Advice Request VPN Proxy Question

Please provide comments and solutions that are helpful to the author of this topic.

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
This has been bugging me for years, and I've never been able to find an answer for it. Hopefully someone here can.

With mullvad vpn you have the option of using a local socks5 proxy address that ties to the local users' instance of that VPN (not the server). With openvpn it's 10.8.0.1:1080, and with wireguard it's 10.64.0.1:1080. That is in addition to the network killswitch, ensures that no traffic from the apps set up to use that proxy will leak. This does not use ssh at all. Great. Awesome. But why is mullvad the only vpn I can think of (out of 25+) that uses it? Wyh don't they all. Could it be that maybe most do, but I just don't know about it?
 
Last edited:

Venustus

Level 59
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
This has been bugging me for years, and I've never been able to find an answer for it. Hopefully someone here can.

With mullvad vpn you have the option of using a local socks5 proxy address that ties to the local users' instance of that VPN (not the server). With openvpn it's 10.8.0.1:1080, and with wiregusard it's 10.6.0.1:1080. That is in addition to the network killswitch, ensures that no traffic from the apps set up to use that proxy will leak. This does not use ssh at all. Great. Awesome. But why is mullvad the only vpn I can think of (out of 25+) that uses it? Wyh don't they all. Could it be that maybe most do, but I just don't know about it?
Because Mullvad is one of the better vpn providers;)
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
Airvpn uses a similar set of functions, though not entirely the same way. You can use the "Network lock" feature to force your connection into a vpn tunnel. From which you can whitelist ip's manually. Those whitelisted connections will then go outside the tunnel and not make use of the Network Lock. As well as reroute ip's and hosts to run outside the VPN tunnel without the network lock feature enabled (making them regular connections rather than VPN). As well as force ip's to ONLY run in the VPN tunnel etc...

You can't force proxy on the local user-client (not proxy connection to vpn server) afaik, but you can force either a proxy over the connection as well as TOR proxy/node. And a few other things incl. a killswitch and through the web-account interface (browser) opening custom ports.

You can download the client and view the options without needing a login nor an account at: Download - AirVPN
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Airvpn uses a similar set of functions, though not entirely the same way. You can use the "Network lock" feature to force your connection into a vpn tunnel. From which you can whitelist ip's manually. Those whitelisted connections will then go outside the tunnel and not make use of the Network Lock. As well as reroute ip's and hosts to run outside the VPN tunnel without the network lock feature enabled (making them regular connections rather than VPN). As well as force ip's to ONLY run in the VPN tunnel etc...

You can't force proxy on the local user-client (not proxy connection to vpn server) afaik, but you can force either a proxy over the connection as well as TOR proxy/node. And a few other things incl. a killswitch and through the web-account interface (browser) opening custom ports.

You can download the client and view the options without needing a login nor an account at: Download - AirVPN

I guess there's something I'm not understanding then. If the proxy is not leading to a VPN, and forcing the use of that VPN then now exactly is it acting like a safety net in case the network lock (killswitch) fails?
 

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
I guess there's something I'm not understanding then. If the proxy is not leading to a VPN, and forcing the use of that VPN then now exactly is it acting like a safety net in case the network lock (killswitch) fails?
It's most likely my English and ended up doing a piss-poor job explaining. As i am reading back my own post i realize that tiny part made utterly no sense.... XD
(sh- happens :p) My bad, truly.

It works the same way as in Mullvad, the only advantage of proxy alongside with network lock through Eddie (AirVPN client name) is to "hide" your real IP from even the AirVPN servers. They themselves recommend using a TOR proxy node if manual proxy is needed. The proxy feature itself support regular proxy, OpenVPN proxy and TOR proxy nodes.
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
It's most likely my English and ended up doing a piss-poor job explaining. As i am reading back my own post i realize that tiny part made utterly no sense.... XD
(sh- happens :p) My bad, truly.

It works the same way as in Mullvad, the only advantage of proxy alongside with network lock through Eddie (AirVPN client name) is to "hide" your real IP from even the AirVPN servers. They themselves recommend using TOR if manual proxy is needed. The proxy feature itself support regular proxy, OpenVPN proxy and TOR proxy nodes.

Oh. Okay. I am familiar with Eddie, I currently have an active AirVPN subscription. Thanks. I'll have to research this more.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
This has been bugging me for years, and I've never been able to find an answer for it. Hopefully someone here can.

With mullvad vpn you have the option of using a local socks5 proxy address that ties to the local users' instance of that VPN (not the server). With openvpn it's 10.8.0.1:1080, and with wireguard it's 10.64.0.1:1080. That is in addition to the network killswitch, ensures that no traffic from the apps set up to use that proxy will leak. This does not use ssh at all. Great. Awesome. But why is mullvad the only vpn I can think of (out of 25+) that uses it? Wyh don't they all. Could it be that maybe most do, but I just don't know about it?
This is a double-hop feature..........not a true double-hop VPN though

Quote

Multihop with SOCKS5​

You can also use the SOCKS5 proxies to multihop. To do so, you can configure your browser or other program to exit from a server that is different from the one you connected to.

For instance, if you are connected to se1-wireguard.mullvad.net and then want to exit via us1-wireguard.mullvad.net, you would configure your browser/program to use us1-wg.socks5.mullvad.net on port 1080 as your exit node.

Unquote

 
Last edited:

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
This is a double-hop feature..........not a true double-hop VPN though

Quote

Multihop with SOCKS5​

You can also use the SOCKS5 proxies to multihop. To do so, you can configure your browser or other program to exit from a server that is different from the one you connected to.

