ufw

Problem with VPN

Bug #1662412 reported by NJ on 2017-02-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Gufw
Undecided
Unassigned
ufw
Undecided
Unassigned

Bug Description

My VPN seems to disable the firewall whilst it - the VPN - is connecting; or at least GUFW shows the firewall as disabled. Moreover, the firewall comes back on when the VPN is connected. Good! The problem is as follows.

*GUFW does not show the new - firewall re-enabled - state until GUFW is restarted (ie. until I've quit the program and restarted it).

Linux Mint 18.1 x64 Cinnamon.

costales (costales) on 2017-02-07
Changed in gui-ufw:
status: New → Invalid
NJ (joll-nicholas) wrote :

Pardon me, but surely it helps no-one, simply to mark this bug report as invalid with no explanation whatsoever.

costales (costales) wrote :

Derivated issue to ufw

Jamie Strandboge (jdstrand) wrote :

What vpn are you using and where did you get it from?

Changed in ufw:
status: New → Incomplete
NJ (joll-nicholas) wrote :

@Jamie

I've e-mailed you (on your ubuntu.com address).

Jamie Strandboge (jdstrand) wrote :

It sounds like the vpn is turning off the firewall and then turning it back on. Can you do these steps in a terminal:

1. sudo ufw status
2. start the vpn
3. while the vpn is connecting, run sudo ufw status
4. when the vpn is done connecting, run sudo ufw status

You'll have to time this right, but if the VPN is turning off ufw, this sounds like a bug in gufw not noticing the changes (which wouldn't be surprising, gufw expects to manage the firewall and the VPN is (perhaps) running commands out from under gufw.

NJ (joll-nicholas) wrote :

Jamie, I think you are onto something.

~ $ sudo ufw status
[sudo] password for [redacted]:
Status: active

To Action From
-- ------ ----
[rules redacted]

~ $ sudo ufw status
ERROR: problem running iptables: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

~ $ sudo ufw status
ERROR: problem running iptables: Another app is currently holding the xtables lock. Perhaps you want to use the -w option?

~ $ sudo ufw status
Status: active

To Action From
-- ------ ----
[Rules redacted]

~ $

Jamie Strandboge (jdstrand) wrote :

Since the VPN application is modifying the firewall, I don't see this as a bug in ufw (it does not have a long running process that needs to be alerted to changes). gufw would need support for being alerted to changes to the running firewall. I'm going to reopen the gufw task so the upstream developer can consider this.

Changed in gui-ufw:
status: Invalid → New
Changed in ufw:
status: Incomplete → Invalid
costales (costales) wrote :

Hi :) Track ufw status in not in the current scope of Gufw now, I'm sorry.
Best regards.

Changed in gui-ufw:
status: New → Won't Fix
NJ (joll-nicholas) wrote :

So, costales, and others: you are happy enough that gufw misreports the state of the firewall, even though thousands of people rely on your program to, among other things, check the state of the firewall?

Still, unless the problem has further forms (does it?), it will only be people using the VPN client in question who will suffer from the problem - and I myself have dropped the client in favour of OpenVPN.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers