VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts
Fernando Gont
fernando at gont.com.ar
Tue Nov 27 14:21:56 UTC 2012
Folks,
FYI. This is might affect FreeBSD users employing e.g. OpenVPN:
<http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>.
For a project such as OpenVPN, a (portable) fix might be non-trivial.
However, I guess FreeBSD might hook some PF rules when establishing the
VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is
certainly not the most desirable fix, but still probably better than
having your supposedly-secured traffic being sent in the clear).
P.S.: Please check the corresponding thread (same "Subject") on the
tech at openbsd.org mailing-list, since they have some patches for some of
these issues...
Thanks,
--
Fernando Gont
e-mail: fernando at gont.com.ar || fgont at si6networks.com
PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
More information about the freebsd-net
mailing list