[Article proposal] Secure your VPN from Tunnelvision attacks with NetworkManager

Article Summary: Secure your VPN from Tunnelvision attacks with NetworkManager

Article Description:

Some months ago a way to bypass the security of VPN clients was disclosed. It received the name of “Tunnelvision” and got the CVE ID CVE-2024-3661 assigned. For a malicious owner of a network that the victim connects to, it is trivial to exploit the vulnerability.

The article would present a way to protect against it using policy routing and would explain how to apply that configuration using NetworkManager. Tentative structure of the article:

  • Basic explanation about routing (necessary to understand how the attack works)
  • Basic explanation about DHCP and how it can install routes to your system (same)
  • Small explanation of how Tunnelvision attack works and link to the researchers’ website for expanded info.
  • Explanation about how to prevent the attack using policy routing
  • Explanation about how to apply the configuration using NetworkManager

I can write the article if it’s approved.

Regards

+1 from me. Thanks!

By the way, as I’m a NetworkManager maintainer, I was planning on posting mostly the same content on NetworkManager’s blog. It is going to be original content created by me, but I don’t know if you have any policy against this. Would it be a problem?

We don’t like to duplicate content to/from other sites, but I think it is mainly a search engine optimization concern. There might also be some copyright/license concerns, but I don’t really understand most of that. :slightly_smiling_face: My layman’s understanding of the copyright is that the original copy “wins” if there is a conflict. Can I ask that you publish the content on Fedora Magazine first? The content on Fedora Magazine is published under the Creative Commons license (as noted in the footer). Thanks.

Yes, no problem with that. I just wanted to publish it in both sites for wider awareness, nothing else. The license is not a problem, I can publish it later in NM’s site, with the same license.

I will also try to vary it a bit, and not being just a copy paste, but they will be similar anyway, I guess.

1 Like

Pagure ticket #356 has been opened to track this article.

When you have it ready for review in Fedora Magazine WordPress leave a link to the preview as a comment in this ticket and the editors will review it and edit, if necessary.

Thank you for volunteering your article.