@@ -10,10 +10,12 @@ From the moment the user activates the VPN connection until the user knowingly d
The product shall only report that the VPN connection is established after it has configured the system in such a way that all traffic intended to be routed through the VPN connection will only exit through the VPN connection until the user knowingly deactivates the VPN connection. This assumes no other software on the user's endpoint changes relevant network configuration (network interfaces, routes, DNS).
* Test: start the VPN connection, after it reports that it is connected, kill the VPN software in a way that does not allow it to execute any clean up routines, then attempt to transfer data that should only go through the VPN connection
* Result: no data should exit the system
* Output: log of starting VPN, connection succeeding, client being killed, transfer failing, packet capture showing no data left after the VPN client was killed
* Documentation: how to kill the VPN connection without allowing any clean up routines
* Reference: TR-ROUT
* Objective: Prevent VPN traffic leaks
* Preparation: None
* Activities: Start the VPN connection, after it reports that it is connected, kill the VPN software in a way that does not allow it to execute any clean up routines, then attempt to transmit data that should only go through the VPN connection
* Verdict: No network traffic intended for the VPN exits the host
* Evidence: Configuration of VPN client, method used to kill client without allowing clean up routines to run, network configuration, log of actions, error messages, packet capture with annotations
#### 5.2.X.x Mapping of mitigations to risk factors and security profiles
