[Bglug] PureVPN Secure or a big hole in security
LP
linuxpusher2 at gmail.com
Thu Jan 4 21:48:08 EST 2018
*I am using PureVPN right now.*
*But found information Below on their site.*
*Question: Does anyone see an issue following the instructions below. ??*
*Thanks*
*Chris.*
"How to Secure OpenVPN Vulnerability on *DD-WRT*
A new vulnerability has come to light with PureVPN on DD-WRT routers. When
you set up OpenVPN protocol, the end tunnel remains open. This leaves you
exposed to privacy vulnerabilities as anyone looking from outside the WAN
can reach your DD-WRT routers GUI using the public IP offered by PureVPN.
The alarming aspect of this vulnerability is that a VPN circumvents the
standard protection of WAN firewall and anyone using a simple HTTP can
access your router’s GUI. Instead, OpenVPN protocol employs its own
firewall rules, which is weak. So how do you overcome this vulnerability?
According to a user on DD-WRT’s official forum, use the following commands
to secure your router while using any commercial OpenVPN software.
Under addition config, enter the following command:
*dev tun0*
Then add the following firewall scripts:
*# allow only outbound connections to the VPN (no inbound)*
*iptables -I INPUT -i tun0 -j ACCEPT*
*iptables -I INPUT -i tun0 -m state –state NEW -j DROP*
*iptables -I FORWARD -i tun0 -m state –state NEW -j DROP*
*iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE*
What this will do is replace the weak OpenVPN firewall rules with more
secure ones. It will prevent anyone from creating inbound links to your
network using the public IP offered by PureVPN and accessing your DD-WRT
routers GUI."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20180104/aef9f455/attachment.html>
More information about the Group
mailing list