LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Firewall (?) problems using Mozilla VPN (https://www.linuxquestions.org/questions/linux-networking-3/firewall-problems-using-mozilla-vpn-4175702577/)

jkcray 10-25-2021 05:51 AM
Firewall (?) problems using Mozilla VPN
 
Hello.
I've downloaded and installed Mozilla VPN and currently using on 30 day trial.

I'm running Ubuntu 20.04.2 LTS.

The VPN works fine on my Android Tab & phone. And of course on my Ubuntu PC.

Unfortunately I can't connect via ssh (on a high number port, not default port) from my Android boxes to my Ubuntu PC if the Mozilla VPN is running on the PC AND my firewall is ON.

My firewall is Gufw v. 20.04.1.

My firewall works fine when the VPN is OFF - I can connect via ssh to the Ubuntu PC.

And I can connect via ssh to the Ubuntu PC when the VPN is ON but the firewall is OFF!

I should add that Wireguard is installed though not active afaik, could this be an issue?

I'd be very grateful for advice - maybe suggestions as to which log files I should look at.

Or suggestions for change(s) in firewall settings needed to make firewall play nicely with Mozilla VPN.

Many thanks.

Update: (26 Nov. 2021) Mozilla have confirmed to me that

Quote:
Our development team has identified an issue with the current version of the VPN not allowing a connection to the local network, such as printers, even with the Local Network Access option enabled. They are working to have this corrected, possibly on the next update. In the meantime you would need to temporarily turn off the VPN when you need access to the your local network. Once the new update is available, you will be notified.
Output from sudo ufw status (xxxx is my high number port for ssh):

Code:
Status: active

To                        Action      From
--                        ------      ----
993                        ALLOW      Anywhere                 
587                        ALLOW      Anywhere                 
443                        ALLOW      Anywhere                 
80/tcp                    ALLOW      Anywhere                 
22/tcp                    ALLOW      Anywhere                 
xxxx                      ALLOW      Anywhere                  (log)
192.168.1.20 xxxx          ALLOW      Anywhere                  (log)
192.168.1.20 xxxx          ALLOW      192.168.1.6 xxxx          (log)
xxxx (v6)                  ALLOW      Anywhere (v6)              (log)
993 (v6)                  ALLOW      Anywhere (v6)           
587 (v6)                  ALLOW      Anywhere (v6)           
443 (v6)                  ALLOW      Anywhere (v6)           
80/tcp (v6)                ALLOW      Anywhere (v6)           
22/tcp (v6)                ALLOW      Anywhere (v6)           

xxxx                      ALLOW OUT  Anywhere                 
993                        ALLOW OUT  Anywhere                 
587                        ALLOW OUT  Anywhere                 
443                        ALLOW OUT  Anywhere                 
80/tcp                    ALLOW OUT  Anywhere                 
xxxx (v6)                  ALLOW OUT  Anywhere (v6)           
993 (v6)                  ALLOW OUT  Anywhere (v6)           
587 (v6)                  ALLOW OUT  Anywhere (v6)           
443 (v6)                  ALLOW OUT  Anywhere (v6)           
80/tcp (v6)                ALLOW OUT  Anywhere (v6)

jkcray 10-27-2021 11:20 AM
Bump... Anyone?

boughtonp 10-27-2021 01:43 PM
Quote:
Originally Posted by jkcray (Post 6296204)
Bump... Anyone?
Anyone what?

Seems like you've identified a problem in a paid Mozilla product and asked both LQ and Mozilla about it.
Mozilla confirmed the issue, provided a workaround, and said you will be notified when it's fixed.

What are you expecting from LQ?

jkcray 10-27-2021 01:55 PM
Quote:
Originally Posted by boughtonp (Post 6296230)
Anyone what?

Seems like you've identified a problem in a paid Mozilla product and asked both LQ and Mozilla about it.
Mozilla confirmed the issue, provided a workaround, and said you will be notified when it's fixed.

What are you expecting from LQ?
Mebbe a friendly reply. Or failing that some useful comment.

Turning the VPN off on my Linux box to allow local network SSH access to it isn't exactly a "workaround" given that I had mentioned that option in my emails to Mozilla.

I thought that some people here might have tried the Mozilla VPN, encountered the issue and perhaps found a fix.

Hey ho.

boughtonp 10-27-2021 03:57 PM

 
Well I guess it is possible someone here has found a fix and then decided not to share it with Mozilla.

The chances of anyone outside Mozilla suggesting a better workaround might be increased if the details of the issue identified by the dev team was shared...

jkcray 10-27-2021 04:23 PM
Quote:
Originally Posted by boughtonp (Post 6296255)
Well I guess it is possible someone here has found a fix and then decided not to share it with Mozilla.

The chances of anyone outside Mozilla suggesting a better workaround might be increased if the details of the issue identified by the dev team was shared...
Unfortunately the response from Mozilla (quoted above in the edit to my OP) was rather vague. No tech details.

Here it is again.

Quote:
Our development team has identified an issue with the current version of the VPN not allowing a connection to the local network, such as printers, even with the Local Network Access option enabled. They are working to have this corrected, possibly on the next update. In the meantime you would need to temporarily turn off the VPN when you need access to the your local network. Once the new update is available, you will be notified.
Anyway I'm prepared to wait a bit longer for a fix.

Thanks for the reply.


All times are GMT -5. The time now is 11:47 PM.