SoftEther VPN User Forum

SoftEther VPN User Forum
https://www.vpnusers.com/

SoftEther VPN Critical 'Port Fail' Vulnerability?

https://www.vpnusers.com/viewtopic.php?f=7&t=5307

Page 1 of 1

Re: SoftEther VPN Critical 'Port Fail' Vulnerability?

Posted: Sun Nov 29, 2015 12:00 am
by Petrol
I'm also curious about it.

Re: SoftEther VPN Critical 'Port Fail' Vulnerability?

Posted: Sun Nov 29, 2015 5:40 pm
by kh_tsang
I think it can be solved by using different IP for the VPN Server and the NAT address, or even assign public IP directly to a VPN client. Is it true?

Re: SoftEther VPN Critical 'Port Fail' Vulnerability?

Posted: Fri Dec 11, 2015 7:31 am
by cedar
This vulnerability is not a problem with VPN itself.
It's caused by the NAT behavior.

Some anonymizing services allow the user to redirect incoming connection to the user on NAT.
"Port Fail" uses this to determine the victim's IP address.

SoftEther VPN itself don't provide port forwarding function in SecureNAT.
But an anonymizing service using SoftEther VPN can use such NAT system.

(In addition, VPNGate does not perform the port forwarding. It's safe from this problem.)
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/