Lately, I have seen a lot of negative articles and reports about VPN services and their vulnerabilities,
Last ET Open ruleset update addressing VPN vulnerabilities that I could find was in September 2023
IPFire doesn’t have deep packet inspection and I can’t find any IPS rules but is there another way to block VPN services in case I would decide to block them?
Hello,
if you administer IPFire, can i ask you what do you want to achieve with blocking VPN traffic if no VPN on your side is enabled ?
From a OpenVPN perspective spoken, it might be hard to identify VPN traffic even with nDPI if the traffic will be obfuscated or the metadata are encrypted with simple OpenVPN on board tools liek e.g. tls-crypt-v2 → https://github.com/OpenVPN/openvpn/blob/master/doc/tls-crypt-v2.txt .
Also, a question of interest, which VPN attacks concerns you the most ? Since i could read from your posted papers only from one specific described actual attack (TunnelVision ↔ TunnelCrack) ?
Erik, thank you for taking the time and replying to my question.,
Originally, I tried to give BennayB some suggestions about preventing another incident that involved a sophisticated attack by stealing credentials, and I thought an attacker like that might be disguised as a VPN provider. I read somewhere about a VPN service that was basically stealing credentials from unsuspected users .
I was surprised that I couldn’t find any of the ET rules that addressed a VPN service…
But I think I could agree with you that obfuscated traffic is difficult to block with simple rules.
And meanwhile another article was published regarding VPN )
According to the whole TunnelVision, TunnelCrack discussion which becomes a new uplift with 2024 but are possible since 2002 like one of your posted documents already lined out, it seems that OpenVPN (know only about them) have already some applied patches for Windows clients in the master branch → [Openvpn-devel] [PATCH v6] Windows: enforce 'block-local' with WFP filters and it looks like that for Linux something might be come soon → Re: [Openvpn-users] TunnelVision and OpenVPN | OpenVPN but for my understanding, two directives, which are not part of IPFire WUI, 1. block-outside-dns
2. redirect-gateway def1 block-local (IPFire have only redirect-gateway def1)
might be needed ?! In case if, those options needed to be set manually via “Additional configuration” if they won´t be added to WUI, but let´s see.
Haven´t found the Linux patch until not but there seems to be some movement so a closer look in the upcoming OpenVPN releases in the next time might be worthy
This addresses only one point, in my opinion the most tangible from your posted papers.
This info is now a little OT but if blocking is not possible may fixing problems are come also close.