As recently reported, there is a leak when using Linux under WSL2 (Windows subsystem for Linux 2). An investigation showed that other VPN software from different vendors is also vulnerable to this leak.
Using Linux under WSL2, the Linux guest bypasses all normal layers of the WSP (the firewall on the Windows host). This means that the traffic goes out of the network unfiltered because all blockings by the Windows firewall are ignored.
If a VPN tunnel is active, the Linux guest will send the traffic over the VPN without any leak. But if a connection is lost or the server is changed, the traffic goes out through the regular network, even when the VPN tunnel is activated permanently.
The problem is due to the virtual Hyper-V networking used by WSL2. The data packets passes the firewall of the host. Therefore the virtual Hyper-V Ethernet adapter can send and receive all packets of the Linux guest without being checked by the Windows Firewall. In the lower layers of WFP (OSI layer2) the forwarded (NATed) packets are inspected as normal Ethernet frames. This leak can also occur in Windows Sandbox or Docker if the guest uses Hyper-V for the network.
This problem is solved in the new version of the Windows VPN Manager. We redirect the route where the leak may occur to a non-existent IP address. We therefore strongly recommend an update to the new version which supports the so-called null routing.
Your Perfect Privacy Team