Advanced kill switch should block traffic on non-VPN interfaces #130
Description
- I have searched open and closed issues for duplicates
- This isn't a feature request
- This is not a report about my app not working as expected
Please note, that this is neither a feature request nor a bug report. Rather, this issue discusses a gap in an existing feature's design.
As of the time of this writing, both stable and beta versions of ProtonVPN Linux GTK app, defaulting to Wireguard protocol, have the following behaviour: if advanced kill switch is activated and VPN is disabled, both curl https://ipinfo.io and curl --interface wlp0s20f3 https://ipinfo.io, where wlp0s20f3 is my physical interface name, fail with curl: (6) Could not resolve host: ipinfo.io. However, if advanced kill switch is activated and VPN is enabled, curl https://ipinfo.io reports an IP corresponding to the VPN server I am connected to, but curl --interface wlp0s20f3 https://ipinfo.io reports my "real" IP address, bypassing VPN protections. Therefore, one can conclude that end-user software misconfiguration (or suboptimal default configuration) can cause "real" IP leakage regardless of the kill switch settings in ProtonVPN app. The "Binding your BitTorrent client to the VPN interface" section of ProtonVPN's official guide to torrenting safely also covers another manifestation of the same issue, with default configuration of a widely-used piece of software.
This problem has been long known to the community and received wide attention: 1, 2, 3. There have also been some proposals on mitigating this problem from community (but see this discussion, which suggests that this solution is incomplete), other VPN providers and Proton Customer Support Team in a post on Reddit. All these solutions assume server-specific manual configuration, and there are unresolved concerns as to how well they play with DNS and IPv6 leakage prevention.
To highlight the seriousness of the issue once again: with the supposedly most secure configuration option available in the ProtonVPN app, all it takes to leak the "real" IP is misconfiguration (or, in some cases, default configuration) of end-user software. Judging by the discussions linked above, this comes as a surprise to and concerns many people, making them resort to fragile manual configuration instead of the official application.
I respectfully request that you address this problem. I believe it should be possible to integrate firewall-based solutions into the official ProtonVPN app to enable ergonomic, secure and trustworthy experience.
Thank you!