8 August 2023 — TunnelCrack is a combination of two widespread security vulnerabilities in VPNs. An adversary can abuse these vulnerabilities to leak traffic outside the VPN tunnel. Our tests indicate that every VPN product is vulnerable on at least one device. We found that VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable. The discovered vulnerabilities can be abused regardless of the security protocol used by the VPN.

The two resulting attacks are called the LocalNet and ServerIP attack. Both can be exploited when a user connects to an untrusted Wi-Fi network. Our ServerIP attack can also exploited by malicious Internet service providers. The attacks manipulate the victim's routing table to trick the victim into sending traffic outside the protected VPN tunnel, allowing an adversary to read and intercept transmitted traffic.


LocalNet Attack

In the LocalNet attack, the adversary acts as a malicious Wi-Fi or Ethernet network, and tricks the victim into connecting to this network. An easy way to accomplish this is by cloning a popular Wi-Fi hotspot such as "starbucks". Once connected, the adversary assigns a public IP address and subnet to the victim:

Here there adversary wants to intercept traffic to, which has the IP address To accomplish this, the adversary tells the victim that the local network is using the subnet In other words, the victim is informed that IP addresses in the range are directly reachable in the local network. When the victim now visits, a web request will be sent to the IP address Because most VPNs allow direct access to the local network while using the VPN, which we abuse, the web request gets sends outside the protected VPN tunnel.

We tested 66+ VPNs on five platforms and found that all VPN apps on iOS are vulnerable. Additionally, all but one VPN client on macOS is vulnerable, on Windows a large majority of VPNs are vulnerably, and on Linux more than one-third are vulnerable. Interestingly, VPN apps on Android are typically the most secure, with one-quarter being vulnerable to the LocalNet attack.

ServerIP Attack

In the ServerIP attack, we abuse the observation that many VPNs don't encrypt traffic towards the IP address of the VPN server. This is done to avoid re-encryption of packets. As an example, say the VPN server is identified by the hostname and the real IP address of the VPN server is Let's assume the adversary wants to intercept traffic to which has IP address Then the attacks can be illustrated as follows:

Here the adversary first spoofs the DNS reply for to return the IP address, which equals the IP address of The victim will then connect with the VPN server at To assure the victim still successfully creates a VPN connection, the adversary redirects this traffic to the real VPN server. While establishing the VPN connection, the victim will add a routing rule so that all traffic to the VPN server, in this case the spoofed IP address, is sent outside the VPN tunnel. When the victim now visits, a web request is sent to Due to the routing rule just added, this request is sent outside the protected VPN tunnel.

We found that the built-in VPN clients of Windows, macOS, and iOS are vulnerable. Android 12 and higher is not affected. A significant number of Linux VPNs are also vulnerable. Additionally, we found that most OpenVPN profiles, when used with a vulnerable VPN client, use a hostname to identify the VPN server and therefore may result in vulnerable behavior. For more details about the ServerIP experiments, see our paper. To prevent the attack, VPN clients should be updated to send all traffic through the VPN tunnel, except traffic generated by the VPN app itself.


Our paper behind the attack is titled Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables and will be presented at USENIX Security 2023.

More Info

Are things not clear or do you want more information? See the detailed version of this page for more detailed explanations, including CVEs, disclosure details, a list of patched VPNs, and so on.