Page MenuHomePhabricator

fix shared VPN/Tor server leak bug
Closed, ResolvedPublic

Description

If the a Tor entry guard is running on the same server as the VPN Server (variable VPN_SERVERS), if the VPN breaks down, Tor may connect directly to the VPN if it happened to choose that as entry guard. This is a bug if the user wants to hide Tor.

The risk increases, if the VPN supports remote port forwarding, because that allows anyone to host a Tor entry guard and have it show up with the VPN's external IP.

It can be fixed by only allowing user tunnel to establish connections once VPN_FIREWALL has been set to 1. (As opposed to currently to allow connections to all IP defined by variable VPN_SERVERS.

Qubes:
https://github.com/QubesOS/qubes-issues/issues/1941

Details

Impact
Normal

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, HulaHoop.
Patrick claimed this task.

Works.

Documentation ( https://www.whonix.org/wiki/Next#VPN_before_Tor ) tested.

Patrick renamed this task from fix potential VPN_FIREWALL leak to fix shared VPN/Tor server leak bug.Jun 7 2016, 9:18 PM