Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add DNS Management and Kill Switch options to setup #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

zefie
Copy link

@zefie zefie commented Jun 26, 2021

Made this setup for a custom docker-compose, kill switch does appear to work, or at least a test with curl using the socks proxy wouldn't connect to anything when I disconnected the VPN.

I've documented the effects of the DNS options in the comments of the config file.

Anyway, I figured I'd offer my modifications in case you are interested. Thanks for your initial work on it :)

@krey
Copy link
Owner

krey commented Jul 18, 2021

Hi @zefie

Thanks very much for the PR and sorry for the delay.

I don't know much about networks, but if I'm reading the Arch wiki's OpenVPN#Prevent_leaks_if_VPN_goes_down correctly, the concern is that the VPN goes down and then you start using the "regular" network connection.

This doesn't seem possible in the case of protonvpn-docker because the SOCKS server is configured to use the proton0 network interface. So as long as you're connecting to the SOCKS proxy (as in the curl example), you should be fine.

Please correct me if I'm wrong

@zefie
Copy link
Author

zefie commented Jul 19, 2021

Thank you for the reply. I will have to do more testing with the kill switch to verify it works as intended outside of the SOCKS proxy. I will let you know what I find.

@zefie
Copy link
Author

zefie commented Jul 20, 2021

After some further testing I have found the Kill Switch to be working. Other dockers in the compose routed through the protonvpn network cease working after a disconnection. However, it may work a bit too well, as you are not able to switch servers or reconnect to the VPN without restarting the protonvpn docker itself. (Eg once the first VPN connection disconnects, the Kill Switch enables, and nothing works until its restarted.)

@krey
Copy link
Owner

krey commented Jul 20, 2021

Let's say you have a script that downloads a bunch of webpages, but you wanna protect your identity.
You could do

protonvpn connect
curl https://example.com/first --output first
curl https://example.com/second --output second
...
curl https://example.com/last --output last
protonvpn disconnect

What if the vpn connection fails while downloading https://example.com/second?

curl will fail and every subsequent download will go through your physical network unprotected.

If you're using the kill switch however, protovpn will block all network traffic so all subsequent downloads will fail and your IP will be kept private.

Alternatively, you could run protonvpn-docker

docker-compose run --service-ports protonvpn-docker
curl -x socks5h://127.0.0.1:1080 https://example.com/first --output first
curl -x socks5h://127.0.0.1:1080 https://example.com/second --output second
...
curl -x socks5h://127.0.0.1:1080 https://example.com/last --output last
# stop docker

What if the vpn connection fails while downloading https://example.com/second?

Because of the fact that the proxy is bound to the container's proton0 interface, all subsequent downloads will fail and your IP will be kept private.

So the kill switch and the protonvpn-docker solve the same problem in different ways. Therefore I don't think protonvpn-docker benefits from protonvpn's kill switch functionality.

Let me know how you see it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants