Security issue: Block all traffic when VPN is down

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
r00t
Posts: 3
Joined: Sat Dec 01, 2018 5:20 pm

Security issue: Block all traffic when VPN is down

Post by r00t » Sat Dec 01, 2018 5:29 pm

This option is badly needed: block all traffic when VPN connection is down. This is security issue, because when you are working over VPN and it suddenly goes down, all your traffic is now router over unsecured internet connection. If you are unlucky enough to say connect to FTP and VPN connection just drops, you are screwed and your login details can be sniffed by anyone. This is really bad especially if you use SoftEther when travelling on public WIFI.
And this surely affects the VPNGate as well, if you are trying to connect from a country with oppressive regime, single unencrypted connection may put you in a danger.

fenice
Posts: 183
Joined: Sun Jul 19, 2015 4:23 pm

Re: Security issue: Block all traffic when VPN is down

Post by fenice » Sat Dec 01, 2018 5:44 pm

You'd be better posting this as an issue on github, don't forget to search first in case it's already been asked/answered.
Regards


Bill

cmd wh0ami
Posts: 125
Joined: Sun Jul 16, 2017 6:58 pm

Re: Security issue: Block all traffic when VPN is down

Post by cmd wh0ami » Sat Dec 01, 2018 5:47 pm

It's called a VPN kill switch. There is 101 ways you could set one up your self.
VPN Discord invite: https://discord.gg/QByKXA9

r00t
Posts: 3
Joined: Sat Dec 01, 2018 5:20 pm

Re: Security issue: Block all traffic when VPN is down

Post by r00t » Mon Dec 03, 2018 5:32 pm

Yes, you can accomplish same thing by other means, but they are far less flexible. For example by removing default route from your internet connection and then adding just static route for your VPN server. That works, but your server needs to be on a static IP. If it changes, you have to change your configuration as well. This would be a real hassle for VPNGate as you have to manually change route for every server you are connecting to.
Implementing this directly in SoftEther client is not hard (it's just adding/removing routes) and it can be done completely automatically (When connecting to server, add static route, when disconnecting, remove it. Same for the server list connection to get VPNGate servers.You would select internet interface to use in settings.).

Making it as user friendly and easy to use as possible is important, because many users aren't aware of this issue and think they are 100% secure all the time SoftEther is running... and when you see VPN link is down, it's usually already too late.

billybob
Posts: 3
Joined: Sat Dec 08, 2018 9:51 am

Re: Security issue: Block all traffic when VPN is down

Post by billybob » Sat Dec 08, 2018 9:58 am

cmd wh0ami wrote:
Sat Dec 01, 2018 5:47 pm
It's called a VPN kill switch. There is 101 ways you could set one up your self.
The real issue tho, is,,,, this is a security program designed and meant to protect your privacy and ALL packets from ALL interception,,,, you shouldn't have to implement a third party workaround to do just that, it SHOULD be a standard security feature of softether, period!! :-)

billybob
Posts: 3
Joined: Sat Dec 08, 2018 9:51 am

Re: Security issue: Block all traffic when VPN is down

Post by billybob » Sat Dec 08, 2018 10:01 am

r00t wrote:
Sat Dec 01, 2018 5:29 pm
This option is badly needed: block all traffic when VPN connection is down. This is security issue, because when you are working over VPN and it suddenly goes down, all your traffic is now router over unsecured internet connection. If you are unlucky enough to say connect to FTP and VPN connection just drops, you are screwed and your login details can be sniffed by anyone. This is really bad especially if you use SoftEther when travelling on public WIFI.
And this surely affects the VPNGate as well, if you are trying to connect from a country with oppressive regime, single unencrypted connection may put you in a danger.
cmd wh0ami wrote: ↑
Sat Dec 01, 2018 11:47 am
It's called a VPN kill switch. There is 101 ways you could set one up your self.

The real issue tho, is,,,, this is a security program designed and meant to protect your privacy and ALL packets from ALL interception,,,, you shouldn't have to implement a third party workaround to do just that, it SHOULD be a standard security feature of softether, period!! :-)

Post Reply