Package: network-manager-openvpn Version: 1.2.8-2 Severity: important Tags: security
My openvpn server pushes a redirect-gateway def1 When used from CLI, openvpn respects it. When importing configuration to network-manage, I end up with a ip route show default via 192.168.0.254 dev wlan0 proto static metric 600 10.8.0.1 via 10.8.0.5 dev tun0 proto static metric 50 10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 metric 50 192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.49 metric 600 192.168.0.254 dev wlan0 proto static scope link metric 600 212.83.179.156 via 192.168.0.254 dev wlan0 proto static metric 600 No redirection of gateway. Sinc it works with openvpn only, it is a bug in the way network-manager handles an openvpn network. The security implication is that traffic which is meant to be encrypted is sent in clear. -- System Information: Debian Release: 8.8 APT prefers proposed-updates APT policy: (1001, 'proposed-updates'), (1001, 'stable'), (600, 'testing'), (500, 'stable-updates'), (400, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-0.bpo.3-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages network-manager-openvpn depends on: ii adduser 3.113+nmu3 ii libc6 2.24-9 ii libglib2.0-0 2.48.0-1~bpo8+1 ii libnm0 1.6.2-3 ii network-manager 1.6.2-3 ii openvpn 2.4.0-6~bpo8+1 network-manager-openvpn recommends no packages. network-manager-openvpn suggests no packages. -- no debconf information _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
