On Thu, Nov 26, 2020 at 9:53 AM Adrian Larsen <[email protected]> wrote: > > One thing that is commonly implemented in other clients doing tunnels is > the detection of "ON / OFF Corporate network". > > Without any user intervention, the vpn client is capable to detect (on > every network change) where the user is located and to active the client > or not. > > Values to detect are a combination of: > > (usually you can do AND / OR of this values) > > 1- Adapter domain (i.e. contoso.com) . This comes from DHCP values > received. > > 2 - DNS servers IPs > > 3 - Hostname vs IP. (This is to create a local DNS A record on your > internal DNS server that is resolvable only when you are ON corporate > network and not outside) > > The detection of this values are platform agnostic. You can use it on > any client: Linux, Windows, Mac, etc; to detect when turn ON / OFF the > vpn client automatically without user intervention.
That sounds like it introduces a security vulnerability, in which you send the magic unauthenticated packets, and voila, WireGuard deactivates and you're sending data in the clear.
