I'd like to note that running OpenVPN client in a separate Linux network namespace (together with applications that need to use it) disables this attack, but this is not as simple to setup as would be if OpenVPN supported it: see https://github.com/OpenVPN/openvpn/pull/60 . (The resulting network structure is the same as in https://www.wireguard.com/netns/ )
* Pippin via Openvpn-users <openvpn-users@lists.sourceforge.net> [2019-12-06] > Hi, > > please see here: > https://openvpn.net/no-flaws-found-in-openvpn-software/ > > > > > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Friday 6 December 2019 11:52, Kenneth Porter <sh...@sewingwitch.com> wrote: > > > https://www.bleepingcomputer.com/news/security/new-linux-vulnerability-lets-attackers-hijack-vpn-connections/ > > > > It seems to be related to the rp_filter setting in some distros, and the > > lack of an iptables rule to prevent spoofing against the virtual interface > > using a physical interface. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
