Windows Sandbox Leaks #7434
Comments
|
Does this mean that while lockdown mode was enabled and I was connected to the VPN the real IP was leaking inside the VM? Or does this mean that the real IP leaked while VPN tried to connect? Both cases are really bad! |
|
I would like to know that too. |
|
Hello! We are overdue an update to the original blog post detailing the issue, but here's the (not so) short version. We define a leak as "the possibility of traffic being sent outside the tunnel", as an outside observer could observe your real IP and e.g. the websites you are visiting. The Mullvad VPN client has two layers of protection against leaks:
The second layer is needed as applications can choose to ignore the routing table and send their traffic to the physical interface directly, though this not very common. It is also used when the tunnel goes down unexpectedly and you enter the blocked state. For example, if your account runs out of time you will get disconnected from the relay. In these cases we enter the "blocked state" where all traffic is stopped to prevent leaks as the tunnel and its routes are gone. The issue with virtual machinesWindows has a native hypervisor for managing virtual machines, called Hyper-V, which handles both WSL and Windows Sandbox. Traffic from such virtual machines ignores normal firewall rules from Windows Filtering Platform (WFP). This means that, before version 2024.9 of the app, the second layer of protection has not been functioning for traffic to and from virtual machines on Windows. While you were connected, your traffic would most likely still be routed inside the tunnel. However, while you were connecting (or switching location) and while you were in the blocked state, all traffic would leak outside the tunnel. What's fixed in version 2024.9Since we detailed the original issue in 2020, Microsoft has introduced a limited firewall for Hyper-V traffic. Using it, we have implemented rules for blocking all traffic from virtual machines during the "blocked" and "connecting" states. This means that, if e.g. you account runs out of time, or you disconnect with "lockdown mode" enabled, all traffic should be blocked to prevent leaking your IP address. We do not, however, have the ability to filter out traffic headed outside the tunnel while connected, so you are still vulnerable to malicious applications that ignore the routing table. Special note on Windows SandboxUnfortunately, it seems that the new firewall rules are not working as intended for Windows Sandbox. The feature was mainly tested using WSL, but after some further investigation it seems like the new firewall rules aren't properly filtering all traffic from Windows Sandbox. We will look into this further. |
|
@Serock3 That sounds really bad and I wish I knew this beforehand. Is it normal that visiting mullvad.net/en/check from within and outside Windows Sandbox did not indicate there was an issue?
Where is this leak occurring? Within Windows Sandbox or the main desktop? Both? Does this leak still happen if Mullvad is installed only in and used from the main desktop, not Windows Sandbox? |
|
Good questions.
Only applications from within the virtual machine can leak, the host OS (your desktop environment) is safe.
It wouldn't leak to anywhere in particular. Rather, as the traffic would go outside the tunnel, anyone who could intercept your traffic, e.g. your ISP, could see your IP address and what you are browsing.
If visiting mullvad.net/en/check in Windows sandbox does not indicate a leak, then you probably aren't leaking. As I mentioned, while you are connected then the routing table should still correctly make sure your data is sent in the tunnel. Certain programs have been known to ignore the routing table, and would therefore send the data unencrypted. They are fortunately few and far between, and you browser evidently isn't one of them. However, if you lose your connection and end up in the "blocked state" for whatever reason, the data would start leaking.
Yes! This only happens if the app is installed in the host OS. If you install Mullvad VPN in Windows sandbox (or WSL) itself, it will work normally 🙂 |
Does this also apply with toggling 'Local network sharing'? I ask because there is no internet connection, or at least there appears to not be any, if that is not toggled on in Mullvad's setting. |
|
I have done some limited testing which I can share, but Windows Sandbox seems to behave strangely and I can't guarantee that it will work the same for you. From my testing it seems that while most traffic from Windows Sandbox ignores all our firewall rules, but DNS is sent to a local resolver which is for some reason caught by our non-Hyper-V filters. This causes DNS to be blocked unless local network sharing is on.
If I understand your question correctly, you are asking whether data leaks while in the "blocked state" when local network sharing is disabled. The answer is yes, DNS traffic will be blocked but other traffic will leak outside the tunnel, which you can verify by pinging some address from within the Sandbox, e.g. by running |
Sorry if this is redundant but since it might change the answer, I have to ask, is this happening if I have Mullvad installed only in the main desktop and local network sharing is turned off? That is surprising because before turning that on, Windows Sandbox reports there is no internet connection. |
|
I suspect that what you experience as not having access to internet inside Windows Sandbox is actually just DNS being blocked. When DNS is blocked you cannot access websites by their domain name, but you could still send traffic to an explicit IP address. As I mentioned, you could try this by running After looking in to it some more and discussing it with the team, we have concluded that it is most likely not possible to filter traffic from Windows Sandbox. It doesn't expose a |
|
This is all a very unfortunate and terrible error by Microsoft.
It is not foolproof since someone can launch the Sandbox before toggling it but would it worth having a notification pop up when turning on local network sharing warning about these leaks? |
That local network sharing is needed for DNS in to work in Windows Sandbox isn't really related to the leak, per se. We have added a section about the Windows Sandbox leaks to our known issues document. I know it's not foolproof, but I hope that affected users can find information about the problem there or in this thread. I'll close this issue as "not planned" to indicate that the leaks remain. It's unfortunate that we couldn't find a proper fix, but thanks for reporting the bug and helping to spread awareness! |
Yes, that is correct. That is why I suggest having it there since interacting with it is a requirement to get things to work. |
Is it a bug?
I have checked if others have reported this already
Current Behavior
This is on the Releases page
Is this saying Windows Sandbox leaks the user's real IP address? To what or whom is it leaking?
Expected Behavior
n/a
Steps to Reproduce
n/a
Failure Logs
No response
Operating system version
Windows 10/11
Mullvad VPN app version
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: