BolehVPN Support
Community: Hang out with the Boleh family => General Discussion => Topic started by: pkrisnin on December 23, 2015, 08:36:25 PM
-
I'm some what worried there hasn't been any client update for bolehvpn for some time now and with the TPPA signed VPN is very important.
https://torrentfreak.com/routing-feature-can-expose-vpn-users-real-ip-addresses-151222/
If so should we be using this patch
https://medium.com/@ValdikSS/another-critical-vpn-vulnerability-and-why-port-fail-is-bullshit-352b2ebd22e2#.2siv7w1it
https://github.com/ValdikSS/openvpn-block-incoming-udp-plugin
OpenVPN 2.3.9 has the a lot of fixes which among which fixes DNS leaks on Windows 8.1 and 10, what version of openvpn are we using with client 3.0.3 ?
https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23
-
The hack that was mentioned does not affect most of our users who are using our shared IP servers. These servers do not allowed any port forwarding except those initiated by the outgoing traffic from the users devices.
However those who are using the dedicated dynamic IP servers need to protect themselves using their own internal firewall. These servers are configured to give users full access to forward their own services thru the tunnel and if we were to block incoming traffic to their IP then the services are useless to them. Any users using the dedicated IP servers should know the reasons and risks of using those open port servers.
As for openvpn 2.3.9, we are delaying the release until after new year due to a few other fixes that openvpn will release. This will include dropping of support for openssl older versions and operating systems that are no longer supported by their vendors. We are monitoring the development of openvpn on a daily basis and will issue update as and when it is critical and our GUI has addressed the dns leak and routing issues long before the articles or updates were made.
Thank you
-
appreciate the response
-
The hack that was mentioned does not affect most of our users who are using our shared IP servers. These servers do not allowed any port forwarding except those initiated by the outgoing traffic from the users devices.
However those who are using the dedicated dynamic IP servers need to protect themselves using their own internal firewall. These servers are configured to give users full access to forward their own services thru the tunnel and if we were to block incoming traffic to their IP then the services are useless to them. Any users using the dedicated IP servers should know the reasons and risks of using those open port servers.
As for openvpn 2.3.9, we are delaying the release until after new year due to a few other fixes that openvpn will release. This will include dropping of support for openssl older versions and operating systems that are no longer supported by their vendors. We are monitoring the development of openvpn on a daily basis and will issue update as and when it is critical and our GUI has addressed the dns leak and routing issues long before the articles or updates were made.
Thank you
What if you are using dedicated ip server and have one port open in firewall for uttorent? Will you be exposed then?
Also, i am only allowing VPN traffic to go on the internet, everything else is blocked in firewall, so if vpn connection drops, nothing gets out.
If i understand correctly, as long as upnp is disabled in the router, then you are fine?
-
Dedicated IP that we are using do not use upnp nor does it use forwarding, so it would not be affected by this hack. However you still to make sure that webrtc is disabled while you are using the vpn. webrtc exploits is much more practical and easier to do cause it is enabled by default.
-
Dedicated IP that we are using do not use upnp nor does it use forwarding, so it would not be affected by this hack. However you still to make sure that webrtc is disabled while you are using the vpn. webrtc exploits is much more practical and easier to do cause it is enabled by default.
Thank you for replying and clearing that up :)
Use this as startpage https://ipleak.net/ it checks for dns leaks and webrtc.
-
It has nothing with port forwarding or UPnP, please read the article more thoughtful.
-
Hi Valdik, I've read your articles on this and appreciate your input. Thank you.
-
Got everything to do with it:
https://torrentfreak.com/huge-security-flaw-can-expose-vpn-users-real-ip-adresses-151126/
The security flaw affects all VPN protocols including OpenVPN and IPSec and applies to all operating systems.
“Affected are VPN providers that offer port forwarding and have no protection against this specific attack,” PP notes.
For example, if an attacker activates port forwarding for the default BitTorrent port then a VPN user on the same network will expose his or her real IP-address (in a setting where users share the same IP-address).
PIA informs TorrentFreak that their fix was relatively simple and was implemented swiftly after they were notified.
“We implemented firewall rules at the VPN server level to block access to forwarded ports from clients’ real IP addresses. The fix was deployed on all our servers within 12 hours of the initial report,” PIA’s Amir Malik says.
-
Are Boleh servers that allow open ports still vulnerable to the attack listed in the above article in this thread?