For instance, if you are connected to se1-wireguard.mullvad.net and then want to exit via us1-wireguard.mullvad.net, you would configure your browser/program to use us1-wg.socks5.mullvad.net on port 1080 as your exit node.

Unquote


I don't think it is a true double-hop though, because the address used as a socks5 is a local address (10.x.x.x:1080) not an external one.
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
According to the link I posted from Mullad VPN you can configure it to do double hop

Right. But you're missing most of the document. It says:

"You may already be familiar with the Mullvad app's built-in "kill switch" safety feature. In other words, in the event that the Mullvad connection is terminated, all of your Internet traffic is automatically blocked, ensuring that your traffic is not accidentally leaked outside of our secure tunnel.

However, what happens if you've forgotten to start the Mullvad app? This is where using the SOCKS5 proxy comes in handy, to act as back-up protection."

And

"The SOCKS5 proxy is only accessible when you are connected to Mullvad."n

To me this indicates that 10.x.x.x is a local address, which it is. It has nothing to do with multi-hop because the address is internal, not external. But my question remains, do other VPNs offer this safety-net approach in addition to a killswitch? I'm very familiar with Mullvad, they are my current stable vpn.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
Right. But you're missing most of the document. It says:

"You may already be familiar with the Mullvad app's built-in "kill switch" safety feature. In other words, in the event that the Mullvad connection is terminated, all of your Internet traffic is automatically blocked, ensuring that your traffic is not accidentally leaked outside of our secure tunnel.

However, what happens if you've forgotten to start the Mullvad app? This is where using the SOCKS5 proxy comes in handy, to act as back-up protection."

And

"The SOCKS5 proxy is only accessible when you are connected to Mullvad."n

To me this indicates that 10.x.x.x is a local address, which it is. It has nothing to do with multi-hop because the address is internal, not external. But my question remains, do other VPNs offer this safety-net approach in addition to a killswitch? I'm very familiar with Mullvad, they are my current stable vpn.
Have you clarified with Mullvad? If yes, what's their reply?

I believe VPNs which support Socks5 should be the same unless otherwise stated.

 
Last edited:

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Have you clarified with Mullvad? If yes, what's their reply?

I believe VPNs which support Socks5 should be the same unless otherwise stated.


You've kind of just illustrated my point; that a local vpn-proxy is rare. Just because a sock5 proxy is used does not mean it is used externally. A VPN and sock5 are not interchangeable. In the case of 10.x.x.x, which is private (see here, here, here, and, here) you can test this very easily. Ping it. Where does it go? Is the destination external? Try using anything with the socks5 proxy address 10.8.0.1:1080 without Mullvad active. Does it go anywhere? No.
 

HarborFront

Level 71
Verified
Top Poster
Content Creator
Oct 9, 2016
6,014
You've kind of just illustrated my point; that a local vpn-proxy is rare. Just because a sock5 proxy is used does not mean it is used externally. A VPN and sock5 are not interchangeable. In the case of 10.x.x.x, which is private (see here, here, here, and, here) you can test this very easily. Ping it. Where does it go? Is the destination external? Try using anything with the socks5 proxy address 10.8.0.1:1080 without Mullvad active. Does it go anywhere? No.
I don't use Mullvad VPN. Can't try the ExpressVPN Proxy Extension either because it's a paid service different from its VPN service. I see later whether can try on NordVPN. Hopefully its proxy service does not require separate payment
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Does anyone know why Mullvad seems to be the only VPN provider that uses sock5 to VPN? It's not two remote addresses, so it's not a double-hop, but rather a local one; 10.64.0.1:1080. This is great because it forces apps to use the VPN, and acts as kind of a killswitch safety net. I just can't seem to find if other VPNs have this or not, or why Mullvad is the only one.
 
  • Like
Reactions: Nevi

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
There are vpn services that have had it, SOCKS5, longer than Mullvad. Only its usually not enabled by default due to how those services configured their servers. It's generally buried under proxy settings, in the vpn client (whenever supported).
 

n8chavez

Level 16
Thread author
Well-known
Feb 26, 2021
785
Mullvad is certainly not the only VPN provider that uses sock5 to VPN. In fact, many VPN providers use sock5 to VPN. However, Mullvad does seem to be the only provider that uses a local address for the sock5 server.

Incorrect. Mullvad, hide.me and ivpn all use local socks5 addresses to the vpn server. Mullvad 10.8.0.1 (openvpn) and 10.64.0.1 (wireguard), hide.me socks.hide.me, and ivpn 10.1.0.1.
 

bouarfalisted

New Member
Nov 3, 2022
2
Mullvad is certainly not the only VPN provider that uses sock5 to VPN. In fact, many VPN providers use sock5 to VPN. However, Mullvad does seem to be the only provider that uses a local address for the sock5 server.

This is great for two reasons. First, it forces apps to use the VPN. Second, it acts as a kind of killswitch safety net. Other VPN providers may use a remote address for the sock5 server, so apps might not use the VPN. And if the VPN connection is lost, there is no safety net. Mullvad's local address for the sock5 server ensures that apps will always use the VPN and that there is a safety net in place in case the VPN connection is lost. Anyway, for a better and safe connection, use proxies. I recommend the ones from Mini proxy online - SOAX. I never had any problems with them. ;)
 
  • Like
Reactions: roger_m

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top