search

ProtonVPN / linux-cli

Official ProtonVPN Linux app (CLI)
https://protonvpn.com/download-linux
GNU General Public License v3.0
335 stars 43 forks source link

Kill Switch is Broken #17

Closed FlyingWaffleDev closed 3 years ago

FlyingWaffleDev commented 3 years ago

Kill switch does not work. Or rather, it works too well. When turning the kill switch on, it breaks the VPN connection and does not allow a reconnection without turning it off. When attempting the same thing in the GUI, it crashes the application entirely, then on restart shows that kill switch is enabled but also cannot (re)connect.

This is on Gentoo Linux, kernel 5.10.46, protonvpn-cli 3.7.1, gui 1.0.1, and nm-lib 3.3.1.

Screenshot_2021 06 25_11 37 30

calexandru2018 commented 3 years ago

Hey @FlyingWaffleDev

This should not be happening. Could you please contact support our customer support specialists at: https://protonvpn.com/support-form

FlyingWaffleDev commented 3 years ago

I put in a support request; went through the process, emailed back and forth, sent log files, did some tests as requested, etc. In the end support couldn't help, and said they were kicking the issue up to the devs.

Since I'm on Gentoo I'm essentially installing everything myself, so if there's anything else I can try or information I can provide I would be happy to.

FlyingWaffleDev commented 3 years ago

So as it turns out, protonvpn relies on a kernel feature that I didn't have enabled. I had some free time, and managed to track the issue to the "DUMMY" kernel option for 'Dummy net driver support'. If a kernel is built without this enabled, then protonvpn cannot create the dummy network adapters used for the kill switch feature.

calexandru2018 commented 3 years ago

@FlyingWaffleDev interesting, that is indeed s plausible explanation. We're you getting the 1000 permission denied error ?

FlyingWaffleDev commented 3 years ago

No, the only errors I was seeing were in journalctl or systemctl specifically from NetworkManager when I turned on the Killswitch and reconnected. I unfortunately didn't record all the errors, but it was something along the lines of "platform-linux do-add-link[ipv6leakintrf0/dummy]: failure 95".

After I rebuilt my kernel it also became apparent that two of protonvpn's network interfaces had not been succesfully created prior to that. The pvpnksintrf0 and ipv6leakintrf0 interfaces were not shown by ifconfig until I rebuilt my kernel.