ivpn / desktop-app

Official IVPN Desktop app

https://www.ivpn.net/apps/

GNU General Public License v3.0

322 stars 49 forks source link

(Linux) Raspberry Pi OS: split tunnel fails on iptables + --match cgroup #281

Open jordan-ivpn opened 1 year ago

jordan-ivpn commented 1 year ago

Bug report

Related to #223 [Linux] Raspberry Pi OS: firewall fails on iptables + --match cgroup

Describe your environment

Device: _____
OS name and version: __2023-05-03-raspios-bullseye-arm64___
IVPN app version: __3.10.15 CLI___

Describe the problem

Steps to reproduce:

$ ivpn splittun -appadd vncserver

Error: failed to enable Split Tunneling: (exit status 2) Warning: Default IPv6 gateway is not defined.
iptables v1.8.7 (nf_tables): Couldn’t load match ‘cgroup’ :No such file or directory
Try 'iptables -h’ or ‘iptables —help’ for more information.

Thanks.

via-justa commented 1 year ago

Facing the same issue with the latest build (3.10.23)

filipemp commented 1 year ago

This one is really harming. Let me know if you need some data to help debug this.

stenya commented 1 year ago

As mentioned here, the issue arises due to the missing cgroup match module for iptables on Raspberry Pi OS. As a result, the necessary commands for SplitTunneling functionality iptables ... -m cgroup --cgroup ... are failing.

So, it's more related to missing modules on the Raspberry Pi itself. At this time, I can't promise any estimates for when this Raspberry Pi-specific issue will be analyzed more deeply.

iiscosd3 commented 8 months ago

As mentioned here, the issue arises due to the missing cgroup match module for iptables on Raspberry Pi OS. As a result, the necessary commands for SplitTunneling functionality iptables ... -m cgroup --cgroup ... are failing.

So, it's more related to missing modules on the Raspberry Pi itself. At this time, I can't promise any estimates for when this Raspberry Pi-specific issue will be analyzed more deeply.

and what about non raspberry PI specific devices?

debian-12:~/Desktop# ivpn exclude firefox
Error: failed to enable Split Tunneling: (exit status 1) Warning: Default IPv6 gateway is not defined.
Warning: Default IPv6 interface is not defined.
/opt/ivpn/etc/splittun.sh: line 238: /etc/iproute2/rt_tables: No such file or directory

apt install iproute2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
iproute2 is already the newest version (6.5.0-5).
0 upgraded, 0 newly installed, 0 to remove and 373 not upgraded.

iiscosd3 commented 8 months ago

@stenya add a simple if doesnt exist - mkdir type thing on 238 for the fresh systems

stenya commented 8 months ago

@iiscosd3 Thank you for the report. The issue you describe differs from the issue described in the topic. Can you share the Linux distribution and its version you use? So we would be able to check and confirm the improvement you suggested.

iiscosd3 commented 7 months ago

@iiscosd3 Thank you for the report. The issue you describe differs from the issue described in the topic. Can you share the Linux distribution and its version you use? So we would be able to check and confirm the improvement you suggested.

No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux trixie/sid Release: n/a Codename: trixie

stenya commented 7 months ago

@iiscosd3 Thank you. The fix will be available in the next app version, which we plan to release soon. Here is the dedicated ticket for the issue you reported: https://github.com/ivpn/desktop-app/issues/309

iiscosd3 commented 7 months ago

@iiscosd3 Thank you. The fix will be available in the next app version, which we plan to release soon. Here is the dedicated ticket for the issue you reported: #309

its ok, thanks.