A critical security flaw named TunnelVision has been discovered, compromising VPN traffic via DHCP protocol exploitation.

All VPN users across various operating systems are vulnerable, with Android being the sole exception.

The TunnelVision vulnerability has been a potential risk since at least 2002, posing threats to user privacy and security.

Linux users can protect themselves by enabling network namespaces, a solution that is recommended for adoption by other OS manufacturers.

While certain firewall mitigations exist, they may lead to selective service denial and potential side-channel issues.

Preventative measures include barring the use of DHCP rule 121 or utilizing VPNs over secure, password-protected Wi-Fi networks.

Responsibility for addressing TunnelVision lies with both users and providers, with an emphasis on the latter to integrate network namespaces where applicable.

For non-Android users, the most effective countermeasures involve running VPNs through virtual machines or connecting via a cellular device's Wi-Fi.