What are the security risks of connecting to a VPN?

0

Does connecting to a shared-IP VPN expose local ports to other users of the same VPN server? Does a VPN tunnel neutralize the protection offered by a NAT router? Are local ports reachable from a compromized VPN server? Assume OpenVPN.

Is this a matter of configuration of the OpenVPN server? If so, how to check? Is it necessary to explicitly close the ports via local iptables rules even if machine is behind a NAT?

The closest I could find is this (too vague) and this (unclear).

alexei

Posted 2015-09-13T22:12:17.697

Reputation: 223

Answers

2

Yes, depending on the setup of the server, a shared-vpn can expose local ports to other users of the same VPN server, and it does bypass NAT.

Mitigating/fixing this is not so much a matter of configuration of the OpenVPN server as ensuring iptables is running on the local machine and blocking ports as appropriate. Running a local firewall is always a good idea.

Its difficult to check as it depends on the VPN setup of your provider and what access you have. If you have 2 devices with VPN connections to the same provider you could use 1 device to portscan the other device to give you some comfort.

Also, security is not an either or, rather its built up of layers - In addition to looking at the forwarding of packets to your system, look at the apps you are running and see what can be done to lock them down - that way you can gain protection at a different layer.

davidgo

Posted 2015-09-13T22:12:17.697

Reputation: 49 152

Asked: 2015-09-13T22:12:17.697

Viewed: 682 times

Active: 2015-09-13T22:31:35.087