bitmask shared VPN/Tor server leak bug?
From adrelanos on github:
The following issue applies to OpenVPN... Does it also apply to bitmask?
If a Tor entry guard is running on the same server (same IP) as the VPN server (same IP), and if VPN breaks down, Tor may connect directly to the VPN if it happened to choose that Tor relay (same IP) as entry guard. This is not that unlikely, because a lot VPN providers support VPN port forwarding, use public IPs and people host Tor servers behind VPN's.
A partial solution for this to set the VPN VM's firewall rules to allow connections only to the VPN server. Specifying destination port in that firewall rule should help a lot. Some cases will not be solved (like VPN running on 443).
A full solution is to allow only user tunnel to connect to the open internet. All other users not.