not trying to support it for someone else, then go
straight to the last option moving forward. -Ali

On Tue, Sep 3, 2013 at 2:44 AM, elijah <elijah at> wrote:
> On 09/02/2013 09:54 PM, Mitar wrote:
>> Is there some software which would prevent any outgoing networking on
>> Mac OS X until a VPN to a trusted server is established? So on the
>> system level? I am wary that between me connecting to an untrusted
>> WiFi and establishing a VPN tunnel, there is some window where
>> probably all possible services try to ping home, auto-update and so
>> on.
> You should be wary. Since Appelbaum has not mentioned it yet, I will
> mention his paper for him:
> "Virtual Pwned networks"
> There are any number of common leaks, including DNS leakage, IPv6
> leakage, failing open, and, as you mention, the time lag between when
> the network comes up and when the default route is changed. You could
> also add poor cipher negotiation, and badly set up VPN gateways that use
> the same IP for both ingress and egress. At LEAP, we are trying to
> prevent all these problems with our free software server platform and
> autoconfiguring OpenVPN client application, but it is not easy or ready
> for production use yet (
> This can be handy for testing DNS leaks (which are really easy to
> accidentally cause on Mac):
> -elijah
> --
> Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: Unsubscribe, change to digest, or change password by emailing moderator at companys at

More information about the liberationtech mailing list