desktop-app icon indicating copy to clipboard operation
desktop-app copied to clipboard
verified publisher icon ivpn

Firewall: LAN exception doesn't work on Qubes OS

Open rapenne-s opened this issue 1 year ago • 1 comments

Bug report

Describe your environment

  • Device: Laptop
  • OS name and version: Fedora 38 on Qubes OS 4.2
  • IVPN app version: v3.13.4

Describe the problem

On Qubes OS, when using the App in a NetVM qube providing network to other qubes, the lan exception doesn't work.

Steps to reproduce:

  1. install the App in a qube, make it providing network to other
  2. enable the lan exception setting in the qube
  3. try to reach a LAN device (10.42.42.42 on my network for instance), either from the qube with the app or a qube using it as a netvm
  4. no reply over the network

Observed Results:

There are no network being forwarded there

Expected Results:

Qubes should be able to reach LAN devices

Solution:

I came up with a script injecting the bypass rules for the hosts I want, it's hooked like the other qubes os specific scripts to run when the firewall is being toggled on/off.

#!/bin/sh

nft insert rule qubes custom-forward ip daddr 10.42.42.0/24 counter accept
nft insert rule filter FORWARD ip daddr 10.42.42.0/24 counter accept
nft insert rule filter FORWARD ip saddr 10.42.42.0/24 counter accept

rapenne-s avatar Jan 26 '24 14:01 rapenne-s

Just for reference, not to forget: https://github.com/ivpn/desktop-app/issues/217

stenya avatar Feb 15 '24 07:02 stenya