There is much blog traffic this week about the so-called “security flaw”, supposedly in PPTP, when “combined with IPv6″. A number of explanations have been offered, none of which have aptly described the situation.
See this article, which includes an embedded video of the Telecomix Cipher conference talk that started the controversy. The talk makes several interesting points about anonymity, through proxies and VPNs, and how sites work around them to see who you really are.
The problem is not due to a security flaw in PPTP, or in PPTP when used with IPv6. It is an effect of trying to implement a solution that simply ignores IPv6, a strategy which has become inappropriate in the current Internet.
Any VPN, or other tunneling solution will route some portion of its traffic over an alternative path, like a tunnel. A very common type of VPN, which addresses the “road warrior” scenario, allows a client to connect securely to its home network. For instance, a “road warrior” VPN client which is connected to its home net can be recognized as part of that network and allowed access to resources such as file servers, email servers, etc. Connection to a VPN may also offer the client the ability to hold a real, routable IP address when they are actually situated behind a NAT device. If the VPN connection is set up to route all traffic through the VPN, then the VPN-assigned address will represent your “identity” as far as the world is concerned.
Of course, having a VPN connection, and being represented by a VPN-assigned address does not give you anonimity. That VPN-assigned IP address was allocated to your VPN provider, and they will probably have logs and records of who you are and when you occupied what address, especially if they authenticate you, and if you use Relakks or Ipredator, or any service which requires sign-up, or especially if they charge you money, the “anonymity” is relative. You trust these providers either to completely forgo logging, which they don’t, or to deny warrants and subpoenas, which they won’t. Anonymity, security, are just not this simple to achieve, and the average user is not equipped to evaluate what he’s getting.
The problem isn’t that the VPN solutions in question are flawed, it’s that they only affect the routing of IPv4, so that when your computer connects to an IPv6 resource, it will use your normal IPv6 routing, which has not been changed by the VPN set-up.
If you are using ANY tunnel-style VPN which tunnels IPv4 and not IPv6, then your IPv6 address will be visible to any resource you access via IPv6. I have seen many comments that suggested using OpenVPN, or IPSec VPNs, or etc. But they will all suffer from the same problem, unless they are set up to deal with all of the network protocols (IPv4 and IPv6) on your computer.
Of course, if you zoom out and look at the real problems in this scenario, you realize that VPNs, current operating systems, the World Wide Web, are all designed with absolutely no attention to anonymity. In order to provide anonymity, you would have to reorganize the OS, the VPN, etc. If you built a special anonomyzing browser app, from the ground up, you could begin to address proxy-based anonymity, but there would still be much trial and error.
Of course, if you turn off IPv6 altogether, it will prevent you from reaching IPv6 resources, and thereby prevent the described issue with IPv6 addresses. But the way forward is to challenge the implementers to stop ignoring IPv6, which is growing at an increasing rate, and modernize their applications.