Vulnerabilities in VPNs: Paper presented at the Privacy Enhancing Technologies Symposium 2024

This report presents the "port shadow" vulnerability affecting VPN servers using OS connection-tracking frameworks (notably OpenVPN and WireGuard on Linux/Netfilter and some FreeBSD configurations). The flaw allows a malicious VPN client (or remote actor manipulating packets) to shadow a victim's port state, enabling deanonymization, DNS injection, connection hijacking, port scanning, and denial-of-service against other VPN clients sharing the same server; the authors disclose mitigations (firewall rules, source-port restrictions, limiting concurrent connections), attest to having followed coordinated disclosure, and reference CVE-2021-3773 (CVSSv3 9.8).