Giters

AdguardTeam / AdGuardVPNCLI

AdGuard VPN command-line version

Home Page:https://adguard-vpn.com/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Temporary loss of network connection may lead to IP leak

bleadev opened this issue · comments

commented

Please answer the following question for yourself before submitting an issue

  • I checked to make sure that this issue has not already been filed

AdGuard VPN CLI version

1.0.3 nightly

Environment

  • OS: DietPi v9.4.2 (Based on Debian GNU/Linux 11 (bullseye))
  • Architecture: armv7l

Issue Details

Steps to reproduce:

  1. Switch to socks mode
  2. Connect on a restricted network that requires the use of a relay
  3. Block the relay with the firewall and terminate any existing connections in the firewall connection tracking table
  4. Wait for a few minutes
  5. Make a request through a proxy

Real world case:

  1. Switch to socks mode
  2. Connect on a restricted network that requires the use of a relay
  3. Wait until the relay gets blocked
  4. Disconnect the device from the internet for a few minutes (in my case it was a router reboot that triggered the issue)
  5. Reconnect the device to the internet
  6. Make a request through a proxy

Expected Behavior

The client stops processing incoming connections via socks5 proxy if it isn't connected to the VPN.

Actual Behavior

Socks5 requests bypass the VPN and go directly out the machine's network interface (for example curl -x socks5://127.0.0.1:1080 https://icanhazip.com returns the machine's real IP address).

Screenshots

No response

Additional Information

During the issue tunnel.log contains the following looping block 
VPNCORE operator(): [0] Recovering session...
VPNCORE raise_state: [0] VPN_SS_RECOVERING
STANDALONE_CLIENT vpn_handler: Vpn event: VPN_EVENT_STATE_CHANGED
LOCATIONS_PINGER start_location_ping: [hello-location] Starting location ping
PING do_connect: [hello-location] Round 1: tcp://st1.zoom.us (45.135.160.18:443) via (default): Connecting
PING do_connect: [hello-location] Round 1: tcp://st1.zoom.us ([2a02:6ea0:c01a:1::2]:443) via (default): Connecting
PING do_connect: [hello-location] Round 1: tcp://st1.zoom.us ([2a02:6ea0:c01a:1::2]:443) via (default): Failed to connect: xconnect: (101) Network unreachable
PING on_timer: [hello-location] Round 1: tcp://st1.zoom.us (45.135.160.18:443) via (default): Timed out
PING do_connect: [hello-location] Round 2: tcp://st1.zoom.us ([2a02:6ea0:c01a:1::2]:443) through relay 89.42.85.63:443 via (default): Connecting
PING on_timer: [hello-location] Round 2: tcp://st1.zoom.us ([2a02:6ea0:c01a:1::2]:443) through relay 89.42.85.63:443 via (default): Timed out
PING do_prepare: [hello-location] Pinging done, reporting results
LOCATIONS_PINGER process_ping_result: [hello-location] Failed to ping endpoint st1.zoom.us (45.135.160.18:443) - error code PING_TIMEDOUT
LOCATIONS_PINGER process_ping_result: [hello-location] Failed to ping endpoint st1.zoom.us ([2a02:6ea0:c01a:1::2]:443) - error code PING_TIMEDOUT
LOCATIONS_PINGER finalize_location: [hello-location] None of the endpoints has been pinged successfully
VPNCORE pinger_handler: [0] Failed to ping location
VPNCORE initiate_recovery: [0] Time to next recovery: 0ms
VPNCORE raise_state: [0] VPN_SS_WAITING_RECOVERY
STANDALONE_CLIENT vpn_handler: Vpn event: VPN_EVENT_STATE_CHANGED
STANDALONE_CLIENT vpn_handler: Waiting recovery: to next=0ms error=1 Failed to ping location