Jump to content
Not connected, Your IP: 35.168.62.171

Recommended Posts

Posted ... (edited)

I cannot have eddie's netlock feature working in a qube in Qubes OS 4.
When trying to enable it within eddie-ui, I get a pop-up "Exception: Unable to initialize iptable_filter module".

The same with the cli:
$ eddie-ui -cli -netlock
(...)
Activation of Network Lock - Linux iptables
Exception: Unable to initialize iptable_filter module
(...)


This behavior was observed both in a Debian 10 qube and in a Fedora 32 qube. I don't get this error in a Debian 10 installed over bare metal. 

eddie ver. 2.18.9

Edited ... by Matthew P.
added eddie's version

Share this post


Link to post

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
Posted ... (edited)

Thank you for your answer.

Yes I did. However it concerns the use of the ordinary openvpn client, with fail-close filter rules to be applied manually.

For the sake of knowledge: I also tried with the Hummingbird client. It apparently succeeded to set the network lock in a Debian qube, though warning that "Kernel module iptable_filter not found" (maybe it's what Eddie didn't like?) and stating that "Network filter and lock is using iptables-legacy" despite Debian 10 using nftables. The result is a mixing of the qube's nftables rules and of the vpn client's iptables-legacy rules.
It goes better with ./hummingbird xxx.ovpn --network-lock nftables : the vpn client stops complaining about iptable_filter and sets a nftables network lock.
In both cases, however, hummingbirds' network lock puts a DROP in the forward chain including the tunnel interface, so the setting of a vpn gateway as per the documentation linked by @giganerd doesn't work.

Coming back to Eddie, perhaps the reported problem comes from its trying to use iptbles-legacy netlock mode too.

It's a pity, because the vpn client of another known vpn provider worked effortlessly in Debian qubes, included network lock compatibility with a vpn gateway. Perhaps I was just lucky?
 

Edited ... by Matthew P.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...