You might be interested in my tool wg-lockdown. I mainly use it on desktops but it should work on servers as well, it’s just an nftables config after all. It also shouldn’t interfere with UFW though you might want to double-check with some of the networking experts here.

I see what you mean now. I wouldn’t advocate for people to disable DHCP features either. It should be the VPN provider’s responsibility to provide a proper VPN client that mitigates attacks like these.

why is a split tunnel relevant? I thought all VPNs are vulnerable unless they use a firewall like I do, or network namespaces.

At least the way I understand it, a normal VPN redirects your internet traffic to instead go through a virtual network interface, which then encrypts and sends your traffic through the VPN. This attack uses a malicious DHCP server to inject routes into your system, redirecting traffic to the attacker instead of towards the virtual network interface.

Using untrusted networks is quite common, like coffee shop wifi or airport wifi.

what features are you talking about?

Actually my firewall is persistent, just like many of the other good VPN clients, so “kill switch” is a bit of a misnomer. Which is why I called it wg-lockdown, named after Mullvad’s lockdown mode. Persistent firewalls are effective, they just add a very tiny side-channel, as discussed in the link in my post. I just used the terms “kill switch” in my post because that’s what many other people use.

Though the point about the LAN is a good point, I didn’t consider that. I added LAN access because without it, the firewall was interfering with the networking of my docker container and virtual machines, which use local subnets. Even the official Mullvad client has issues with this. What do you recommend in this case? Manually whitelist the local subnets used by docker and my other virtual networks?

Edit: actually upon reading Mullvad’s statement on TunnelVision, I realized that my firewall is still effective because it only allows traffic directed to LAN IP’s to bypass the VPN. So regular internet traffic will be blocked if the attacker tries to redirect it to the LAN. I’m glad I used Mullvad as a reference implementation 😅

I thought TunnelVision applies to all VPN users that don’t use firewall / network namespaces