[Bug 1476769] [NEW] When activating OpenVPN without DHCP6, random traffic will be routed without VPN

Jonas Thiem jonasthiem at googlemail.com
Tue Jul 21 17:34:12 UTC 2015 

*** This bug is a security vulnerability ***

Private security bug reported:

When activating an OpenVPN without DHCP6 through NetworkManager, random
traffic will be routed without VPN if the basic physical network device
has IPv6 connectivity but the VPN hasn't. This is a security issue,
since a user activating the VPN would expect all go through it.

network-manager package version: 0.9.10.0-4ubuntu15.1

Steps to reproduce:
1. Find some VPN without IPv6 routing or DHCP6. Get the according openvpn configuration file and import into NetworkManager
2. Make sure your physical networking device has native IPv6 access
3. Activate the VPN in the network settings

Expected result:

 * IPv4 default route through VPN
 * IPv6 default route absent (as VPN doesn't provide any)

Actual result (as I understand the bug report):

 * IPv4 default route through VPN (good)
 * IPv6 default route via local gateway (bad)

ProblemType: Bug
DistroRelease: Ubuntu 15.04
Package: openvpn 2.3.2-9ubuntu4
ProcVersionSignature: Ubuntu 3.19.0-21.21-generic 3.19.8
Uname: Linux 3.19.0-21-generic x86_64
ApportVersion: 2.17.2-0ubuntu1.1
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue Jul 21 19:21:50 2015
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: network-manager (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: openvpn (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: fedora
     Importance: Unknown
         Status: Unknown


** Tags: amd64 apport-bug vivid

** Also affects: network-manager
   Importance: Undecided
       Status: New

** Project changed: network-manager => network-manager (Ubuntu)

** Bug watch added: Red Hat Bugzilla #1228426
   https://bugzilla.redhat.com/show_bug.cgi?id=1228426

** Also affects: fedora via
   https://bugzilla.redhat.com/show_bug.cgi?id=1228426
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Network-
manager, which is subscribed to NetworkManager.
https://bugs.launchpad.net/bugs/1476769

Title:
  When activating OpenVPN without DHCP6, random traffic will be routed
  without VPN

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1476769/+subscriptions

More information about the Ubuntu-reviews mailing list