search

ivpn / desktop-app

Official IVPN Desktop app
https://www.ivpn.net/apps/
GNU General Public License v3.0
322 stars 48 forks source link

Firewall: LAN exception doesn't work on Qubes OS #351

Open rapenne-s opened 5 months ago

rapenne-s commented 5 months ago

Bug report

Describe your environment

Describe the problem

On Qubes OS, when using the App in a NetVM qube providing network to other qubes, the lan exception doesn't work.

Steps to reproduce:

  1. install the App in a qube, make it providing network to other
  2. enable the lan exception setting in the qube
  3. try to reach a LAN device (10.42.42.42 on my network for instance), either from the qube with the app or a qube using it as a netvm
  4. no reply over the network

Observed Results:

There are no network being forwarded there

Expected Results:

Qubes should be able to reach LAN devices

Solution:

I came up with a script injecting the bypass rules for the hosts I want, it's hooked like the other qubes os specific scripts to run when the firewall is being toggled on/off.

#!/bin/sh

nft insert rule qubes custom-forward ip daddr 10.42.42.0/24 counter accept
nft insert rule filter FORWARD ip daddr 10.42.42.0/24 counter accept
nft insert rule filter FORWARD ip saddr 10.42.42.0/24 counter accept
stenya commented 4 months ago

Just for reference, not to forget: https://github.com/ivpn/desktop-app/issues/217