Obsolete
Status Update
No update yet.
Comments
js...@android.com
It's tricky, since then we'd need to allow DNS packets to bypass the firewall before establishing the VPN. (We'd need to carefully block any DNS requests from other apps to prevent leakage, and cross our fingers that the DNS client on the device doesn't have any vulns.)
lo...@gmail.com
[Comment deleted]
lo...@gmail.com
Any idea if this feature can be implemented? It is better than no security at all!
ad...@b0331dea.childno.de
Dear jshar...@android.com
Sorry, but I can't follow to your argues in #c1. Yes it's correct, DNS Spoofing is a valid security issue and might harm the VPN security BUT
* in real life it's little to no attractive to emulate a widespread of VPN Servers, isn't it?
* if someone will do that, bypassing SSL certificates might simply be tracked down by using certificate pinning (what is a good idea, nevertheless)
* where is the "security difference" between a manual connect with DNS resolve where you can't check if it's the correct server and the desired auto-connect
* android would have a much better face getting more of these "make security functions convenient". Other third-party ROMs are shipping them continuously already!
* you might also track down the security risk by allowing auto-connect if a fixed DNS is used?! But still, this is even fixing the symptom. Someone might still route this to a poisoned DNS. Certificate pinning is your friend, validating if your VPN Server is really yours.
* regarding
Don't be evil, have some thoughts on it. It's possible if you want to add more security!!!
Sorry, but I can't follow to your argues in #c1. Yes it's correct, DNS Spoofing is a valid security issue and might harm the VPN security BUT
* in real life it's little to no attractive to emulate a widespread of VPN Servers, isn't it?
* if someone will do that, bypassing SSL certificates might simply be tracked down by using certificate pinning (what is a good idea, nevertheless)
* where is the "security difference" between a manual connect with DNS resolve where you can't check if it's the correct server and the desired auto-connect
* android would have a much better face getting more of these "make security functions convenient". Other third-party ROMs are shipping them continuously already!
* you might also track down the security risk by allowing auto-connect if a fixed DNS is used?! But still, this is even fixing the symptom. Someone might still route this to a poisoned DNS. Certificate pinning is your friend, validating if your VPN Server is really yours.
* regarding
Don't be evil, have some thoughts on it. It's possible if you want to add more security!!!
th...@gmail.com
It's been almost 2 years and google still has nothing on this?
All VPNs today constantly rotate their IPs (due to blacklisting or load), so it is absolutely unfeasible to only use IPs.
It's getting very very annoying to do even the most basic tasks securely these days...
All VPNs today constantly rotate their IPs (due to blacklisting or load), so it is absolutely unfeasible to only use IPs.
It's getting very very annoying to do even the most basic tasks securely these days...
co...@gmail.com
"where is the "security difference" between a manual connect with DNS resolve where you can't check if it's the correct server and the desired auto-connect"
This really ought to be an option.
This really ought to be an option.
jo...@gmail.com
In order to support global VPN solutions which provide GEO based closest VPN connection for performance reasons, not to mention HA capabilities where a failing Point Of Presence doesn't make an Always-On device completely useless, I strongly recommend you re-prioritise this capability. The competition has moved on particularly in the Enterprise space.
sa...@gmail.com
It' more than 2 and a half years now. Google sucks at this.
ma...@gmail.com
I have same issue as my VPN provider doesn't have static IP's for its servers. I have to manually connect to my vpn everytime connection drops or i restart my data connection.
ga...@gmail.com
[Comment deleted]
ga...@gmail.com
What a SHAME on Android developers. Think about PRESHARED key. How do the attacker is supposed to know it. Think about cert validation. Just think and make it happen. This is a must be function. Wake up!!!!
sa...@studocu.com
Still waiting for a fix.
sa...@google.com
Thank you for your feedback. We have tried our best to address the issue reported, however our product team has shifted work priority which doesn't include this issue. For now, we will be closing the issue as "Won't Fix (Obsolete)". If this issue still currently exists, we request that you log a new issue along with the latest bug report here: https://goo.gl/TbMiIO and reference this bug for context.
Description
For example, I like to tunnel to home when using public wifi, and because i do not have a static IP, I use a dynamic dns service to connect to home instead of a known IP.