Commit 2e06aaaa authored by Vinicius Fortuna's avatar Vinicius Fortuna Committed by JANSSEN; jeroen
Browse files

feat: Update TR-ROUT requirements for tunnel failure and default configuration

parent ed51d71e

clauses/5.Requirements.md

+23 −1
Original line number Diff line number Diff line
@@ -19,7 +19,29 @@ The product shall only report that the VPN connection is established after it ha 
  * Verdict: No network traffic intended for the VPN exits the host

  * Evidence: Configuration of VPN client, method used to force connection to end without allowing shutdown tasks to run, network configuration, log of actions, error messages, packet capture with annotations



#### 5.2.1.3 Mapping of mitigations to risk factors and security profiles

#### 5.2.1.3 **[MI-ROUT-2]** VPN routing stays in effect during network-level tunnel failure



The product shall ensure that when the connection to the VPN server is lost at the network level (e.g., due to firewall rules or network outage), no traffic intended for the VPN connection can exit the endpoint through another interface.



  * Reference: TR-ROUT

  * Objective: Prevent VPN traffic leaks during tunnel failure

  * Preparation: None

  * Activities: Start the VPN connection, after it reports that it is connected, induce a network-level tunnel failure by blocking traffic to the VPN server's IP address using a host-based firewall, then attempt to transmit data that should only go through the VPN connection.

  * Verdict: No network traffic intended for the VPN exits the host via a non-VPN interface

  * Evidence: Method used to induce tunnel failure, network configuration, log of actions, error messages, packet capture with annotations



#### 5.2.1.4 **[MI-ROUT-3]** Tunnel all traffic by default



The VPN client shall by default be configured to route all network traffic from the endpoint through the VPN connection. If the client offers a mode that only tunnels traffic from specific applications (e.g., "split tunneling" or browser-only mode), this shall not be the default mode, and the user must be clearly informed of its limitations before enabling it.



  * Reference: TR-ROUT

  * Objective: Prevent user confusion and unexpected traffic leaks from non-tunneled applications

  * Preparation: Perform a factory reset or new installation of the VPN client.

  * Activities: Start the VPN connection using the default configuration. Generate traffic from multiple applications (e.g., a web browser and a separate command-line tool). Capture traffic on all interfaces.

  * Verdict: All traffic from all applications is routed through the VPN connection.

  * Evidence: Packet capture showing traffic from multiple applications going through the VPN interface.



#### 5.2.1.5 Mapping of mitigations to risk factors and security profiles



All mitigations are required for all products.