[Bglug] PureVPN Secure or a big hole in security

[LP]

Starting to think the best security is none.

On 4 January 2018 at 21:48, LP <linuxpusher2 at gmail.com> wrote:

> *I am using PureVPN right now.*
> *But found information Below on their site.*
>
> *Question: Does anyone see an issue following the instructions below. ??*
> *Thanks*
> *Chris.*
>
> "How to Secure OpenVPN Vulnerability on *DD-WRT*
>
> A new vulnerability has come to light with PureVPN on DD-WRT routers. When
> you set up OpenVPN protocol, the end tunnel remains open. This leaves you
> exposed to privacy vulnerabilities as anyone looking from outside the WAN
> can reach your DD-WRT routers GUI using the public IP offered by PureVPN.
>
> The alarming aspect of this vulnerability is that a VPN circumvents the
> standard protection of WAN firewall and anyone using a simple HTTP can
> access your router’s GUI. Instead, OpenVPN protocol employs its own
> firewall rules, which is weak. So how do you overcome this vulnerability?
>
> According to a user on DD-WRT’s official forum, use the following commands
> to secure your router while using any commercial OpenVPN software.
>
> Under addition config, enter the following command:
>
> *dev tun0*
>
> Then add the following firewall scripts:
>
> *# allow only outbound connections to the VPN (no inbound)*
>
> *iptables -I INPUT -i tun0 -j ACCEPT*
>
> *iptables -I INPUT -i tun0 -m state –state NEW -j DROP*
>
> *iptables -I FORWARD -i tun0 -m state –state NEW -j DROP*
>
> *iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE*
>
> What this will do is replace the weak OpenVPN firewall rules with more
> secure ones. It will prevent anyone from creating inbound links to your
> network using the public IP offered by PureVPN and accessing your DD-WRT
> routers GUI."
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://bglug.ca/pipermail/group_bglug.ca/attachments/20180104/2b734145/attachment.html>