[fernando at gont.com.ar: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts]
Stuart Henderson
stu at spacehopper.org
Fri Nov 23 06:38:49 EST 2012
OpenConnect users might like to give some thought to this..
----- Forwarded message from Fernando Gont <fernando at gont.com.ar> -----
From: Fernando Gont <fernando at gont.com.ar>
Date: Fri, 23 Nov 2012 08:06:01 -0300
To: tech at openbsd.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2
Subject: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts
Folks,
FYI. This is might affect OpenBSD users employing e.g. OpenVPN:
<http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>.
For a project such as OpenVPN, a (portable) fix might be non-trivial.
However, I guess OpenBSD might hook some PF rules when establishing the
VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is
certainly not the most desirable fix, but still probably better than
having your supposedly-secured traffic being sent in the clear).
Thanks,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
----- End forwarded message -----
More information about the openconnect-devel
mailing list