Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IP leakage via Privoxy while retrying AUTH #68

Open
ghost opened this issue Jun 17, 2021 · 1 comment
Open

IP leakage via Privoxy while retrying AUTH #68

ghost opened this issue Jun 17, 2021 · 1 comment

Comments

@ghost
Copy link

ghost commented Jun 17, 2021

The container which fails, in this case nordvpn-2, has problems authentificating against NordVPN due to bad credentials.
Which is fine, but the privoxy won't wait for the openvpn connection and leak the real IP if the openvpn has problems.

OpenVPN tries to reconnect without any success.

...
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Thu Jun 17 21:30:51 2021 VERIFY KU OK
Thu Jun 17 21:30:51 2021 Validating certificate extended key usage
Thu Jun 17 21:30:51 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 17 21:30:51 2021 VERIFY EKU OK
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=0, CN=de817.nordvpn.com
Thu Jun 17 21:30:53 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Thu Jun 17 21:30:53 2021 [de817.nordvpn.com] Peer Connection Initiated with [AF_INET]141.98.102.155:443
Thu Jun 17 21:30:54 2021 SENT CONTROL [de817.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Thu Jun 17 21:30:54 2021 AUTH: Received control message: AUTH_FAILED
Thu Jun 17 21:30:54 2021 SIGTERM[soft,auth-failure] received, process exiting
...

but if you send a query via the privoxy, it will connect and go past whatever there is and directly connect via the host. Which to describe mildly... is really bad for a lot of reasons.

http_proxy="http://nordvpn-2:8118" https_proxy="http://nordvpn-2:8118" HTTP_PROXY="http://nordvpn-2:8118" HTTPS_PROXY="http://nordvpn-2:8118" curl ifconfig.co -vvvv
* Expire in 0 ms for 6 (transfer 0x55d461072fb0)
* Uses proxy env variable http_proxy == 'http://nordvpn-2:8118'
* Expire in 1 ms for 1 (transfer 0x55d461072fb0)
...
* Expire in 0 ms for 1 (transfer 0x55d461072fb0)
*   Trying 172.20.0.17...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d461072fb0)
* Connected to nordvpn-2 (172.20.0.17) port 8118 (#0)
> GET http://ifconfig.co/ HTTP/1.1
> Host: ifconfig.co
> User-Agent: curl/7.64.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Date: Thu, 17 Jun 2021 19:33:38 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Connection: close
< CF-Cache-Status: DYNAMIC
...
< NEL: {"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
...
< Proxy-Connection: keep-alive
<
[REDACTED HOST IP]
* Closing connection 0
@salvq
Copy link

salvq commented Sep 13, 2021

This behaviour is due to openvpn does not kill connection when chaning the server (have not checked firewall rules yet).

When you kill the openvpn service, your IP is leaked until the connection to server is reastablished...when using nordvpn application in linux, they have a feature called killswitch which take care of this behaviour.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant