- cross-posted to:
- technology@lemmy.ml
- cross-posted to:
- technology@lemmy.ml
Pulling this off requires high privileges in the network, so if this is done by intruder you’re probably having a Really Bad Day anyway, but might be good to know if you’re connecting to untrusted networks (public wifi etc). For now, if you need to be sure, either tether to Android - since the Android stack doesn’t implement DHCP option 121 or run VPN in VM that isn’t bridged.
Control of the DHCP server in the victim’s network is required for the attack to work.
This is not a VPN vulnerability, but a lower level networking setup manipulation that negates naive VPN setups by instructing your OS to send traffic outside of VPN tunnel.
In conclusion, if your VPN setup doesn’t include routing guards or an indirection layer, ISP controlled routers and public WiFis will make you drop out of the tunnel now that there’s a simple video instruction out there.
Do we know which VPNs do have routing guards or an indirection layer? Especially out of the “good” ones; mullvad, proton, air, and IVPN?
Mullvad has written a post about it Here.
FYI
I gotta say, i am really impressed with Mullvad. They’re not just a VPN seller. They write security compromise bulletins regularly and as soon as vulnerabilities show up and they actively lobby at the EU organs for more privacy laws. They really work and live their identity in every way.
Damn I might have to go back to them. I just want port forwarding, is that so much to ask?!