Add “Block LAN traffic” action for untrusted networks

Question

Add “Block LAN traffic” action for untrusted networks

jurajhilje opened this issue a year ago · 7 comments

Description

In the Network Protection settings, add “Block LAN traffic” action for untrusted networks. Note that when enabled, this option overrides the same option in Settings -> Advanced.

Answer 1 · 2023-11-27T10:56:38.000Z

@gorkapernas Available for QA in 2.11.1 (1)

Answer 2 · 2023-11-27T14:20:07.000Z

Verified on 2.11.1 (1), see my comments below.

When enabling "Block LAN traffic" for untrusted networks, it seems like the action blocks LAN traffic regardless of the network trust status, so it doesn't matter if the network is untrusted or not.
When the app is connected to the VPN, enabling "Block LAN traffic" action does not ask the user to reconnect.

Suggestion:

It is suggested to add also a tooltip in the "Block LAN traffic" from he Advance settings, this would be consistent with the desktop apps. See message below from the desktop app for reference.

Suggested text: "Network Protection" actions for untrusted networks will override this option.

Answer 3 · 2023-11-29T10:15:57.000Z

@gorkapernas New build 2.11.1 (3) is available, with fixes and improvements for your last comment.

Answer 4 · 2023-11-29T16:01:22.000Z

Verified on version 2.11.1 (3), the fixes and suggestions from my last comment have been implemented correctly.
However, I'm still experiencing a couple of issues when enabling "Block LAN traffic" from the Advance settings.

"Block LAN traffic" action for untrusted networks doesn't seem to override the same option from Advance settings. When both "Block LAN traffic" options are enabled, but without setting any trust status, the local area network is still blocked. In this case, since the network was not set as untrusted, LAN access should be allowed.

Steps:

Enable Network Protection
Do not change any network trust status
Enable "Block LAN traffic" for untrusted networks in the Network Protection settings
Enable "Block LAN traffic" in Advance settings
Connect to the VPN
Observe that LAN access is blocked.

Frequently, the app fails to connect with WireGuard when "Block LAN traffic" from Advance settings is enabled (same option in Network Protection is disabled)

Steps:

Enable Network Protection
Enable "Block LAN traffic" in Advance settings
Connect to the VPN

Answer 5 · 2023-11-30T09:48:18.000Z

@gorkapernas New build 2.11.1 (6) is available:

Updated "Block LAN traffic" tooltip message to match Desktop app

Answer 6 · 2023-11-30T16:10:40.000Z

@gorkapernas New build 2.11.1 (7) is available:

Updated NP tooltip as discussed

Answer 7 · 2023-12-01T09:21:16.000Z

Verified on 2.11.1 (7), the tooltip has been updated correctly.
There are no more open issues and the feature works as expected, only when "Block LAN traffic" action is enabled and the user connects to an untrusted network, the LAN traffic is blocked.