SoftEther VPN Critical 'Port Fail' Vulnerability?
-
Petrol
- Posts: 44
- Joined: Wed May 06, 2015 11:23 pm
Re: SoftEther VPN Critical 'Port Fail' Vulnerability?
I'm also curious about it.
-
kh_tsang
- Posts: 551
- Joined: Wed Jul 24, 2013 12:09 pm
Re: SoftEther VPN Critical 'Port Fail' Vulnerability?
I think it can be solved by using different IP for the VPN Server and the NAT address, or even assign public IP directly to a VPN client. Is it true?
-
cedar
- Site Admin
- Posts: 2081
- Joined: Sat Mar 09, 2013 5:37 am
Re: SoftEther VPN Critical 'Port Fail' Vulnerability?
This vulnerability is not a problem with VPN itself.
It's caused by the NAT behavior.
Some anonymizing services allow the user to redirect incoming connection to the user on NAT.
"Port Fail" uses this to determine the victim's IP address.
SoftEther VPN itself don't provide port forwarding function in SecureNAT.
But an anonymizing service using SoftEther VPN can use such NAT system.
(In addition, VPNGate does not perform the port forwarding. It's safe from this problem.)
It's caused by the NAT behavior.
Some anonymizing services allow the user to redirect incoming connection to the user on NAT.
"Port Fail" uses this to determine the victim's IP address.
SoftEther VPN itself don't provide port forwarding function in SecureNAT.
But an anonymizing service using SoftEther VPN can use such NAT system.
(In addition, VPNGate does not perform the port forwarding. It's safe from this problem.)