
IP leak affecting VPN providers with port forwarding - ikeboy
https://www.perfect-privacy.com/blog/2015/11/26/ip-leak-vulnerability-affecting-vpn-providers-with-port-forwarding/
======
noonespecial
Its worth noting that to pull off this exploit against a victim you have to
both have a VPN account that is on and using the same server as the victim AND
trick the victim into visiting a link on a host that you have connected to
that VPN server (with a port forward through to you).

It works because the traffic never exits the given VPN server as an internal
route exists. The simplest method to fix this as a VNP provider is simply to
use a second IP as the exit only IP and force all traffic from clients to
leave by it.

------
HappyTypist
One way to mitigate this attack is to have different entry IPs to exit IPs -
which is being done by Mullvad.

I have to wonder how many people have exploited this in the past decade or
even longer.

