Security Issue: Unsecured Connection When Using VPN

Hello,

I am a user of your operating system, and I have noticed a security issue that I believe needs attention. In cases where there are disruptions with the VPN, even with the “Always On VPN” and “Block Connections Without VPN” settings enabled, devices connected to the network I share through “Hotspot” or “USB/Bluetooth Modem” can bypass the VPN. This occurs when the “Allow Clients to Use VPN” mode is enabled.

This issue poses a significant threat to user security.

Suggestion: I propose adding an “Only VPN” mode that would allow network sharing exclusively through the VPN. In this mode, the “Allow Clients to Use VPN” setting would only provide VPN access if the user has activated the VPN and if there are no disruptions in the VPN connection.

On Linux distributions, this problem can be solved in this way. Add “Only VPN” mode, which will block all traffic except VPN(tun*)
iptables -A OUTPUT -o tun* -j ACCEPT
iptables -A OUTPUT -j REJECT

Affected Versions: This issue has been verified from version 1.8 to version 2.5t

Hi and welcome to the forum!
Are you aware of eOS-GitLab where you can report issues/bugs?
howto

The switch in settings of each VPN in system settings to block connections w/o VPN … To my best memory the bug is: it seemed to be working like intended only when switched off and vice versa… Did you check the behaviour whilst slider is switched off?
(I played with these settings many versions ago on my S7, not sure how it is now)

last I read it’s an inherent flaw in Androids VPN implementation.

is it possible to have iptables and arptables in android? There is a linux kernel under the hood and some userland could protect the network traffic.
Maybe having an app that generates a shell script to manage iptables.