Page 1 of 1

Security issue: Block all traffic when VPN is down

Posted: Sat Dec 01, 2018 5:29 pm
by r00t
This option is badly needed: block all traffic when VPN connection is down. This is security issue, because when you are working over VPN and it suddenly goes down, all your traffic is now router over unsecured internet connection. If you are unlucky enough to say connect to FTP and VPN connection just drops, you are screwed and your login details can be sniffed by anyone. This is really bad especially if you use SoftEther when travelling on public WIFI.
And this surely affects the VPNGate as well, if you are trying to connect from a country with oppressive regime, single unencrypted connection may put you in a danger.

Re: Security issue: Block all traffic when VPN is down

Posted: Sat Dec 01, 2018 5:44 pm
by fenice
You'd be better posting this as an issue on github, don't forget to search first in case it's already been asked/answered.

Re: Security issue: Block all traffic when VPN is down

Posted: Sat Dec 01, 2018 5:47 pm
by cmd wh0ami
It's called a VPN kill switch. There is 101 ways you could set one up your self.

Re: Security issue: Block all traffic when VPN is down

Posted: Mon Dec 03, 2018 5:32 pm
by r00t
Yes, you can accomplish same thing by other means, but they are far less flexible. For example by removing default route from your internet connection and then adding just static route for your VPN server. That works, but your server needs to be on a static IP. If it changes, you have to change your configuration as well. This would be a real hassle for VPNGate as you have to manually change route for every server you are connecting to.
Implementing this directly in SoftEther client is not hard (it's just adding/removing routes) and it can be done completely automatically (When connecting to server, add static route, when disconnecting, remove it. Same for the server list connection to get VPNGate servers.You would select internet interface to use in settings.).

Making it as user friendly and easy to use as possible is important, because many users aren't aware of this issue and think they are 100% secure all the time SoftEther is running... and when you see VPN link is down, it's usually already too late.

Re: Security issue: Block all traffic when VPN is down

Posted: Sat Dec 08, 2018 9:58 am
by billybob
cmd wh0ami wrote:
Sat Dec 01, 2018 5:47 pm
It's called a VPN kill switch. There is 101 ways you could set one up your self.
The real issue tho, is,,,, this is a security program designed and meant to protect your privacy and ALL packets from ALL interception,,,, you shouldn't have to implement a third party workaround to do just that, it SHOULD be a standard security feature of softether, period!! :-)

Re: Security issue: Block all traffic when VPN is down

Posted: Sat Dec 08, 2018 10:01 am
by billybob
r00t wrote:
Sat Dec 01, 2018 5:29 pm
This option is badly needed: block all traffic when VPN connection is down. This is security issue, because when you are working over VPN and it suddenly goes down, all your traffic is now router over unsecured internet connection. If you are unlucky enough to say connect to FTP and VPN connection just drops, you are screwed and your login details can be sniffed by anyone. This is really bad especially if you use SoftEther when travelling on public WIFI.
And this surely affects the VPNGate as well, if you are trying to connect from a country with oppressive regime, single unencrypted connection may put you in a danger.
cmd wh0ami wrote: ↑
Sat Dec 01, 2018 11:47 am
It's called a VPN kill switch. There is 101 ways you could set one up your self.

The real issue tho, is,,,, this is a security program designed and meant to protect your privacy and ALL packets from ALL interception,,,, you shouldn't have to implement a third party workaround to do just that, it SHOULD be a standard security feature of softether, period!! :-)