Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

no killswitch during start and restart #197

Open
hermann2971 opened this issue Sep 15, 2018 · 4 comments
Open

no killswitch during start and restart #197

hermann2971 opened this issue Sep 15, 2018 · 4 comments

Comments

@hermann2971
Copy link

Thanks for this great tool. I just installed it and did some tests. The killswitch works when no vpn connection is established. But during start or restart there is no blocking and all traffic goes through standard connection. Is there any possibillity to solve this issue?

Thanks a lot!
@jotyGill
Copy link
Owner

Cheers.
Well, when we are manually starting it with '-f' switch it needs to clear IPtables rules and apply new ones. But I see what you mean. When it is restarted or the connection completely dies and openpyn has to find a new server, Ideally traffic should be blocked during this time. The problem is, you can't talk to NordVPN's api or it's other servers without dropping the rules. So in the current situation either we can have the functionality of being able to switch to another server when connection dies (leaking traffic during transition) or not have the ability to auto fail-over to another server. I agree that traffic shouldn't be leaked unless at least the user manually restarts openpyn. I will rework the design to fix it.

@hermann2971
Copy link
Author

Hi,
thank you for your reply. Maybe it is possible to choose if the firewall should be temporary or permanent. And if the firewall is permanent you could ping the url of nordvpn api to get the ip and then create an exception for iptables (maybe ip will not change often). For permanent iptables it would also be great that stop of the service will not flush the tables. At the moment I have to change the service file manually to change behavior - just kill connection but do nut flush.

Thanks a lot

@ISO-morphism
Copy link

ISO-morphism commented Sep 27, 2018
edited
Loading

@hermann2971

For permanent iptables it would also be great that stop of the service will not flush the tables.

I agree, and I opened an issue for it in #202. I think the ideas of using custom iptables chains, and iptables -I to insert rules at the beginning of chains will help in the auto fail-over design.

@larry77
Copy link

larry77 commented Jun 8, 2019

Any progress on this? I see that nordvpn has released a linux app, but I would like to stick to this wonderful open source project!

jotyGill added a commit that referenced this issue Sep 12, 2019
@jotyGill
Allow all chosen servers ips through FW at once, fixes leak during
27d5916 
failovers #197 #119 auto download configs of new servers if not found #227
jotyGill added a commit that referenced this issue Sep 12, 2019
@jotyGill
Now killswitch can only be cleared with 'openpyn -x' #119 #197
7a968f2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@larry77 @jotyGill @hermann2971 @ISO-morphism