Firejail: ExpressVPN issue

Created on 15 Apr 2018 · 5Comments · Source: netblue30/firejail

Not sure if this is the best place to post this but I had an issue with the internet when using Firejail in conjunction with ExpressVPN.

After much troubling shooting, I realize it's because ExpressVPN symlinks /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf. Ergo, I have to add whitelist /var/lib/expressvpn/resolv.conf to whitelist-var-common.local.

Source

vguarnaccia

Most helpful comment

If at all possible I'd recommend you instead use the native/real clients directly instead of using a wrapper as provided. ie. use OpenVPN or the NetworkManager VPN modules instead of the VPN providers program.

SkewedZeppelin on 22 Apr 2018

👍2

All 5 comments

In order to use the browser plugin, one should whitelist all of /var/lib/expressvpn/.

vguarnaccia on 20 Apr 2018

SkewedZeppelin on 22 Apr 2018

👍2

Do you think I should do so for security or performance reasons?

Thanks for replying.

vguarnaccia on 22 Apr 2018

Assuming for example that it is just an (potentially outdated) OpenVPN client + wrapper:

Security: Newer versions might have more bugfixes.
Performance: Newer versions might have more optimizations
Privacy: You don't necessarily know what else the client might be doing
Your distro's version might also have more aggressive compiler options set which can be more secure (-fstack -fpie -fpic) and/or more performant (-O3)
etc.

at the same time the wrapper might be making extra changes to ensure that it is correctly working (ie. no dns leaks)

you gain some you lose some :grinning:

SkewedZeppelin on 22 Apr 2018

👍1

@SkewedZeppelin Completely OT, but this is why I've set up a mini router which sets up my VPN and ensures there are no DNS leaks and stuff. That way, I just let my laptop connect as normal without VPN. As a side bonus, anything which connects to the hotspot goes through the VPN :D