Page MenuHomePhabricator

fix shared VPN/Tor server leak bug
Closed, ResolvedPublic


If the a Tor entry guard is running on the same server as the VPN Server (variable VPN_SERVERS), if the VPN breaks down, Tor may connect directly to the VPN if it happened to choose that as entry guard. This is a bug if the user wants to hide Tor.

The risk increases, if the VPN supports remote port forwarding, because that allows anyone to host a Tor entry guard and have it show up with the VPN's external IP.

It can be fixed by only allowing user tunnel to establish connections once VPN_FIREWALL has been set to 1. (As opposed to currently to allow connections to all IP defined by variable VPN_SERVERS.




Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick set Impact to Normal.
Patrick added subscribers: Patrick, HulaHoop.
Patrick claimed this task.


Documentation ( ) tested.

Patrick renamed this task from fix potential VPN_FIREWALL leak to fix shared VPN/Tor server leak bug.Jun 7 2016, 7:18 PM