eibgrad
Part of the Furniture
I've made this same argument over at the dd-wrt and tomato forums. Merlin, dd-wrt, and tomato all have this same OpenVPN client vulnerability. There's no need to rehash the details here, since you can read all about it directly from the tomato forums.
https://www.linksysinfo.org/index.php?threads/openvpn-client-security-enhancement.74549/
Only difference w/ Merlin is that he creates a user-defined chain called OVPN to which he inserts the same bidirectional firewall rules, then jumps to that chain from the INPUT and FORWARD chains of the filter table. But the net effects and behavior are identical to dd-wrt and tomato.
And it's not just routers that have this vulnerability. I see all kinds of devices, including NAS!
https://www.linksysinfo.org/index.php?threads/openvpn-client-security-enhancement.74549/
Only difference w/ Merlin is that he creates a user-defined chain called OVPN to which he inserts the same bidirectional firewall rules, then jumps to that chain from the INPUT and FORWARD chains of the filter table. But the net effects and behavior are identical to dd-wrt and tomato.
Code:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
850K 58M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
76 5391 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
35765 1995K PTCSRVWAN all -- !br0 * 0.0.0.0/0 0.0.0.0/0
6 3240 PTCSRVLAN all -- br0 * 0.0.0.0/0 0.0.0.0/0
6 3240 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0 state NEW
4976 308K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 state NEW
30789 1687K OVPN all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
3 1053 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
28576 1486K ACCEPT tcp -- * * 0.0.0.0/0 192.168.1.1 ctstate DNAT tcp dpt:8443
11 4992 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
2182 182K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- tun11 * 0.0.0.0/0 192.168.1.100 tcp dpt:1002
0 0 ACCEPT udp -- tun11 * 0.0.0.0/0 192.168.1.100 udp dpt:1001
0 0 ACCEPT tcp -- tun11 * 0.0.0.0/0 192.168.1.100 tcp dpt:1000
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 other2wan all -- !br0 vlan2 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 ACCEPT all -- br0 br0 0.0.0.0/0 0.0.0.0/0
0 0 NSFW all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate DNAT
0 0 OVPN all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT all -- br0 * 0.0.0.0/0 0.0.0.0/0
Chain OVPN (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- tun11 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun11 * 0.0.0.0/0 0.0.0.0/0
And it's not just routers that have this vulnerability. I see all kinds of devices, including NAS!
Last edited: