Is your Virtual private network (VPN) really secure? Many users heavily rely on VPN to get away from surveillance and privacy concerns. There are many free and private VPN service providers who offer VPNs to avoid geofence, to download pirated content. or just to use it as a protection for piracy.
According to a report published by perfect privacy if an attacker and user are in same VPN then the attacker can simply forward the traffic in specific port to expose the user’s real IP address. This flaw affects operating systems and VPN protocols including OpenVPN, PPTP and IPSec.
If two users are in same VPN provider then he just needs to know exit IP address of the victim’s VPN. Let us say victim is connected to 188.8.131.52 VPN server, now VPN routing table will look like 0.0.0.0/0 -> 10.0.0.1 (internal VPN gateway IP), 184.108.40.206/32 -> 192.168.1.1 (old default gateway). Attacker connects to same server 220.127.116.11, attacker obtains exit IP of the victim which can be obtained from various means like IRC, torrent client or making victim visit site which is controlled by the attacker. The attacker then activates port forwarding on server 18.104.22.168 to port 11111 and tricks victim into visiting link 22.214.171.124:11111 as soon as victims open the link it will reveal real IP address of the victim.
To stay safe from this flaw, VPN providers must set the server side firewall rule to block access from client’s real IP to port forwarding if they are not his own. Allow incoming connections to ip1, and exit connection through ip2-ipx.
Source: Perfect Privacy