Virtual Private Network (VPN) solutions are used to connect private networks securely over the Internet. Besides their benefits in corporate environments, VPNs are also marketed to privacy-minded users to preserve their privacy, and to bypass geolocation-based content blocking and censorship. This has created a market for turnkey VPN services offering a multitude of vantage points all over the world for a monthly price. While VPN providers are heavily using privacy and security benefits in their marketing, such claims are generally hard to measure and substantiate. While there exist some studies on the VPN ecosystem, all prior works omit a critical part in their analyses: (i) How well do the providers configure and secure their own network infrastructure? and (ii) How well are they protecting their customers from other customers? To answer these questions, we have developed an automated measurement system with which we conduct a large-scale analysis of VPN providers and their thousands of VPN endpoints. Considering the fact that VPNs work internally using non-Internet-routable IP addresses, they might enable access to otherwise inaccessible networks. If not properly secured, this can inadvertently expose internal networks of these providers, or worse, even other clients connected to their services. Our results indicate a widespread lack of traffic filtering towards internally routable networks on the majority of tested VPN service providers, even in cases where no other VPN customers were directly exposed. We have disclosed our findings to the affected providers and other stakeholders, and offered guidance to improve the situation.

翻译：虚拟专用网络（VPN）解决方案被用于通过互联网安全地连接私有网络。除了在企业环境中的优势外，VPN服务商还向注重隐私的用户宣传其保护隐私、绕过基于地理位置的内容屏蔽和审查的功能。这催生了一个交钥匙VPN服务市场，用户只需支付月费即可获得遍布全球的众多接入点。尽管VPN提供商在营销中极力强调隐私和安全优势，但这些主张通常难以量化和验证。虽然已有一些关于VPN生态系统的研究，但所有先前工作都在分析中忽略了一个关键部分：（i）提供商如何配置和保护其自身网络基础设施？（ii）他们如何保护客户免受其他客户的影响？为回答这些问题，我们开发了一套自动化测量系统，对VPN提供商及其数千个VPN端点进行了大规模分析。考虑到VPN在内部使用不可路由的IP地址工作，它们可能允许访问原本无法访问的网络。如果配置不当，可能会无意中暴露这些提供商的内部网络，甚至更严重地暴露连接到其服务的其他客户。我们的研究结果表明，大多数受测VPN服务提供商普遍缺乏对内部可路由网络的流量过滤，即使在未直接暴露其他VPN客户的情况下也是如此。我们已向受影响的提供商及其他相关方披露了研究结果，并提供了改善现状的指导建议。