Author Topic: VPN Vulnerability  (Read 3403 times)

Offline Bahadir

  • Newbie
  • *
  • Posts: 11
VPN Vulnerability
« on: January 20, 2017, 06:57:50 PM »
Hi Boleh VPN admins

Occasionally, I come across some VPN audits carried out by either a group of academic researchers or tech savvy guys as below and for sure you may already be aware of these studies conducted:

http://www.theregister.co.uk/2015/06/30/worlds_best_vpns_fall_flat_in_security_tests/

and

https://www.wilderssecurity.com/threads/my-vpn-testing-site-is-finally-up.386556/

Now, my very simple question is that if both of those audits included Boleh VPN, what would we see in terms of vulnerabilities, leaks, etc., if there is any?

I strongly believe that when many of the VPN companies that present themselves as reliable, secure, etc., fail those security tests, our growing concerns, as customers, about the false sense of security offered by the VPN companies should be of concern to the those who strive to meet their clients' privacy expectations to the highest degree possible, in terms of establishing their trust in them.

Thanks in advance


Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: VPN Vulnerability
« Reply #1 on: January 26, 2017, 11:58:24 AM »
Hey Bahadir sorry for the late reply. Give me some time to go through them :D
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator

Offline Jarper

  • Newbie
  • *
  • Posts: 1
Re: VPN Vulnerability
« Reply #2 on: January 26, 2017, 02:24:27 PM »
Hey Bahadir sorry for the late reply. Give me https://www.grosseteste.com/bathmate-x30-review-results some Bathmate X30 pumps time to go through them :D

Interesting, I look forward to hearing your thoughts on this Reuben.
« Last Edit: August 24, 2017, 07:14:10 PM by Jarper »

Offline Reuben

  • Chief Doraemon
  • Administrator
  • Admiral
  • *****
  • Posts: 6878
Re: VPN Vulnerability
« Reply #3 on: January 27, 2017, 01:49:28 PM »
Hi I've done some preliminary tests and with the DNS leak option and lock down feature turned on in Settings, there are no leaks either on ipv4 or ipv6. My ISP has both full ipv4 and ipv6 support.

If the dns leak option turned off, it will leak. There's a reason why we leave this as an option as sometimes those in corporate environments still require their dns to work to resolve local hostnames.

The lockdown is also by default turned off.

There are two ways to address leaks:
a) Firewall method
b) Gateway removal method

Our lockdown feature uses the gateway method but this means is that if there's a disconnection, it will not reconnect automatically. This works by specifying only the VPN gateway as the gateway. This is however a simple and relatively foolproof method.
The firewall method is more advanced and possible for users to manually configure it but it introduces a lot of compatibility issues especially those with existing firewall solutions so we prefer the gateway method. This can be configured manually by installing your own firewall in any case (https://www.bolehvpn.net/forum/index.php?topic=6621.0).
*If you like my service/support, please consider posting a positive feedback here*<3



Co-Founder/Administrator

Offline Bahadir

  • Newbie
  • *
  • Posts: 11
Re: VPN Vulnerability
« Reply #4 on: February 01, 2017, 02:51:13 AM »
Reuben, thanks a lot for the reply.

Our lockdown feature uses the gateway method but this means is that if there's a disconnection, it will not reconnect automatically. This works by specifying only the VPN gateway as the gateway. This is however a simple and relatively foolproof method.

If it is not going to reconnect automatically, should I concerned that my ISP might see what I was doing and where?

The firewall method is more advanced and possible for users to manually configure it but it introduces a lot of compatibility issues especially those with existing firewall solutions so we prefer the gateway method. This can be configured manually by installing your own firewall in any case (https://www.bolehvpn.net/forum/index.php?topic=6621.0).

So, are there any benefits of using the firewall method, compared to the gateway method? Or are they both the same except the compatibility issues in the gateway method as you mentioned?

What about DNS hijacking? Is your VPN immune to this?

Offline PitBoss

  • Administrator
  • Admiral
  • *****
  • Posts: 1250
Re: VPN Vulnerability
« Reply #5 on: February 01, 2017, 03:24:25 PM »
The lockdown feature if enabled will remove your default gateway once a connection is made. In the event of disconnections, it will not be able to reconnect because the default gateway is no longer available. This gateway will be restored once you click disconnect .No traffic will be leaving nor coming to PC while the vpn is in lockdown mode.

The firewall option is another type of blocking or filtering. It will allows or drop traffic based on your firewall rules, this is more of users with experence in configuring the rules. Lockdown is literally lock everything to go thru the tunnel even when in connected or disconnected state.

We will be doing some minor to upgrading that will improve the securit within the next couple of days, refer to our https://www.bolehvpn.net/announcement/vpn-servers-security-maintenance-update/.


Co-Founder / Administrator

Offline Bahadir

  • Newbie
  • *
  • Posts: 11
Re: VPN Vulnerability
« Reply #6 on: February 09, 2017, 07:11:24 PM »
Thanks for the update Pitboss.

Offline kayman

  • Newbie
  • *
  • Posts: 6
Re: VPN Vulnerability
« Reply #7 on: February 14, 2017, 12:50:41 PM »
The lockdown feature if enabled will remove your default gateway once a connection is made. In the event of disconnections, it will not be able to reconnect because the default gateway is no longer available. This gateway will be restored once you click disconnect .No traffic will be leaving nor coming to PC while the vpn is in lockdown mode.

The firewall option is another type of blocking or filtering. It will allows or drop traffic based on your firewall rules, this is more of users with experence in configuring the rules. Lockdown is literally lock everything to go thru the tunnel even when in connected or disconnected state.

We will be doing some minor to upgrading that will improve the securit within the next couple of days, refer to our https://www.bolehvpn.net/announcement/vpn-servers-security-maintenance-update/.

While doing upgrading, are you going to introduce a DNS leak protection and a Lockdown feature for Linux?
Currently (latest ovpn files,keys etc.) only FullyRouted Luxembourg won't leak DNS, all other FullyRouted servers leak DNS.
Also, when enabling the Linux firewall (UFW) only FullyRouted Luxembourg will connect, all other FullyRouted servers won't; Because of geological proximity I'd prefer the Singapore server.

Offline PitBoss

  • Administrator
  • Admiral
  • *****
  • Posts: 1250
Re: VPN Vulnerability
« Reply #8 on: February 20, 2017, 12:50:01 PM »
I'm sorry to hear to that DNS leaks is happening to your setup.

We do not have DNS leaks in all the testing we have done based on our recommended installation. DNS leaks will happen if users changed DHCP to static DNS and static IP address for their network setup.

The latest update will plug the following leaks, if any:
1. IPv6 DNS leaks
2. IPv6 Traffic leaks
3. Reconnect leaks

We are not implementing force killswitch as not all users required a killswitch. The fixed we applied, is good enough to prevent any leaks during a disconnect and preventing traffic while it is trying to reconnect. As it is now, the term killswitch is being used so commonly by VPN users or providers without stating the fact that it is not a switch at all. Killswitch is a switch that you activated when something bad happen and it's supposed to be triggered manually. However in VPN, this is triggered immediately upon establishing a connection.

OpenVPN already has this features built-in and we have activated and pushed the features from the server side. This protection will be in force for as long as the vpn service is active.

Thank you




Co-Founder / Administrator