Why Your VPN May Not Be As Secure As It Claims – Krebs on Security
krebsonsecurity.com

Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user.

  • @Deckweiss
    416 days ago

    Huh? I thought the whole point of a VPN is to encrypt all traffic between my PC and the VPN server. Please be so kind and educate me on anything I have a misconception of:

    For example, I use Safing Portmaster and I have set it up in a way where all the packets have to go through their VPN and if they don’t, they get dropped before they leave my PC.

    Before that I was running openvpn with a killswitch, which I thought besically did the same, it had a tunnel to the VPN server and if it is down, no packet leaves the PC.

    Is that not how VPNs normally work?

    • @[email protected]
      315 days ago

      I have set it up in a way where all the packets have to go through their VPN and if they don’t, they get dropped before they leave my PC.

      That is the function of a firewall and not of the VPN. As I understand portmaster it does both. But that is not normal VPN behavior.

      VPNs are not magic. They are a piece of software that encrypt traffic and send it to a special server. They do that by creating a virtual Internet connection (think like pluging in an additional Ethernet cable or connection to an addition WiFi at the same time). Everything that is sent through the virtual connection is encrypted. Your system now has (at least) two valid Internet connections (one real and one virtual). For every packet it sends it needs to decide which connection it should send it from. This is decided by something called the routing table. When you start the VPN it will put two routes into the table.

      • traffic going to the VPN server goes through the real connection (so the encrypted VPN traffic is routed correctly)
      • everything else goes through the virtual connection (the VPN tunnel where it gets encrypted)

      The attack described is a way how a network router can add a new route into your devices routing table to basically override the second route from the VPN. The route is still there, there just is another one that has a higher priority.

      A VPN is not the ultimate authority over your network traffic. It is just another program sending and recieving taffic.

      • @Deckweiss
        115 days ago

        Thanks for the detailed explanation. I think I get it now!

        I did look into it with ip route show when using nothing vs portmaster vs openvpn and it is just like you said, when using openVPN it just creates additional routes with a higher priority, but the normal route is still open.