[Secure-testing-team] Bug#864992: does not apply a pushed redirect-gateway
Erwan David
erwan at rail.eu.org
Sun Jun 18 13:13:13 UTC 2017
Package: network-manager-openvpn
Version: 1.2.8-2
Severity: important
Tags: security
My openvpn server pushes a redirect-gateway def1
When used from CLI, openvpn respects it.
When importing configuration to network-manage, I end up with a
ip route show
default via 192.168.0.254 dev wlan0 proto static metric 600
10.8.0.1 via 10.8.0.5 dev tun0 proto static metric 50
10.8.0.5 dev tun0 proto kernel scope link src 10.8.0.6 metric 50
192.168.0.0/24 dev wlan0 proto kernel scope link src 192.168.0.49 metric 600
192.168.0.254 dev wlan0 proto static scope link metric 600
212.83.179.156 via 192.168.0.254 dev wlan0 proto static metric 600
No redirection of gateway. Sinc it works with openvpn only, it is a
bug in the way network-manager handles an openvpn network.
The security implication is that traffic which is meant to be
encrypted is sent in clear.
-- System Information:
Debian Release: 8.8
APT prefers proposed-updates
APT policy: (1001, 'proposed-updates'), (1001, 'stable'), (600, 'testing'), (500, 'stable-updates'), (400, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-0.bpo.3-amd64 (SMP w/8 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages network-manager-openvpn depends on:
ii adduser 3.113+nmu3
ii libc6 2.24-9
ii libglib2.0-0 2.48.0-1~bpo8+1
ii libnm0 1.6.2-3
ii network-manager 1.6.2-3
ii openvpn 2.4.0-6~bpo8+1
network-manager-openvpn recommends no packages.
network-manager-openvpn suggests no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list