Multiple VPN tun interfaces problem

[crossbowerbt]

The scenario

I have a physical box (for malware) on a localnet, and a cuckoo installation on another box that also acts as a router for the physical box.

I also have multiple VPN interfaces, which i can select on the cuckoo panel when I execute malwares on the physical box.

The strange thing is the following:

When I first choose a VPN, everything works correcly, and the external IP is the expected one. When I test the malware again, selecting a different VPN, the external IP doesn't change, but remains the IP of the previously selected VPN (similar to a sort of "caching" of the first VPN).

After, let's say 30 minutes, if i choose a different VPN, everything works as expected...

Patch

After some research I think the issue is caused by the POSTROUTING table:

Chain POSTROUTING (policy ACCEPT 220 packets, 13200 bytes)
 pkts bytes target     prot opt in     out     source               destination
    9   955 MASQUERADE  all  --  any    tun2    anywhere             anywhere
   60  3993 MASQUERADE  all  --  any    tun3    anywhere             anywhere
   31  3702 MASQUERADE  all  --  any    enp0s25  anywhere             anywhere
    9   657 MASQUERADE  all  --  any    tun0    anywhere             anywhere
   11   701 MASQUERADE  all  --  any    tun1    anywhere             anywhere

It was not a problem of caching, it was probably the first POSTROUTING rule that was always selected. If I only enable MASQUERADING for the correct output tun interface, everything works as expected.

I attach here a patch that fixed this behaviour for me (for the file rooter.py).

Can a developer confirm the bug? Or tell me if I have done something wrong?

[crossbowerbt]

rooter_nat_source.patch.txt

[jbremer]

Thanks! Could be accurate, yes. I believe we had a similar PR that's yet to be tested & merged #1855. @seanthegeek @razuz @doomedraven thoughts?

[doomedraven]

Em i need retest it, but there no changes in router and ir worked fine with 55 sifferent vpn exit nodes