hugomueller 13 Posted ... https://www.perfect-privacy.com/blog/2015/12/21/wrong-way-security-problem-exposes-real-ip/ Another VPN security problem was found: “Wrong Way” may reveal the user’s real IP address like “Port Fail“. This time are not only providers with port forwarding affected but rather all providers, they havn’t fixed the problem. The underlying problem is that packets received over the real IP will be answered via the VPN interface under certain conditions. @AirVPNDoes your client handle this problem with the Network Lock? Quote Share this post Link to post
zhang888 1066 Posted ... The Network Lock will prevent this among many other things. However, this vulnerability will only occur when you have: 1) A router with UPNP enabled2) An application that listens on UDP ports Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Ammonia 2 Posted ... This is mitigated with Network Lock, no problem here. 1 produs reacted to this Quote Share this post Link to post
airvpnmember 0 Posted ... Hi Guys, how does this affect those who have OpenVPN client running on a router? Thank you. Quote Share this post Link to post
Staff 9972 Posted ... Hello! 1) It's not that Network Lock "mitigates" the issue, it does solve it entirely at its root. 2) Again, this is much ado about nothing. According to our instructions, it's since 2010 that we instruct how to avoid correlations of these kinds (disable UPnP for example: 5 years ago it was already written in our proto web site). Those VPNs teams that show much concern and exploit sensationalism are just sending a message to gullible and inexperienced people. All the other persons can clearly see that this sensationalism hints to a lack of competence about the most basic and trivial routing concepts. See also this nice article, which treats so called "Port Fail" in addition to other issues (including the one treated in this thread).Another “critical” “VPN” “vulnerability” and why Port Fail is bullshithttps://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.vgjazzmz8and how the Great ValdikSS (author of the article and probably reading us) could get (according to his own words which we feel to share) a total of 7300 USD for "such a bullshit issue" (from les incompétents, we would be tempted to add). Kind regards Quote Share this post Link to post
trekkie.forever 6 Posted ... Hi Guys, how does this affect those who have OpenVPN client running on a router? Thank you. Good question, I connect to Air servers using the included OpenVPN client on Asuswrt Merlin with UPnP off. Are there any further precautions needed and what about those on dd-wrt, tomato or even pfsense? Quote Share this post Link to post
Staff 9972 Posted ... Hi Guys, how does this affect those who have OpenVPN client running on a router? Thank you. Good question, I connect to Air servers using the included OpenVPN client on Asuswrt Merlin with UPnP off. Are there any further precautions needed and what about those on dd-wrt, tomato or even pfsense? Note these rules (on the guide about how to forward ports in DD-WRT etc.): https://airvpn.org/topic/9270-how-to-forward-ports-in-dd-wrt-tomato-with-iptables iptables -I FORWARD -i tun1 -p udp -d destIP --dport port -j ACCEPTiptables -I FORWARD -i tun1 -p tcp -d destIP --dport port -j ACCEPTiptables -t nat -I PREROUTING -i tun1 -p tcp --dport port -j DNAT --to-destination destIPiptables -t nat -I PREROUTING -i tun1 -p udp --dport port -j DNAT --to-destination destIP Bold is ours to make the answer to your question clearer. Kind regards 2 rickjames and airvpnmember reacted to this Quote Share this post Link to post
Kepler_438b2 4 Posted ... I had not turned off UPNP until now (but always used Network Block). Would leaving UPNP on have left me vulnerable? Thanks. BTW, you guys do a great job! Quote Share this post Link to post
Staff 9972 Posted ... I had not turned off UPNP until now (but always used Network Block). Would leaving UPNP on have left me vulnerable? Thanks. BTW, you guys do a great job! Hello! Don't worry, since you had Network Lock on UPnP did not expose your system to correlations. Kind regards Quote Share this post Link to post
User of AirVPN 46 Posted ... Hello! 1) It's not that Network Lock "mitigates" the issue, it does solve it entirely at its root. 2) Again, this is much ado about nothing. According to our instructions, it's since 2010 that we instruct how to avoid correlations of these kinds (disable UPnP for example: 5 years ago it was already written in our proto web site). Those VPNs teams that show much concern and exploit sensationalism are just sending a message to gullible and inexperienced people. All the other persons can clearly see that this sensationalism hints to a lack of competence about the most basic and trivial routing concepts. See also this nice article, which treats so called "Port Fail" in addition to other issues (including the one treated in this thread). Another “critical” “VPN” “vulnerability” and why Port Fail is bullshithttps://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.vgjazzmz8 and how the Great ValdikSS (author of the article and probably reading us) could get (according to his own words which we feel to share) a total of 7300 USD for "such a bullshit issue" (from les incompétents, we would be tempted to add). Kind regardsI use ESET Smart Security's Firewall, so Network Lock doesn't work for me because it uses Windows Firewall. I was wondering if maybe you know what rules to set in ESET's firewall and what IPs to allow/deny so that only AirVPN traffic is allowed? Quote Share this post Link to post
Not connected, Your IP: 3.12.34.192
Online: 25683 users - 291358 Mbit/s total BW