Joentje/nordvpn-proxy

IP leakage via Privoxy while retrying AUTH

Opened this issue · 1 comments

Deleted user commented

The container which fails, in this case nordvpn-2, has problems authentificating against NordVPN due to bad credentials.
Which is fine, but the privoxy won't wait for the openvpn connection and leak the real IP if the openvpn has problems.

OpenVPN tries to reconnect without any success.

...
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Thu Jun 17 21:30:51 2021 VERIFY KU OK
Thu Jun 17 21:30:51 2021 Validating certificate extended key usage
Thu Jun 17 21:30:51 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jun 17 21:30:51 2021 VERIFY EKU OK
Thu Jun 17 21:30:51 2021 VERIFY OK: depth=0, CN=de817.nordvpn.com
Thu Jun 17 21:30:53 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Thu Jun 17 21:30:53 2021 [de817.nordvpn.com] Peer Connection Initiated with [AF_INET]141.98.102.155:443
Thu Jun 17 21:30:54 2021 SENT CONTROL [de817.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Thu Jun 17 21:30:54 2021 AUTH: Received control message: AUTH_FAILED
Thu Jun 17 21:30:54 2021 SIGTERM[soft,auth-failure] received, process exiting
...

but if you send a query via the privoxy, it will connect and go past whatever there is and directly connect via the host. Which to describe mildly... is really bad for a lot of reasons.

http_proxy="http://nordvpn-2:8118" https_proxy="http://nordvpn-2:8118" HTTP_PROXY="http://nordvpn-2:8118" HTTPS_PROXY="http://nordvpn-2:8118" curl ifconfig.co -vvvv
* Expire in 0 ms for 6 (transfer 0x55d461072fb0)
* Uses proxy env variable http_proxy == 'http://nordvpn-2:8118'
* Expire in 1 ms for 1 (transfer 0x55d461072fb0)
...
* Expire in 0 ms for 1 (transfer 0x55d461072fb0)
*   Trying 172.20.0.17...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55d461072fb0)
* Connected to nordvpn-2 (172.20.0.17) port 8118 (#0)
> GET http://ifconfig.co/ HTTP/1.1
> Host: ifconfig.co
> User-Agent: curl/7.64.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>
< HTTP/1.1 200 OK
< Date: Thu, 17 Jun 2021 19:33:38 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 15
< Connection: close
< CF-Cache-Status: DYNAMIC
...
< NEL: {"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
...
< Proxy-Connection: keep-alive
<
[REDACTED HOST IP]
* Closing connection 0
salvq commented

This behaviour is due to openvpn does not kill connection when chaning the server (have not checked firewall rules yet).

When you kill the openvpn service, your IP is leaked until the connection to server is reastablished...when using nordvpn application in linux, they have a feature called killswitch which take care of this behaviour.