Bug report

Describe your environment

• Device: HP Desktop
• OS name and version: Ubuntu 18.04.4 LTS
• IVPN app version: 2.12.4 (date:2020-06-30 commit:9bb26c28c067aba702c1a3e32ea1d1716d179fdd)

Describe the problem

This looks to be the same bug that gaalcaras had here in Issue 5. I am able to connect if I add the flag -fw_off however cannot connect without it.

Steps to reproduce:

Try to connect to any server without specific flags. Tried a variety of them.

Observed Results:

Unlike gaalcaras, I was able to get a log file.

Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] Client connected: 127.0.0.1:48806
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] [<--] Hello
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] [-->] HelloResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.680 [prtcl ] [<--] GetServers
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.680 [prtcl ] [-->] ServerListResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [<--] SetPreference
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] preferences enable_obfsproxy='false'
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [<--] Connect
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] Enter VPN status checker
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Connecting...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Initializing...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [-->] VpnStateResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Route change receiver started
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] VPN state forwarder started
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [ovpn  ] OpenVPN version:[2 4 4]
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [servc ] Initializing firewall
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [frwl  ] Getting status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.689 [frwl  ] #011false
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.689 [frwl  ] Enabling...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [frwl  ] ERROR firewall.go:64:(in github.com/ivpn/desktop-app-daemon/service/firewall.SetEnabled): failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [servc ] ERROR service.go:625:(in github.com/ivpn/desktop-app-daemon/service.(*Service).connect): Failed to enable firewall:failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [frwl  ] Disabling...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.737 [frwl  ] Getting status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [frwl  ] #011false
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] KillSwitchStatusResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] Route change receiver stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] VPN state forwarder stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] VPN process stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] ERROR service.go:390:(in github.com/ivpn/desktop-app-daemon/service.(*Service).keepConnection): Connection error: failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] ERROR protocol.go:834:(in github.com/ivpn/desktop-app-daemon/protocol.(*Protocol).processRequest): failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] DisconnectedResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] Requesting session status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] Exit VPN status checker
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [<--] Disconnect
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] DisconnectedResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.742 [prtcl ] Client disconnected: 127.0.0.1:48806
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.742 [prtcl ] Current state not changing [KeepDaemonAlone=true]
Jul 31 17:23:08 Media-Jordan ivpn-service[844]: Jul 31 17:23:08.013 [servc ] Session status request: done

Expected Results:

Connect to a server.

Bug report

Describe your environment

• Device: _____ desktop
• OS name and version: _____ ubuntu 20.04
• IVPN app version: _____ 2.12.1

Describe the problem

Have to log-in via 'ivpn login' after each update. As the updates come, it's getting increasingly annoying.

Bug report

Describe your environment

• Device: PC
• OS name and version: Arch Linux x86_64 5.11.6-arch1-1
• IVPN app version: 2.12.17-1

Describe the problem

I enabled all options for LAN traffic. After a reboot my local subnet is missing in iptables while multicast isn't. I can't reach my routers webserver or sync my devices with syncthing. After disabling and enabling the firewall it works as expected.

❯ ivpn firewall -status
Firewall : Enabled
Allow LAN : true
Persistent :true

Steps to reproduce:

1. Enabled Firewall
2. Enabled LAN Traffic
3. Autoconnect systemstart
4. LAN connection with syncthing

Observed Results:

Chain IVPN-IN-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- base-address.mcast.net/4 anywhere
ACCEPT all -- base-address.mcast.net/4 anywhere

Chain IVPN-OUT-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere base-address.mcast.net/4

Expected Results:

Chain IVPN-IN-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- base-address.mcast.net/4 anywhere
ACCEPT all -- 192.168.178.0/24 anywhere
ACCEPT all -- base-address.mcast.net/4 anywhere

Chain IVPN-OUT-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere 192.168.178.0/24
ACCEPT all -- anywhere base-address.mcast.net/4

Bug report

Describe your environment

• Device: Running it off of a USB drive that i plug into multiple laptops
• OS name and version: Artix Linux 64 bit Rolling distro, latest updates as of Apr 22
• IVPN app version: masterbranch (date:2021-04-22 commit:5da83001f9eda37005ba06dbeb9b9b8960a277d0)

Describe the problem

This has been going on for a long time but i decided to ask about it just now.

