Jump to content
Not connected, Your IP: 3.145.78.117

Recommended Posts

Posted ... (edited)

I cannot have eddie's netlock feature working in a qube in Qubes OS 4.
When trying to enable it within eddie-ui, I get a pop-up "Exception: Unable to initialize iptable_filter module".

The same with the cli:
$ eddie-ui -cli -netlock
(...)
Activation of Network Lock - Linux iptables
Exception: Unable to initialize iptable_filter module
(...)


This behavior was observed both in a Debian 10 qube and in a Fedora 32 qube. I don't get this error in a Debian 10 installed over bare metal. 

eddie ver. 2.18.9

Edited ... by Matthew P.
added eddie's version

Share this post


Link to post
Posted ... (edited)

Thank you for your answer.

Yes I did. However it concerns the use of the ordinary openvpn client, with fail-close filter rules to be applied manually.

For the sake of knowledge: I also tried with the Hummingbird client. It apparently succeeded to set the network lock in a Debian qube, though warning that "Kernel module iptable_filter not found" (maybe it's what Eddie didn't like?) and stating that "Network filter and lock is using iptables-legacy" despite Debian 10 using nftables. The result is a mixing of the qube's nftables rules and of the vpn client's iptables-legacy rules.
It goes better with ./hummingbird xxx.ovpn --network-lock nftables : the vpn client stops complaining about iptable_filter and sets a nftables network lock.
In both cases, however, hummingbirds' network lock puts a DROP in the forward chain including the tunnel interface, so the setting of a vpn gateway as per the documentation linked by @giganerd doesn't work.

Coming back to Eddie, perhaps the reported problem comes from its trying to use iptbles-legacy netlock mode too.

It's a pity, because the vpn client of another known vpn provider worked effortlessly in Debian qubes, included network lock compatibility with a vpn gateway. Perhaps I was just lucky?
 

Edited ... by Matthew P.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...