Kill switch functionality

mysteriumnetwork / node

Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol

https://mysterium.network

GNU General Public License v3.0

1.12k stars 311 forks source link

Kill switch functionality #3169

Closed chompomonim closed 3 years ago

chompomonim commented 3 years ago

The goal of kill switch is to prevent unintended exposure of dVPN user’s online information — location or IP address, in case when connection into exit node was lost (even if for couple of seconds) and VPN tunnel was destroyed.

Kill switch is OS dependant solution and we will need to make native implementations for all major platforms we're supporting:

[x] macOS #373
[x] windows #375
[x] android #3168

cvl commented 3 years ago

How's it going with this?

I saw there were some attempts to do this, yet it's not clear what's the current status, or how to use any of this kill-switch/reconnect features.

Is there any single dev I could ask the questions and get concrete answers?

This is probably the most critical feature, so communication and transparency would help.

chompomonim commented 3 years ago

I think kill switch is enabled by default for mobile since 0.47.0-rc3. @soffokl could you clarify on that? Also could you provide minimal instructions how to enable it on desktop?

cvl commented 3 years ago

Providing simple manual would take few minutes.

How to enable/disable kill-switch for Android, Desktop. Disable is also important, as it's an optional feature (i.e. user can decide to turn it off/on).

As mentioned in another issue, rc-3 breaks Android atm, so this needs to be addressed to be usable.

cvl commented 3 years ago

Any plans for implementing kill-switch in near future?

chompomonim commented 3 years ago

It is implemented.

cvl commented 3 years ago

How can anyone use it?

chompomonim commented 3 years ago

It is enabled by default in mobile app (v1.0+)

chompomonim commented 3 years ago

Here is comment by @soffokl done a few months ago:

It's required to set flag to enable it for now, since it's disabled by default:
config.Current.SetDefault(config.FlagKeepConnectedOnFail.Name, true)
https://github.com/mysteriumnetwork/node/pull/3248/files#diff-586acf11d35eb5e5dcd0f88f3356a0238827631b64093754d5ad359babdc9fd1R152

If this flag enabled, a connection will not be disconnected on errors and will be kept forever even if the provider stopped to respond. Only consumers can explicitly click the disconnect button to stop it.
All traffic keeps going through the tunnel, and not leaking directly.

You can find here how we're setting this flag: https://github.com/mysteriumnetwork/node/blob/3b0ab1cb979dd40c2f277d46b2767f230ba8c620/mobile/mysterium/entrypoint.go#L122

cvl commented 3 years ago

Please don't close the unresolved issues, or I'm wasting my and your time.

cvl commented 3 years ago

Reiterated the same old questions. https://github.com/mysteriumnetwork/node/issues/3341

It's better to invest 5 minutes elaborating on how to use it than wasting hours with back and forth bureaucratic answers.

cvl commented 3 years ago

Tried on desktop, not working. Here's some feedback: https://github.com/mysteriumnetwork/node/issues/3341