Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request]: SHOW the routes currently installed #6239

Open
4 of 10 tasks
Sami32 opened this issue May 9, 2024 · 3 comments
Open
4 of 10 tasks

[Feature request]: SHOW the routes currently installed #6239

Sami32 opened this issue May 9, 2024 · 3 comments
Labels
feature request For issues asking for new features

Comments

@Sami32
Copy link

Sami32 commented May 9, 2024

I have checked if others have suggested this already

  • I have checked this issue tracker to see if others have reported similar issues.

Feature description

If only the VPN client would SHOW the routes currently installed.
This would make it easy for the user to see if somebody is "tricking" communication that was intended for the VPN connection outside of it (like when travelling and using public WiFi (TunnelVision attack), for exemple)

Alternative solutions

Don't use poor UIX.

Type of feature

  • Better privacy/anonymity
  • Better at circumventing censorship
  • Easier to use
  • Other

Operating System

  • Android
  • iOS
  • Windows
  • macOS
  • Linux
@Sami32 Sami32 added the feature request For issues asking for new features label May 9, 2024
@staffa
Copy link

staffa commented May 11, 2024

Technically the TunnelVision attack is actually inapplicable to Android due to its lack of support for option 121, though I don't mean to say it isn't still a desireable feature. That said, I don't think the vast majority of users would be making much sense of the routing.

I'm definitely not at all knowledgable when it comes to networking, but the TunnelVision writeup says that VPNs were reporting as still connected. I can't tell if that would imply that there is no way for the client to know, or if indeed there is enough information to detect the tunnel is being bypassed.

@Sami32
Copy link
Author

Sami32 commented May 11, 2024

Without this kind of routes informations you better not be a dissident using public untrusted network... Or only use an Android version that don't support option 121 (>= Android 16?)

Users having access to routes informations can monitor it by themself; an automatic script can be frequently run to detect any routes table changes but it will consume more battery on your travel router.

Yes, until now Android non-standard compliant approach avoided such issue.
But as a future proof development approach and UIX general coherence between OS i think that it should at least be offered as an optional settings.

All this wouldn't be a problem if users were allowed to be a bit more involved in everything. It would be quite easy to see if somebody inserts a route for example, if only the VPN client would SHOW the routes currently installed. This would make it easy for the user to see if somebody is "tricking" communication that was intended for the VPN connection outside of it. But, sadly, the world has decided that users must be stupid and should see no technical details - and that everything must be handled automatically AND safely. This is what keep putting us in these "impossible" situations - the fact that everything should "configure itself" AND at the same time do exactly what "we" (whoever "we" are) want.

Anyway, that was only my 2 cents.

@benjaminhays
Copy link

If I'm not mistaken, the app could have a subsection somewhere in the support/debug menu that prints the contents of /proc/net/route for those who are concerned/curious about the status of the routing table at present. It shouldn't be too hard to implement either, assuming my limited Android knowledge is correct about the app's access to the table. It may also be useful for troubleshooting and the like, especially if routing table corruption occurs due to an unintentional bug or error.

I doubt that it would actually prevent any current or future attacks against VPNs in practice, but it may give some peace of mind to those concerned about said attacks. A lot of security-minded folk tend to over-focus on the technical aspects of surveillance attacks and not the very real psychological effects that occur as a result. Dictatorships and authoritarian regimes know very well that even if someone has all the technical abilities to evade surveillance, the person will regardless likely be fearful and in a constant state of paranoia. This is how dissent is suppressed without a single arrest or wiretap, without a trace or an entry in a log file. I imagine only a subset of users have a need for this kind of information, but if it assists in those areas, what is not to like?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request For issues asking for new features
Projects
None yet
Development

No branches or pull requests

3 participants