← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #29470

[Bug 1386361] [NEW] network-manager-openvpn leaks while connecting

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Network-manager-openvpn leaks while connecting. Maybe that is intended
behavior when activating a VPN-connection manually but it also leaks
when "Automatically connect to VPN when using this connection" is
checked.

Verfied the following way:
1. Set up a VPN that connects via UDP (verify it).
2. Configure a Wifi network that blocks UDP, check "Automatically connect to VPN..." and preselect your special VPN.
3. Connect to that newly configured Wifi network.
4. Browse the internet.

Another way:
1. Type "traceroute ubuntu.com" into a terminal but don't press enter.
2. Start the Wifi network that uses the "Automatically connect... VPN..." feature.
3. Go back to the terminal press enter.
4. After the VPN has connected repeat the command.
5. Compare the first hop of the traceroute results.

I consider this a security bug since it endangers users relying on a
working/leak-free VPN.

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: network-manager-openvpn (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: leak vpn

** Information type changed from Private Security to Public

** Also affects: network-manager-openvpn (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1386361

Title:
  network-manager-openvpn leaks while connecting

Status in “network-manager” package in Ubuntu:
  New
Status in “network-manager-openvpn” package in Ubuntu:
  New

Bug description:
  Network-manager-openvpn leaks while connecting. Maybe that is intended
  behavior when activating a VPN-connection manually but it also leaks
  when "Automatically connect to VPN when using this connection" is
  checked.

  Verfied the following way:
  1. Set up a VPN that connects via UDP (verify it).
  2. Configure a Wifi network that blocks UDP, check "Automatically connect to VPN..." and preselect your special VPN.
  3. Connect to that newly configured Wifi network.
  4. Browse the internet.

  Another way:
  1. Type "traceroute ubuntu.com" into a terminal but don't press enter.
  2. Start the Wifi network that uses the "Automatically connect... VPN..." feature.
  3. Go back to the terminal press enter.
  4. After the VPN has connected repeat the command.
  5. Compare the first hop of the traceroute results.

  I consider this a security bug since it endangers users relying on a
  working/leak-free VPN.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1386361/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next