Ubuntu

Please warn the user when VPN is disconnected

Reported by Dennis Heinson on 2010-01-15
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
NetworkManager
Confirmed
High
network-manager (Ubuntu)
Wishlist
Unassigned

Bug Description

Binary package hint: network-manager

I sometimes use VPN for security reasons. I connect to an (insecure) WLAN or ethernet internet uplink and then tunnel all my traffic through VPN. Generally, this works fine using Network manager.

For various reasons though, this connection can drop at times (Flakey WLAN, Re-plugging a cable, and so forth). While Network-Manager notifies me of this using the notification system, BY DEFAULT it reconnects to the WLAN or ethernet and tunnels everything through that.

There should be a "are you sure?" clickbox before this happens!

Thank you!

visibility: private → public
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. While I understand your argument, this is more of a usability issue in network-manager and not a security vulnerability in and of itself.

security vulnerability: yes → no
Jamie Strandboge (jdstrand) wrote :

Based on IRC discussion, here are a couple more points:
 * this should really be addressed in network-manager upstream, as it is a UI issue
 * network-manager can be configured to not connect automatically by Editing the connection. If on a very hostile network, perhaps this can be used to avoid a reconnect

Dennis Heinson (dheinson) wrote :

Re: Point number 2 - yes, that is a good idea imho. However, since Ubuntu aims at usability by making the system safe by default, would a way to solve this be to disable auto-reconnection (opt-in vs. the current opt-out scheme)? Or should another security mechanism be put in place?

Changed in network-manager:
importance: Unknown → Medium
Changed in network-manager:
status: Unknown → Invalid
Thomas Hood (jdthood) on 2012-07-01
summary: - No warning when VPN connection is dropped
+ Please warn the user when VPN is disconnected
Thomas Hood (jdthood) wrote :

Upstream bug report has been marked a duplicate of upstream Bug 349151 - [enh] automatically reconnect VPN if dropped

Changed in network-manager (Ubuntu):
status: New → Invalid
Thomas Hood (jdthood) wrote :

Marked Invalid in accordance with status for upstream NetworkManager, but perhaps this should be wishlist.

This bug is wishlist in terms of making VPN connections reconnect and possibly for future work in having connections with dependencies (e.g. taking care of automatically pulling in a VPN on an untrusted network).

Changed in network-manager:
importance: Medium → Unknown
status: Invalid → Unknown
Changed in network-manager (Ubuntu):
status: Invalid → Triaged
importance: Undecided → Wishlist
Changed in network-manager:
importance: Unknown → Wishlist
status: Unknown → Confirmed
Changed in network-manager:
importance: Wishlist → High
Dennis Heinson (dheinson) wrote :

I still can't believe that this is not being recognized as a security flaw. All an attacker has to do is to interrupt the VPN connection (i.e. by jamming a WLAN signal) and bam! - lots of open ports in the local network.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.