Pinging gives this output:

$ ivpn servers -ping
Pinging servers ...
Error: failed to ping servers

And here are the detailed logs:

Apr 22 17:54:05.958 [prtcl ] Client connected: 127.0.0.1:48212
Apr 22 17:54:06.036 [prtcl ] Connected binary (127.0.0.1:48212): '/usr/local/bin/ivpn'
Apr 22 17:54:06.036 [prtcl ] [<--] Hello
Apr 22 17:54:06.036 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]
Apr 22 17:54:06.036 [prtcl ] [-->] HelloResp
Apr 22 17:54:06.036 [prtcl ] [-->] ConnectedResp
Apr 22 17:54:06.036 [frwl  ] Getting status...
Apr 22 17:54:06.037 [prtcl ] [<--] GetServers
Apr 22 17:54:06.037 [prtcl ] [-->] ServerListResp
Apr 22 17:54:06.043 [prtcl ] [<--] PingServers
Apr 22 17:54:06.043 [servc ] Servers pinging skipped due to connected state
Apr 22 17:54:06.043 [prtcl ] [-->] PingServersResp
Apr 22 17:54:06.044 [prtcl ] Client disconnected: 127.0.0.1:48212
Apr 22 17:54:06.044 [prtcl ] Current state not changing [KeepDaemonAlone=true]
Apr 22 17:54:06.048 [frwl  ]    true
Apr 22 17:54:06.048 [prttyp] ERROR types.go:48:(in github.com/ivpn/desktop-app-daemon/protocol/types.Send.func1): failed to send command to client: write tcp 127.0.0.1:37539->127.0.0.1:48212: use of closed network connection
Apr 22 17:54:08.503 [prtcl ] Client connected: 127.0.0.1:48214
Apr 22 17:54:08.579 [prtcl ] Connected binary (127.0.0.1:48214): '/usr/local/bin/ivpn'
Apr 22 17:54:08.579 [prtcl ] [<--] Hello
Apr 22 17:54:08.580 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]

Steps to reproduce:

Observed Results:

• What happened? This could be a description, log output, etc.

Expected Results:

• What did you expect to happen?

Relevant Code:

// TODO(you): code here to reproduce the problem

Feature request

Description

I'm trying to package the ivpn cli interface for Arch Linux.

Describe the solution you'd like

The way AUR packages usually work is by pulling the sources and compiling from scratch. I'm having a hard time doing that manually on Arch Linux. Everything seems to compile just fine (daemon and cli both), but I fail to see how to launch the daemon as a service. How do I use the the ivpn-service executable? Do I have to set up a systemd unit service or something? Any feedback on this would be greatly appreciated.

Feature request

Description

The current CLI in my opinion takes some effort to get used to. I switched over from another VPN product and I notice that their CLI was much easier to get started with.

Describe the solution you'd like

I guess Edward De must've forwarded these suggestions already, but since it's opensource, I thought why not file them here as well :)

So, I'm on:

$ rpm -q ivpn
ivpn-2.12.16-1.x86_64

and I think the following would be nice to have:

1. a 'settings' option which prints all the current settings.

2. a 'set' option to conveniently set/change any of the settings

3. an 'autoconnect' setting, and/or systemd unitfile with sane default installed by the rpm itself so
   that I don't have to setup my own autoconnect script / crontab.

4. tab completion

5. Setting dns servers per interface and not Global / leave resolv.conf untouched.
   Currently, my Global DNS server gets set to w.x.y.z. It would be nice if only wgivpn got set with that dns server while my /etc/resolv.conf was left unchanged.

$ resolvectl status
Global
         Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
  resolv.conf mode: foreign                                              
Current DNS Server: w.x.y.z                                           
       DNS Servers: w.x.y.z                                           

Link 2 (eth0)
Current Scopes: none                                                        
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 3 (wlan0)
    Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6                                   
         Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: a.b.c.d                                               
       DNS Servers: a.b.c.d e.f.g.h i.j.k.l                    

Link 5 (wgivpn)
Current Scopes: none                                                        
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Misc

1. I noticed that the latest upstream release is not available as an rpm. Any ETA?

2. Where can I find the rpm spec file for Fedora? Also, do you have any plans to include it in Fedora by default? I could volunteer some of my time if that's something you're interested in.

