...
This document contains information on the measures that can be taken against the "LocalNet" and "ServerIP" attacks described by Mathy Vanheof in the paper " Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables" (#VU563667VU#563667). The attacks are also described at https://tunnelcrack.mathyvanhoef.com/ .
...
Info | ||||||
---|---|---|---|---|---|---|
In the default setting, both the Advanced VPN Clients for Windows and macOS are vulnerable to both attacks (LocalNet and ServerIP). We have compiled detailed technical information on this topic for you in a PDF document:
|
...
Alternatively, the integrated Advanced VPN Client Firewall can be configured such that only VPN traffic is allowed outside the tunnel (using the firewall option “Permit IPsec protocol” firewall option), with dedicated exceptions for, e.g., the local network printer.
...
Additionally, the integrated Advanced VPN Client Firewall can be configured such that only VPN traffic is allowed outside the VPN tunnel. This can be achieved by setting the “Permit IPsec protocol” firewall option and removing all other firewall rules (see step 1.1).
2. LANCOM Advanced VPN Client for macOS
...