OpenConnect users might like to give some thought to this.. ----- Forwarded message from Fernando Gont <fernando at gont.com.ar> ----- From: Fernando Gont <fernando at gont.com.ar> Date: Fri, 23 Nov 2012 08:06:01 -0300 To: tech at openbsd.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:16.0) Gecko/20121028 Thunderbird/16.0.2 Subject: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts Folks, FYI. This is might affect OpenBSD users employing e.g. OpenVPN: <http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>. For a project such as OpenVPN, a (portable) fix might be non-trivial. However, I guess OpenBSD might hook some PF rules when establishing the VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is certainly not the most desirable fix, but still probably better than having your supposedly-secured traffic being sent in the clear). Thanks, -- Fernando Gont e-mail: fernando at gont.com.ar || fgont at si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1 ----- End forwarded message -----
