ivpn / desktop-app-cli Goto Github PK
View Code? Open in Web Editor NEWOfficial IVPN command-line interface (CLI)
License: GNU General Public License v3.0
Official IVPN command-line interface (CLI)
License: GNU General Public License v3.0
This looks to be the same bug that gaalcaras had here in Issue 5. I am able to connect if I add the flag -fw_off
however cannot connect without it.
Try to connect to any server without specific flags. Tried a variety of them.
Unlike gaalcaras, I was able to get a log file.
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] Client connected: 127.0.0.1:48806
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] [<--] Hello
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.679 [prtcl ] [-->] HelloResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.680 [prtcl ] [<--] GetServers
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.680 [prtcl ] [-->] ServerListResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [<--] SetPreference
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] preferences enable_obfsproxy='false'
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [<--] Connect
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] Enter VPN status checker
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Connecting...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Initializing...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [prtcl ] [-->] VpnStateResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] Route change receiver started
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.682 [servc ] VPN state forwarder started
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [ovpn ] OpenVPN version:[2 4 4]
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [servc ] Initializing firewall
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.686 [frwl ] Getting status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.689 [frwl ] #011false
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.689 [frwl ] Enabling...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [frwl ] ERROR firewall.go:64:(in github.com/ivpn/desktop-app-daemon/service/firewall.SetEnabled): failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [servc ] ERROR service.go:625:(in github.com/ivpn/desktop-app-daemon/service.(*Service).connect): Failed to enable firewall:failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.695 [frwl ] Disabling...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.737 [frwl ] Getting status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [frwl ] #011false
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] KillSwitchStatusResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] Route change receiver stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] VPN state forwarder stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] VPN process stopped
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] ERROR service.go:390:(in github.com/ivpn/desktop-app-daemon/service.(*Service).keepConnection): Connection error: failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] ERROR protocol.go:834:(in github.com/ivpn/desktop-app-daemon/protocol.(*Protocol).processRequest): failed to change firewall state : failed to execute shell command: exit status 3
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] DisconnectedResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [servc ] Requesting session status...
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] Exit VPN status checker
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [<--] Disconnect
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.741 [prtcl ] [-->] DisconnectedResp
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.742 [prtcl ] Client disconnected: 127.0.0.1:48806
Jul 31 17:23:07 Media-Jordan ivpn-service[844]: Jul 31 17:23:07.742 [prtcl ] Current state not changing [KeepDaemonAlone=true]
Jul 31 17:23:08 Media-Jordan ivpn-service[844]: Jul 31 17:23:08.013 [servc ] Session status request: done
Connect to a server.
Have to log-in via 'ivpn login' after each update. As the updates come, it's getting increasingly annoying.
I enabled all options for LAN traffic. After a reboot my local subnet is missing in iptables while multicast isn't. I can't reach my routers webserver or sync my devices with syncthing. After disabling and enabling the firewall it works as expected.
โฏ ivpn firewall -status
Firewall : Enabled
Allow LAN : true
Persistent :true
Chain IVPN-IN-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- base-address.mcast.net/4 anywhere
ACCEPT all -- base-address.mcast.net/4 anywhere
Chain IVPN-OUT-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere base-address.mcast.net/4
Chain IVPN-IN-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- base-address.mcast.net/4 anywhere
ACCEPT all -- 192.168.178.0/24 anywhere
ACCEPT all -- base-address.mcast.net/4 anywhere
Chain IVPN-OUT-STAT-EXP (1 references)
target prot opt source destination
ACCEPT all -- anywhere base-address.mcast.net/4
ACCEPT all -- anywhere 192.168.178.0/24
ACCEPT all -- anywhere base-address.mcast.net/4
This has been going on for a long time but i decided to ask about it just now.
Pinging gives this output:
$ ivpn servers -ping
Pinging servers ...
Error: failed to ping servers
And here are the detailed logs:
Apr 22 17:54:05.958 [prtcl ] Client connected: 127.0.0.1:48212
Apr 22 17:54:06.036 [prtcl ] Connected binary (127.0.0.1:48212): '/usr/local/bin/ivpn'
Apr 22 17:54:06.036 [prtcl ] [<--] Hello
Apr 22 17:54:06.036 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]
Apr 22 17:54:06.036 [prtcl ] [-->] HelloResp
Apr 22 17:54:06.036 [prtcl ] [-->] ConnectedResp
Apr 22 17:54:06.036 [frwl ] Getting status...
Apr 22 17:54:06.037 [prtcl ] [<--] GetServers
Apr 22 17:54:06.037 [prtcl ] [-->] ServerListResp
Apr 22 17:54:06.043 [prtcl ] [<--] PingServers
Apr 22 17:54:06.043 [servc ] Servers pinging skipped due to connected state
Apr 22 17:54:06.043 [prtcl ] [-->] PingServersResp
Apr 22 17:54:06.044 [prtcl ] Client disconnected: 127.0.0.1:48212
Apr 22 17:54:06.044 [prtcl ] Current state not changing [KeepDaemonAlone=true]
Apr 22 17:54:06.048 [frwl ] true
Apr 22 17:54:06.048 [prttyp] ERROR types.go:48:(in github.com/ivpn/desktop-app-daemon/protocol/types.Send.func1): failed to send command to client: write tcp 127.0.0.1:37539->127.0.0.1:48212: use of closed network connection
Apr 22 17:54:08.503 [prtcl ] Client connected: 127.0.0.1:48214
Apr 22 17:54:08.579 [prtcl ] Connected binary (127.0.0.1:48214): '/usr/local/bin/ivpn'
Apr 22 17:54:08.579 [prtcl ] [<--] Hello
Apr 22 17:54:08.580 [prtcl ] Connected client version: '1.0' [set KeepDaemonAlone = true]
// TODO(you): code here to reproduce the problem
I'm trying to package the ivpn cli interface for Arch Linux.
