VPN Provider IP Address Disclosure Fun
-
TL;DR: An attacker can find your real IP address if they can also forward a port on your VPN provider's external address.
Unless I'm misreading it in my post-Thanksgiving partial food coma, it seems like the easy fix is a floating rule on WAN(s) to block/reject outbound traffic going to your VPN provider's address except for the actual port used to make the VPN connection (e.g. 1194)
