The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user’s VPN runs on Linux or Android.

Once again, Linux with a win!

Any vpn solution that uses a TCP/IP shim in full tunnel mode will ignore option 121 or any other routing options (static routes, etc). Most corporate VPNs like Global Protect/Cisco Any Connect, Appgate, etc will enforce full-tunnel. Any user who is using a VPN for privacy reasons should also use a full tunnel as well especially when connecting to an untrusted networks.

Dang option 121.

I told him 120 options was enough, but he just had to keep adding options.

Why doesn’t my internet look like that stock image tunnel of 1 and 0?

How did nobody discover this sooner if it is a common network option? This seems like it should have been well known to professionals. Who dropped the ball?

So basically don’t be stupid when on a network you don’t control. I mean I would think that would be common sense by now. Just because you’re on a VPN doesn’t mean that the local network doesn’t have some semblance of capabilities.

And maybe I read it wrong, but perhaps don’t use DHCP on a network you don’t control. Wouldn’t that wholly mitigate this?

I get that this is concerning for people who don’t know any better. But I don’t think it’s as devastating as the title makes it sound.