TunnelCrack Attack leaks traffic outside VPN

Authored by KU Leuven, NYU, and NYU Abu Dhabi

Our tests indicate that every VPN product is vulnerable on at least one device. We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable. The discovered vulnerabilities can be abused regardless of the security protocol used by the VPN. (“Every VPN product” is a misjudgement, and they are not responsible for this judgement but they are responsible for fixing this accusation in their report and their website.)

The two resulting attacks are called the LocalNet and ServerIP attack. Both can be exploited when a user connects to an untrusted Wi-Fi network. Our ServerIP attack can also exploited by malicious Internet service providers. The attacks manipulate the victim’s routing table to trick the victim into sending traffic outside the protected VPN tunnel, allowing an adversary to read and intercept transmitted traffic.

LocalNet Attack

  • CVE-2023-36672: LocalNet attack resulting in leakage of traffic in plaintext. The reference CVSS score is 6.8.
  • CVE-2023-35838: LocalNet attack resulting in the blocking of traffic. The reference CVSS score is 3.1.

  • adversary acts as a malicious Wi-Fi or Ethernet network, and tricks the victim into connecting to this network
  • Here there adversary wants to intercept traffic to target.com, which has the IP address To accomplish this, the adversary tells the victim that the local network is using the subnet In other words, the victim is informed that IP addresses in the range are directly reachable in the local network. When the victim now visits target.com, a web request will be sent to the IP address

ServerIP Attack

  • CVE-2023-36673: ServerIP attack, combined with DNS spoofing, that can leak traffic to arbitrary IP address. The reference CVSS score is 7.4.
  • CVE-2023-36671: ServerIP attack where only traffic to the real IP address of the VPN server can be leaked. The reference CVSS score is 3.1.

  • VPNs don’t encrypt traffic towards the IP address of the VPN server
  • adversary first spoofs the DNS reply for vpn.com to return the IP address, which equals the IP address of target.com
  • victim will then connect with the VPN server at
  • adversary still redirects this traffic to the real VPN server
  • victim will add a routing rule so that all traffic to the VPN server, in this case the spoofed IP address, is sent outside the VPN tunnel

Am I affected by this vulnerability?

  • all built-in VPN clients of Windows, macOS, and iOS
  • Android 12 and higher is not
  • significant number of Linux VPNs
  • most OpenVPN profiles, when used with a vulnerable VPN client, may be

How can I learn more about TunnelCrack?

For more details about the ServerIP experiments, see our paper. Our paper behind the attack is titled Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables and will be presented at USENIX Security 2023. To prevent the attack, VPN clients should be updated to send all traffic through the VPN tunnel, except traffic generated by the VPN app itself.

  author = {Nian Xue and Yashaswi Malla and Zihang Xia and Christina P\"opper and Mathy Vanhoef},
  title = {Bypassing Tunnels: Leaking {VPN} Client Traffic by Abusing Routing Tables},
  booktitle = {Proceedings of the 32th {USENIX} Security Symposium},
  year = {2023},
  month = {August},
  publisher = {\{USENIX} Association}