Special Deal: 12 Months + 24 Month extra! ALL PrivateVPN plans are protected by a 100% money-back guarantee. Simply sign up in 3 easy steps and test out your VPN for 30 days risk-free!
Your IP Address: 18.117.196.217
You are not protected (read more)

IP leak vulnerability when using port forward

By Kevin, 2015-11-27 11:25:09 in VPN service
Some of you may have read the latest security flaw that applies on all VPN protocols such like OpenVPN, PPTP, L2TP etc, where a VPN customer can expose the real IP of another customer using the same VPN server, through a forwarded port. But it's
  1. Victim is connected to VPN server 1.2.3.4
  2. Victim’s routing table will look something like this:
  3. 0.0.0.0/0 -> 10.0.0.1 (internal vpn gateway ip)
  4. 1.2.3.4/32 -> 192.168.0.1 (old default gateway)
  5. Attacker connects to same server 1.2.3.4 (knows victim’s exit through IRC or other means)
  6. Attacker activates Port Forwarding on server 1.2.3.4, example port 12345
  7. Attacker gets the victim to visit 1.2.3.4:12345 (for example via embedding on a website)
  8. This connection will reveal the victim’s real IP to the attacker because of the “1.2.3.4/32 -> 192.168.0.1” vpn route

This only affects our services with static port forwarding, servers with shared public IP where you get an internal IP from us. Servers with dynamic public IP's with all ports forwarded aren't affected by this. Our action we've been taken right now are to disable all static port forwards until we find permanent solution. If you're in need of port forward, please use following servers with OpenVPN TAP + UDP, which supports port forward:
  • Sweden - Nacka
  • Sweden - Stockholm
  • Switzerland
  • Netherlands Location 1
  • Netherlands Location 2
  • Germany - Frankfurt Location 1
  • France - Paris
  • Norway
  • Ukraine
  • UK - London Location 1
  • United States - New York Location 2

We'll be updating in this post as soon as static port forward are fixed, server by server. To be able to apply the fix, we have to restart all VPN services.
Server Port forward security issue solved
Sweden(Nacka)
Sweden(Stockholm)
United States(Washington)
United States(New York Loc2)
United States(Miami)
United States(New York Loc1)
Switzerland(Zürich)
Great Britain(London Loc1)
Great Britain(London Loc2)
France(Paris)
France(Roubaix)
Denmark(Copenhagen)
Luxembourg(Steinsel)
Finland(Helsinki)
Norway(Oslo)
Romania(Bukarest)
Russia(St. Petersburg)
Germany(Frankfurt Loc1)
Germany(Frankfurt Loc2)
Netherlands(Amsterdam Loc1)
Netherlands(Amsterdam Loc2)
Netherlands(Amsterdam Loc3)
Canada(Toronto)
Canada(Montreal)
Ukraine(Kiev)
Spain flag Spain(Madrid)
Poland(Warsaw)
Belgium(Brussels)
Italy(Milano)
Australia(Sydney)