Community: Hang out with the Boleh family > General Discussion

ROUTING ‘FEATURE’ CAN EXPOSE VPN USERS’ REAL IP-ADDRESSES

(1/2) > >>

pkrisnin:
I'm some what worried there hasn't been any client update for bolehvpn for some time now and with the TPPA signed VPN is very important.

https://torrentfreak.com/routing-feature-can-expose-vpn-users-real-ip-addresses-151222/

If so should we be using this patch
https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.2siv7w1it
https://github.com/ValdikSS/openvpn-block-incoming-udp-plugin

OpenVPN 2.3.9 has the a lot of fixes which among which fixes DNS leaks on Windows 8.1 and 10, what version of openvpn are we using with client 3.0.3 ?
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23

PitBoss:
The hack that was mentioned does not affect most of our users who are using our shared IP servers. These servers do not allowed any port forwarding except those initiated by the outgoing traffic from the users devices.

However those who are using the dedicated dynamic IP servers need to protect themselves using their own internal firewall. These servers are configured to give users full access to forward their own services thru the tunnel and if we were to block incoming traffic to their IP then the services are useless to them. Any users using the dedicated IP servers should know the reasons and risks of using those open port servers.

As for openvpn 2.3.9, we are delaying the release until after new year due to a few other fixes that openvpn will release. This will include dropping of support for openssl older versions and operating systems that are no longer supported by their vendors. We are monitoring the development of openvpn on a daily basis and will issue update as and when it is critical and our GUI has addressed the dns leak and routing issues long before the articles or updates were made.

Thank you

pkrisnin:
appreciate the response

userjame:

--- Quote from: PitBoss on December 24, 2015, 08:35:37 PM ---The hack that was mentioned does not affect most of our users who are using our shared IP servers. These servers do not allowed any port forwarding except those initiated by the outgoing traffic from the users devices.

However those who are using the dedicated dynamic IP servers need to protect themselves using their own internal firewall. These servers are configured to give users full access to forward their own services thru the tunnel and if we were to block incoming traffic to their IP then the services are useless to them. Any users using the dedicated IP servers should know the reasons and risks of using those open port servers.

As for openvpn 2.3.9, we are delaying the release until after new year due to a few other fixes that openvpn will release. This will include dropping of support for openssl older versions and operating systems that are no longer supported by their vendors. We are monitoring the development of openvpn on a daily basis and will issue update as and when it is critical and our GUI has addressed the dns leak and routing issues long before the articles or updates were made.

Thank you

--- End quote ---

What if you are using dedicated ip server and have one port open in firewall for uttorent? Will you be exposed then?
Also, i am only allowing VPN traffic to go on the internet, everything else is blocked in firewall, so if vpn connection drops, nothing gets out.
If i understand correctly, as long as upnp is disabled in the router, then you are fine?

PitBoss:
Dedicated IP that we are using do not use upnp nor does it use forwarding, so it would not be affected by this hack. However you still to make sure that webrtc is disabled while you are using the vpn. webrtc exploits is much more practical and easier to do cause it is enabled by default.

Navigation

[0] Message Index

[#] Next page

Go to full version