said by koitsu:Here are two posts (one post, one thread) where an individual did exactly what I said (re: "the more people screw around, ... the more likely they're exposed"):
»www.linksysinfo.org/inde ··· x.68094/
»www.linksysinfo.org/inde ··· t-222422
So like I said, as long as people keep it simple and don't try to get all crazy with their Tomato/TomatoUSB routers and use them "normally" (i.e. as a simple home NAT router providing Internet access to their home PCs and laptops), they're secure. It's when people begin to go balls-to-the-walls that problems get introduced (like in the above thread, where the individual quite literally had every single daemon on his router publicly accessible to the Internet -- his UPnP instance was probably one of the few which was detected!). KISS wins again.
Whoaaaa. Your message is unreasonable. Here is why.
You can't honestly believe it is reasonable that someone would purchase an expensive powerful "open" router, find a release of Tomato that has a full set of VPN features, go through the trouble of flashing the router, jump through a pile of hoops to make certain the configuration has been wiped correctly, then use the device as a simple NAT gateway? Really? Anyone could achieve that result buying a $15 device and just plug it into their network.
Saying that applying and using a VPN is "all crazy" is just a bizarre statement. To further suggest suggest "begin to go balls-to-the-walls that problems get introduced" is silly. Using a VPN is nothing of the sort.
The issue that was uncovered was simply because using a Tomato PPTP Client VPN will cause the remote end to have complete access to the processes running on the Tomato router. Nothing more complicated than that. No other factors were at play. Not customized firewall rules. Not NAT.
The stock/default firewall rules do in fact allow new inbound TCP connections or UDP packets to make it to local processes on the WAN ppp0 interface when using the PPTP Client VPN. Its something for which all users of the Tomato client VPN feature should be aware.
See here:
»
repo.or.cz/w/tomato.git/ ··· ad81115cIf you wish to characterize use of that feature as "all crazy" then you do a disservice to the community. The use of VPNs is expected to rise globally 4% over the period 2012-2016. Home use of VPNs will exceed that figure. Helping to secure Tomato is a valuable contribution. Ranting and misleading statements are not.