3.18.2 - allowlist not persistent after reboot

Question

3.18.2 - allowlist not persistent after reboot

Closed this issue 2 months ago · 11 comments

raffi78 commented 5 months ago

cat /etc/debian_version

11.9

nordvpn --version

NordVPN Version 3.18.2

set lan discovery to ON
Kill Switch ON

After reboot:
persistence OK ->ping to another OK

set lan discovery to OFF
Kill Switch ON
set Allowlist 192.168.1.0/24 -> ping to another OK

After reboot:

ping to another KO
Kill Switch ON
allowlist remove all
set Allowlist 192.168.1.0/24 -> ping to another KO
allowlist remove all
set lan discovery to ON -> ping to another KO
restart nordvpnd.service -> ping to another OK
set lan discovery to OFF -> ping to another KO
set Allowlist 192.168.1.0/24 -> ping to another OK

After reboot:

ping to another KO.

Conclusion: sniff

Answer 1 · 2024-06-15T17:45:42.000Z

I seem to have the same issue after wake from suspend. Adding a private subnet to the allowlist works fine until the computer sleeps, but I cannot ping other LAN devices after wake. Lan-discovery works fine so I am using that instead. Linux Mint 21.3, NordVPN 3.18.2.

Answer 2 · 2024-06-17T07:16:17.000Z

Hi,
thanks for your feedback. we'll have a look over it and try to reproduce it.

Answer 3 · 2024-06-17T10:22:13.000Z

We've reproduced it on our side and registered a bug for it. It will be fixed in the upcoming release.
Until then, could you try to see if LAN discovery works fine for you too?

Answer 4 · 2024-06-20T09:23:45.000Z

hi,
i comfirm the LAN discovery works fine

Answer 5 · 2024-07-23T09:29:07.000Z

hi, @raffi78
3.18.3 was released with a possible fix for this. Could you give it a try and let us know if it works for you?

Answer 6 · 2024-07-25T10:00:18.000Z

hi, @raffi78 3.18.3 was released with a possible fix for this. Could you give it a try and let us know if it works for you?

hello
ok i'll try
thx

Answer 7 · 2024-07-27T16:35:02.000Z

hello, I'd like to introduce a new event in this testing: docker

root@nas:~# nordvpn version
NordVPN Version 3.18.3

root@nas:~# docker version
Client: Docker Engine - Community
Version: 27.1.1
API version: 1.46
Go version: go1.21.12
Git commit: 6312585
Built: Tue Jul 23 19:57:29 2024
OS/Arch: linux/amd64
Context: default

Server: Docker Engine - Community
Engine:
Version: 27.1.1
API version: 1.46 (minimum version 1.24)
Go version: go1.21.12
Git commit: cc13f95
Built: Tue Jul 23 19:57:29 2024
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.7.19
GitCommit: 2bf793ef6dc9a18e00cb12efb64355c2c9d5eb41
runc:
Version: 1.7.19
GitCommit: v1.1.13-0-g58aa920
docker-init:
Version: 0.19.0
GitCommit: de40ad0

i start testing with this parameters of nordvpn

root@nas:~# nordvpn settings
Technology: NORDLYNX
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: enabled
Kill Switch: enabled
Threat Protection Lite: disabled
Notify: disabled
Tray: enabled
Auto-connect: enabled
IPv6: disabled
Meshnet: disabled
DNS: disabled
LAN Discovery: enabled
Virtual Location: enabled

and docker service on startup false.

nordpvn set lan discovery to OFF
nordvpn allowlist add subnet 192.1681.1.0/24 -> ping to another OK, but another services on subnet 192.168.1.xxx it's unreacheable (port 80, 9001, 22)

After reboot:

root@nas:~# systemctl status docker
● docker.service - Docker Application Container Engine
Loaded: loaded (/lib/systemd/system/docker.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/docker.service.d
└─waitAllMounts.conf
Active: inactive (dead)
TriggeredBy: ● docker.socket
Docs: https://docs.docker.com

root@nas:~# nordvpn settings
Technology: NORDLYNX
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: enabled
Kill Switch: enabled
Threat Protection Lite: disabled
Notify: disabled
Tray: enabled
Auto-connect: enabled
IPv6: disabled
Meshnet: disabled
DNS: disabled
LAN Discovery: disabled
Virtual Location: enabled
Allowlisted subnets:
192.168.1.0/24

persistence OK ->ping to another OK, another services on subnet 192.168.1.xxx all it's OK (port 80, 22)

systemctl start docker -> ping to another OK, but all services on the subnet 192.168.1.xxx it's KO (port 80, 9001, 22)
nordvpn d -> ping to another OK, all services on the subnet 192.168.1.xxx it's OK (port 80, 9001, 22)
nordvpn c -> ping to another OK, but all services on the subnet 192.168.1.xxx it's KO (port 80, 9001, 22)
systemctl stop docker -> ping to another OK, but all services on the subnet 192.168.1.xxx it's KO (port 80, 9001, 22)
nordvpn d -> ping to another OK, all services on the subnet 192.168.1.xxx it's OK (port 80, 9001, 22)
nordvpn c -> ping to another OK, but all services on the subnet 192.168.1.xxx it's KO (port 80, 9001, 22)
systemctl start docker -> ping to another OK, but all services on the subnet 192.168.1.xxx it's KO (port 80, 9001, 22)
nordvpn d -> ping to another OK, all services on the subnet 192.168.1.xxx it's OK (port 80, 9001, 22)
nordvpn allowlist remove all
nordvpn set lan-discovery on -> ping to another OK, all services on the subnet 192.168.1.xxx it's OK (port 80, 9001, 22)

After reboot:

persistence OK ->ping to another OK, another services on subnet 192.168.1.xxx all it's OK (port 80, 22)
systemctl start docker -> ping to another OK, all services on the subnet 192.168.1.xxx it's OK (port 80, 9001, 22)

What's wrong allowlist with docker ?

Answer 8 · 2024-07-29T09:40:14.000Z

Hi,
There was another ticket reported for allowlist and VM, #512.
I think it might be related to what you're experiencing with your VM.

Answer 9 · 2024-07-29T14:02:33.000Z

Hi, There was another ticket reported for allowlist and VM, #512. I think it might be related to what you're experiencing with your VM.

thx for the job

Answer 10 · 2024-08-23T11:17:01.000Z

@raffi78 Could you please try with the latest version 3.18.4?

Answer 11 · 2024-09-23T10:00:07.000Z

Closing it for now. If there are still issues please reopen it.
Thanks.