Version 57 of the Mullvad client is now available for download.
This version introduces some pretty big changes although none that will be very apparent to users. The OpenVPN version which is bundled with the Windows client is upgraded to 2.3.9. This version introduces a new setting called '--block-outside-dns' which invokes the Windows Filtering Platform to block all DNS traffic on interfaces other than the tunnel interface. In practice, this means that DNS Leaks, both the original problem and the one introduced in Windows 8 and 10, is prevented by OpenVPN itself. This option will be enabled by default in version 57 but can be disabled in the advanced settings. The original 'Stop DNS Leaks' setting will remain for the time being and will work just as before. Note that this new feature is only available for Windows. The advanced setting for toggling this feature is present in all versions but has no effect on other platforms.
The second big update is related to the IP exposure via UDP ports vulnerability which we posted about around Christmas. Version 57 will include an OpenVPN plugin which blocks all incoming UDP traffic to interfaces other than the tunnel interface. The plugin is written by the same person who discovered the vulnerability, and who also wrote the patch for OpenVPN to include the '--block-outside-dns' setting mentioned above. We're incredibly grateful for their work.
While this plugin is only included in the Windows version, we have implemented corresponding solutions for OS X and Linux. This too, will be enabled by default but can be turned off in the advanced settings.
Alongside these changes, version 57 also includes a couple of bug fixes, the details of which can be found in the change log, as usual.