[Bglug] PureVPN Secure or a big hole in security
linuxpusher2 at gmail.com
Thu Jan 4 21:49:00 EST 2018
Starting to think the best security is none.
On 4 January 2018 at 21:48, LP <linuxpusher2 at gmail.com> wrote:
> *I am using PureVPN right now.*
> *But found information Below on their site.*
> *Question: Does anyone see an issue following the instructions below. ??*
> "How to Secure OpenVPN Vulnerability on *DD-WRT*
> A new vulnerability has come to light with PureVPN on DD-WRT routers. When
> you set up OpenVPN protocol, the end tunnel remains open. This leaves you
> exposed to privacy vulnerabilities as anyone looking from outside the WAN
> can reach your DD-WRT routers GUI using the public IP offered by PureVPN.
> The alarming aspect of this vulnerability is that a VPN circumvents the
> standard protection of WAN firewall and anyone using a simple HTTP can
> access your router’s GUI. Instead, OpenVPN protocol employs its own
> firewall rules, which is weak. So how do you overcome this vulnerability?
> According to a user on DD-WRT’s official forum, use the following commands
> to secure your router while using any commercial OpenVPN software.
> Under addition config, enter the following command:
> *dev tun0*
> Then add the following firewall scripts:
> *# allow only outbound connections to the VPN (no inbound)*
> *iptables -I INPUT -i tun0 -j ACCEPT*
> *iptables -I INPUT -i tun0 -m state –state NEW -j DROP*
> *iptables -I FORWARD -i tun0 -m state –state NEW -j DROP*
> *iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE*
> What this will do is replace the weak OpenVPN firewall rules with more
> secure ones. It will prevent anyone from creating inbound links to your
> network using the public IP offered by PureVPN and accessing your DD-WRT
> routers GUI."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Group