3
2
It’s a best practice to use VPN when you connect to public Wi-Fi networks. However, in the scenarios I am aware of, you first connect to the network and only then—after connected—switch to VPN. In that case there is time-window when your traffic goes on an insecure connection and you are vulnerable.
My concern is many programs/services/processes running on a PC execute a housekeeping/update check/status check as soon as a network connection is available. And all those activities would be performed via an insecure connection if they are triggered before the switch to the VPN connection.
Is it possible to avoid this?
This is a non-issue because VPN connection will be encrypted from your client connection to the VPN anyway. Simply connecting to a public Wi-Fi network in and of itself won’t expose anything. – JakeGould – 2015-04-04T15:02:42.183
1Yes it does: many programs/services/processes running on your pc execute housekeeping/update check/status check as soon as a network connection is available. And all those activities will be performed on insecure connection until you switch to VPN. – peterfoldi – 2015-04-04T15:14:17.477
Very fair reason and concern. I just edited your question to add that info since it clarifies the whole concern in my mind. – JakeGould – 2015-04-04T15:19:54.363
@peterfoldi: You beat me by 75 seconds! – G-Man Says 'Reinstate Monica' – 2015-08-16T16:47:46.910
Use http://superuser.com/questions/262799/how-to-launch-a-command-on-network-connection-disconnection to remove default route (
– ssnobody – 2015-08-18T00:36:28.847route delete
on 0.0.0.0), add route (route add
) to VPN network going through default gateway so you allow VPN to establish. Let VPN connection give you default route to 0.0.0.0@ssnobody this sounds like a possible solution on Windows. And I guess something similar is possible on the other systems. The question is if this event is triggered soon enough after connection status change. I have a mac atm. I will try to "port" this to mac after the weekend. Do you want to make it an "answer" instead of a comment? – peterfoldi – 2015-08-25T08:32:17.840
I think my comment would have to be fleshed out to be an answer. OS X version of Windows part over at http://superuser.com/questions/391799/how-can-you-automatically-run-a-script-after-connecting-to-a-vpn-on-os-x though if you'd like to undertake the task.
– ssnobody – 2015-08-25T14:54:31.300