You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe. The TunnelVision attack was just published yesterday. If the client receives its IP address from a rogue DHCP server with option 121 configured in a specific way, the traffic that should be encrypted and going to the VPN server is instead "decloaked".
Describe the solution you'd like
Android ignores DHCP option 121, so it's apparently immune until Android decides DHCP option 121 should no longer be ignored.
For Linux, supposedly if the VPN client uses "network namespaces" it's safe. Does Algo use "network namespaces" in Linux client config? If not, it sounds like will need to be default config for Linux henceforth.
Until iOS / iPadOS / MacOS / Windows enable "network namespaces", the only other solution proposed by the researchers is to set up a VM with NAT -- getting a private IP from the host device -- and then initiate the VPN connection from within the VM. I'm not sure how that could be configured...thus asking here...
Is your feature request related to a problem? Please describe.
The TunnelVision attack was just published yesterday. If the client receives its IP address from a rogue DHCP server with option 121 configured in a specific way, the traffic that should be encrypted and going to the VPN server is instead "decloaked".
Describe the solution you'd like
Describe alternatives you've considered
¯\_(ツ)_/¯
Additional context
N/A
The text was updated successfully, but these errors were encountered: