VPN hijacking on Linux (and beyond) systems

William Tolley has disclosed a severe VPN-related problem in most currentsystems: "I am reporting a vulnerability that exists on most Linux distros, andother *nix operating systems which allows a network adjacent attackerto determine if another user is connected to a VPN, the virtual IPaddress they have been assigned by the VPN server, and whether or notthere is an active connection to a given website. Additionally, we areable to determine the exact seq and ack numbers by counting encryptedpackets and/or examining their size. This allows us to inject data intothe TCP stream and hijack connections." There are various partialmitigations available, but a full solution to the problem has not yet beenworked out. Most VPNs are vulnerable, but Tor evidently is not.