How to include WebRTC traffic in VPN Tunnel on Google Chrome?

1,312 views

Skip to first unread message

Isaac Kogan

unread,

Feb 8, 2022, 3:56:39 AM2/8/22

to discuss-webrtc

Currently, WebRTC causes a leak of the Public IP address of a user when they are using a proxy/VPN. Testable via https://browserleaks.com/webrtc.

WebRTC uses ICE to generate a list of IP address that can be used to reach your computer. This is important when trying to establish a direct connection. However, this list can sometimes include IP addresses that the user would rather not disclose.

So, if your browser is giving out your real IP address, it becomes possible to create direct connections to that interface, bypassing the VPN.

In my specific case, I would like to force Chrome to use the same network path for media as it does normal web traffic. Basically, sending WebRTC traffic through proxies, so that the test case mentioned on https://browserleaks.com/webrtc returns the proxy's IP and not the real public IP address.

One thought for doing this was a Google Chrome extension if there is some sort of internal setting in Chrome I have missed, but the documentation on how to do this is not great.

Any and all help would be appreciated, as well as corrections if I have made any incorrect suppositions

Isaac

Austin Orion

unread,

Feb 9, 2022, 2:44:29 PM2/9/22

to discuss-webrtc

It matters if you are trying to use a proxy or a VPN, they are similar but work via different mechanisms.

If you are using a proxy, you can achieve your goal by using the WebRTC Network Limiter extension [1] or the WebRtcIPHandling enterprise policy [2] to set the "Use my proxy server" option or the disable_non_proxied_udp policy value. These options are equivalent. This, unfortunately, disables UDP completely and forces TCP connections, so it may degrade your WebRTC experience.

If you are using a VPN, you can use the above extension or policy, but set them to "Use only my default public IP address" or default_public_interface_only. This too may degrade your WebRTC experience, but less so.

The equivalent policy in Edge is called WebRtcLocalhostIpHandling [3]

[1] https://chrome.google.com/webstore/detail/webrtc-network-limiter/npeicpdbkakmehahjeeohfdhnlpdklia/related?hl=en

[2] https://chromeenterprise.google/policies/#WebRtcIPHandling

[3] https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies#webrtclocalhostiphandling

Reply all

Reply to author

Forward

0 new messages