Comments (8)
stenya
commented on May 31, 2024
1
Custom Firewall exceptions are implemented in v3.8.7.
Now, there is the possibility to exclude addresses or subnets that will be allowed through the firewall when enabled.
Example how to allow communication through exposed ports of docker container:
-
Check the local IP address of the docker interface:
-
Add docker interface IP to IVPN Firewall exceptions (the local IP of the default network interface can be added too)
from desktop-app.
stenya
commented on May 31, 2024
1
You can statically exclude the local network interface if you have problems with the "Allow LAN" functionality.
It is not required for solving Docker problems.
from desktop-app.
samsapti
commented on May 31, 2024
1
@stenya I have a different, but kinda similar issue. I am able start/stop Docker containers, but if I start a container with an exposed port, I am unable to connect to it via localhost. Only after running
ivpn firewall -lan_allow(which is already enabled) again am I able to connect to my Docker services. This is on Fedora Workstation 35 and Artix Linux.
For anyone else having the above problem:
I've managed to fix it by setting a persistent IP range in /etc/docker/daemon.json like so:
{
"default-address-pools": [
{
"base": "172.17.0.0/16",
"size": 24
}
],
"other_settings": "..."
}And adding 172.17.0.0/16 to IVPN firewall exceptions as described by @stenya above.
This will make sure that all new containers, and the docker daemon itself (the docker0 interface), will have an IP address in that range. Make sure to restart docker daemon for it to take effect.
from desktop-app.
samsapti
commented on May 31, 2024
@stenya I have a different, but kinda similar issue. I am able start/stop Docker containers, but if I start a container with an exposed port, I am unable to connect to it via localhost. Only after running ivpn firewall -lan_allow (which is already enabled) again am I able to connect to my Docker services. This is on Fedora Workstation 35 and Artix Linux.
from desktop-app.
stenya
commented on May 31, 2024
@theanonymousexyz Which IVPN Client version do you use?
from desktop-app.
samsapti
commented on May 31, 2024
@theanonymousexyz Which IVPN Client version do you use?
@stenya CLI v3.7.0 on both distros. Installed from official channels.
from desktop-app.
samsapti
commented on May 31, 2024
@stenya thanks for the fix. I which cases would you exclude the default network interface?
from desktop-app.
samsapti
commented on May 31, 2024
Bonus tip: If you want IPv6 connectivity for Docker, make sure to add the fixed IPv6 CIDR from Docker config to IVPN exceptions. In my case, I have the following in /etc/docker/daemon.json:
{
"ipv6": true,
"fixed-cidr-v6": "fd00::/80"
}So I added fd00::/80 to IVPN exceptions.
from desktop-app.
Related Issues (20)
- Connection Restarts When Adding Another Split Tunnel Application
- (Windows) Unable to logout. HOT 4
- (Linux) firewall.sh processing IPv6 chains when IPv6 is disabled (Devuan 5, non-systemd)
- (Linux) Build fails on newer Fedora ARM distro (Fedora 39 Asahi Linux for Apple Silicon) HOT 1
- Blank GUI (Text Missing) on Fedora 39 HOT 2
- Add support for Device Management HOT 9
- Daemon error points at ivpn.net instead of app download page HOT 5
- Option to allow inter VLAN communication
- Firewall: LAN exception doesn't work on Qubes OS HOT 1
- Unable to connect after subscription expires and more time is added HOT 3
- [bug] The daemon does not start on macOS Sonoma sometimes HOT 4
- Change server/IP one click button
- (Linux) Split Tunnel Inverse mode blocks incoming network connections
- [BUG] Internet not working after editing /etc/systemd/resolved.conf file HOT 3
- App does not always remember obfuscation settings for OpenVPN
- failed to change firewall state : failed to execute shell command: exit status 4 HOT 1
- Fallback DNS IPv4
- IVPN and Discord web voice chat problem HOT 1
- Split Tunnel doesn't work with JDownloader2 HOT 1
- ARM support for IVPN Client
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from desktop-app.