Analysing Leakage during VPN Establishment in Public Wi-Fi Networks

The use of public Wi-Fi networks can reveal sensitive data to both operators and bystanders. A VPN can prevent this. However, a machine that initiates a connection to a VPN server might already leak sensitive data before the VPN tunnel is fully established. Furthermore, it might not be immediately possible to establish a VPN connection if the network requires authentication via a captive portal, thus increasing the leakage potential. In this paper we examine both issues. For that, we analyse the behaviour of native and third-party VPN clients on various platforms, and introduce a new method called selective VPN bypassing to avoid captive portal deadlocks.