The way AUR packages usually work is by pulling the sources and compiling from scratch. I'm having a hard time doing that manually on Arch Linux. Everything seems to compile just fine (daemon and cli both), but I fail to see how to launch the daemon as a service. How do I use the the ivpn-service
executable? Do I have to set up a systemd unit service or something? Any feedback on this would be greatly appreciated.
The current CLI in my opinion takes some effort to get used to. I switched over from another VPN product and I notice that their CLI was much easier to get started with.
I guess Edward De must've forwarded these suggestions already, but since it's opensource, I thought why not file them here as well :)
So, I'm on:
$ rpm -q ivpn
ivpn-2.12.16-1.x86_64
and I think the following would be nice to have:
a 'settings' option which prints all the current settings.
a 'set' option to conveniently set/change any of the settings
an 'autoconnect' setting, and/or systemd unitfile with sane default installed by the rpm itself so
that I don't have to setup my own autoconnect script / crontab.
tab completion
Setting dns servers per interface and not Global / leave resolv.conf untouched.
Currently, my Global DNS server gets set to w.x.y.z
. It would be nice if only wgivpn got set with that dns server while my /etc/resolv.conf
was left unchanged.
$ resolvectl status
Global
Protocols: LLMNR=resolve -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
Current DNS Server: w.x.y.z
DNS Servers: w.x.y.z
Link 2 (eth0)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Link 3 (wlan0)
Current Scopes: DNS LLMNR/IPv4 LLMNR/IPv6
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: a.b.c.d
DNS Servers: a.b.c.d e.f.g.h i.j.k.l
Link 5 (wgivpn)
Current Scopes: none
Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
I noticed that the latest upstream release is not available as an rpm. Any ETA?
Where can I find the rpm spec file for Fedora? Also, do you have any plans to include it in Fedora by default? I could volunteer some of my time if that's something you're interested in.
I've installed the client on my local network firewall (i.e not my personal computer) and it immediately cut my local network connectivity. I realized that it might have set some restrictive iptables rules. Then I flushed the iptables rules (with: iptables -F
) and then all subcommands of ivpn
hang. I tried to fix it by running:
# ivpn firewall -off
But this command hangs. Even running # ivpn
hangs. Two minutes later it shows the connection timeout message.
I realize that it hangs because it's unable to connect to the local managent port 127.0.0.1:45429. So it hangs for 2 minutes until the TCP connection times out.
Run:
# iptables -F INPUT
# iptables -P INPUT DROP
Then try running any subcommand of ivpn
cli.
Make the CLI listen for commands on a unix socket (e.g. /run/ivpn/management.sock
or /var/run/ivpn/management.sock
for older systems) instead of a TCP socket. This way the command could work even when the local firewall is messed up.
This solution of using a local unix socket instead of a TCP socket is used by many popular software (e.g. Docker, LXC, etc), even for HTTP requests. I guess it's not that difficult to add support for it (or even completely replace the TCP socket with it).
I guess that this repository is missing some files like firewall.sh
, client.up
, client.down
, install.sh
, install-path.sh
and most files from /usr/share/pleaserun/ivpn-service/
. It also appears that on directory References/Linux/scripts/
it's missing the build-all.sh
script.
If you can add those files to this repository it'd be easier to contribute with small suggestions and patches.
Could you make it easier to figure out how to allow LAN traffic?
Today I installed your application and found that I couldn't reach the file server in my LAN any more. Since I had just installed it a minute earlier I realised that it would be IVPN, and went looking for that in the -h
information in the CLI application. I saw that "Allow LAN" was set to "false" but couldn't find how to make it "true".
I looked for it here in your source code and found that this was part of the firewall configuration. I needed to call ivpn firewall -lan-allow
and then apparently ivpn firewall -off
and ivpn firewall -on
to make that change go into effect.
Not everyone has the knowledge to dig through the source code to find it, nor the intelligence that this feature could be part of the firewall.
I'd like to ask you to give this configuration a more prominent place in the -h
command. Perhaps you could add it to the tips?
You could also move this configuration outside of the firewall settings altogether, though that may not make sense for developing. Initially I was looking for a command like ivpn config
.
Or you could supply some complete documentation on the IVPN website through which I could search for the keyword "LAN".
It would be nice to see the Account ID in ivpn account
.
$ ivpn account
Account ID: FOO
Plan: FOO
Active until: FOO
It's seen in the desktop-ui as well as the android apps, but not in the cli app AFAICT.
Try to connect to any server. I get the same error with a variation of commands (-fastest
) and with both OpenVPN and Wireguard. Same error with ivpn firewall -on
.
I get this error message:
Error: failed to connect: failed to change firewall state : failed to execute shell command: exit status 3
For instance, ivpn connect ch.wg.ivpn.net
gives:
[WireGuard] Connecting to: Zurich, CH (Switzerland) ch.wg.ivpn.net UDP:2049...
Connecting...
Disconnecting...
Error: failed to connect: failed to change firewall state : failed to execute shell command: exit status 3
I checked the logs but they're completely empty.
Connect to a server :)
This probably involves 2 features:
Publish pre-release builds somewhere on the site and enable users to conveniently install them (eg. adding a custom repo to f-droid given official f-droid can be tedious RE: ivpn/android-app#27). Similar setup for pre-release builds on other platforms.
A guide page for ^
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.