Feature request

Description

• Device: Linux PC, amd64
• OS name and version: Ubuntu 18.04 LTS
• IVPN app version: 2.12.2

I've installed the client on my local network firewall (i.e not my personal computer) and it immediately cut my local network connectivity. I realized that it might have set some restrictive iptables rules. Then I flushed the iptables rules (with: iptables -F) and then all subcommands of ivpn hang. I tried to fix it by running:

# ivpn firewall -off

But this command hangs. Even running # ivpn hangs. Two minutes later it shows the connection timeout message.

I realize that it hangs because it's unable to connect to the local managent port 127.0.0.1:45429. So it hangs for 2 minutes until the TCP connection times out.

Steps to reproduce:

Run:
# iptables -F INPUT
# iptables -P INPUT DROP

Then try running any subcommand of ivpn cli.

Suggested solution

Make the CLI listen for commands on a unix socket (e.g. /run/ivpn/management.sock or /var/run/ivpn/management.sock for older systems) instead of a TCP socket. This way the command could work even when the local firewall is messed up.

This solution of using a local unix socket instead of a TCP socket is used by many popular software (e.g. Docker, LXC, etc), even for HTTP requests. I guess it's not that difficult to add support for it (or even completely replace the TCP socket with it).

Making it easier to contribute with pull requests

I guess that this repository is missing some files like firewall.sh, client.up, client.down, install.sh, install-path.sh and most files from /usr/share/pleaserun/ivpn-service/. It also appears that on directory References/Linux/scripts/ it's missing the build-all.sh script.

If you can add those files to this repository it'd be easier to contribute with small suggestions and patches.

Feature request

Could you make it easier to figure out how to allow LAN traffic?

Description

Today I installed your application and found that I couldn't reach the file server in my LAN any more. Since I had just installed it a minute earlier I realised that it would be IVPN, and went looking for that in the -h information in the CLI application. I saw that "Allow LAN" was set to "false" but couldn't find how to make it "true".

I looked for it here in your source code and found that this was part of the firewall configuration. I needed to call ivpn firewall -lan-allow and then apparently ivpn firewall -off and ivpn firewall -on to make that change go into effect.

Not everyone has the knowledge to dig through the source code to find it, nor the intelligence that this feature could be part of the firewall.

Describe the solution you'd like

I'd like to ask you to give this configuration a more prominent place in the -h command. Perhaps you could add it to the tips?

Describe alternatives you've considered

You could also move this configuration outside of the firewall settings altogether, though that may not make sense for developing. Initially I was looking for a command like ivpn config.
Or you could supply some complete documentation on the IVPN website through which I could search for the keyword "LAN".

Feature request

Description

It would be nice to see the Account ID in ivpn account.

Describe the solution you'd like

$ ivpn account
Account ID: FOO
Plan:      FOO
Active until: FOO

Describe alternatives you've considered

It's seen in the desktop-ui as well as the android apps, but not in the cli app AFAICT.

Bug report

Describe your environment

• Device: Thinkpad X1 Extreme
• OS name and version: ArchLinux
• IVPN app version: 2.12.3 (date:2020-06-13 commit:025fdcddb2e7b61c525fb8330d668094d8bd50b9)

Describe the problem

Steps to reproduce:

Try to connect to any server. I get the same error with a variation of commands (-fastest) and with both OpenVPN and Wireguard. Same error with ivpn firewall -on.

Observed Results:

I get this error message:

Error: failed to connect: failed to change firewall state : failed to execute shell command: exit status 3

For instance, ivpn connect ch.wg.ivpn.net gives:

[WireGuard] Connecting to: Zurich, CH (Switzerland) ch.wg.ivpn.net UDP:2049...
Connecting...
Disconnecting...
Error: failed to connect: failed to change firewall state : failed to execute shell command: exit status 3

I checked the logs but they're completely empty.

Expected Results:

Connect to a server :)

Feature request

Description

This probably involves 2 features:

1. Publish pre-release builds somewhere on the site and enable users to conveniently install them (eg. adding a custom repo to f-droid given official f-droid can be tedious RE: ivpn/android-app#27). Similar setup for pre-release builds on other platforms.

2. A guide page for ^