Firewall (?) problems using Mozilla VPN

jkcray · 10-25-2021, 05:51 AM

Hello.
I've downloaded and installed Mozilla VPN and currently using on 30 day trial.

I'm running Ubuntu 20.04.2 LTS.

The VPN works fine on my Android Tab & phone. And of course on my Ubuntu PC.

Unfortunately I can't connect via ssh (on a high number port, not default port) from my Android boxes to my Ubuntu PC if the Mozilla VPN is running on the PC AND my firewall is ON.

My firewall is Gufw v. 20.04.1.

My firewall works fine when the VPN is OFF - I can connect via ssh to the Ubuntu PC.

And I can connect via ssh to the Ubuntu PC when the VPN is ON but the firewall is OFF!

I should add that Wireguard is installed though not active afaik, could this be an issue?

I'd be very grateful for advice - maybe suggestions as to which log files I should look at.

Or suggestions for change(s) in firewall settings needed to make firewall play nicely with Mozilla VPN.

Many thanks.

Update: (26 Nov. 2021) Mozilla have confirmed to me that

Quote:

Our development team has identified an issue with the current version of the VPN not allowing a connection to the local network, such as printers, even with the Local Network Access option enabled. They are working to have this corrected, possibly on the next update. In the meantime you would need to temporarily turn off the VPN when you need access to the your local network. Once the new update is available, you will be notified.

Output from sudo ufw status (xxxx is my high number port for ssh):

Code:

Status: active

To                         Action      From
--                         ------      ----
993                        ALLOW       Anywhere                  
587                        ALLOW       Anywhere                  
443                        ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
22/tcp                     ALLOW       Anywhere                  
xxxx                       ALLOW       Anywhere                   (log)
192.168.1.20 xxxx          ALLOW       Anywhere                   (log)
192.168.1.20 xxxx          ALLOW       192.168.1.6 xxxx           (log)
xxxx (v6)                  ALLOW       Anywhere (v6)              (log)
993 (v6)                   ALLOW       Anywhere (v6)             
587 (v6)                   ALLOW       Anywhere (v6)             
443 (v6)                   ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
22/tcp (v6)                ALLOW       Anywhere (v6)             

xxxx                       ALLOW OUT   Anywhere                  
993                        ALLOW OUT   Anywhere                  
587                        ALLOW OUT   Anywhere                  
443                        ALLOW OUT   Anywhere                  
80/tcp                     ALLOW OUT   Anywhere                  
xxxx (v6)                  ALLOW OUT   Anywhere (v6)             
993 (v6)                   ALLOW OUT   Anywhere (v6)             
587 (v6)                   ALLOW OUT   Anywhere (v6)             
443 (v6)                   ALLOW OUT   Anywhere (v6)             
80/tcp (v6)                ALLOW OUT   Anywhere (v6)

jkcray · 10-27-2021, 11:20 AM

Bump... Anyone?

boughtonp · 10-27-2021, 01:43 PM

Quote:

Originally Posted by jkcray

Bump... Anyone?

Anyone what?

Seems like you've identified a problem in a paid Mozilla product and asked both LQ and Mozilla about it.
Mozilla confirmed the issue, provided a workaround, and said you will be notified when it's fixed.

What are you expecting from LQ?

jkcray · 10-27-2021, 01:55 PM

Quote:

Originally Posted by boughtonp

Anyone what?

Seems like you've identified a problem in a paid Mozilla product and asked both LQ and Mozilla about it.
Mozilla confirmed the issue, provided a workaround, and said you will be notified when it's fixed.

What are you expecting from LQ?

Mebbe a friendly reply. Or failing that some useful comment.

Turning the VPN off on my Linux box to allow local network SSH access to it isn't exactly a "workaround" given that I had mentioned that option in my emails to Mozilla.

I thought that some people here might have tried the Mozilla VPN, encountered the issue and perhaps found a fix.

Hey ho.

boughtonp · 10-27-2021, 03:57 PM

Well I guess it is possible someone here has found a fix and then decided not to share it with Mozilla.

The chances of anyone outside Mozilla suggesting a better workaround might be increased if the details of the issue identified by the dev team was shared...

jkcray · 10-27-2021, 04:23 PM

Quote:

Originally Posted by boughtonp

Well I guess it is possible someone here has found a fix and then decided not to share it with Mozilla.

The chances of anyone outside Mozilla suggesting a better workaround might be increased if the details of the issue identified by the dev team was shared...

Unfortunately the response from Mozilla (quoted above in the edit to my OP) was rather vague. No tech details.

Here it is again.

Quote:

Our development team has identified an issue with the current version of the VPN not allowing a connection to the local network, such as printers, even with the Local Network Access option enabled. They are working to have this corrected, possibly on the next update. In the meantime you would need to temporarily turn off the VPN when you need access to the your local network. Once the new update is available, you will be notified.

Anyway I'm prepared to wait a bit longer for a fix.

Thanks for the reply.