this post was submitted on 06 Aug 2024
12 points (100.0% liked)

Proton

5222 readers
75 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 1 year ago
MODERATORS
 

Wanted to share something I found out about today when I was troubleshooting Jellyfin, hopefully it will help people out. Jellyfin wouldn't connect when I had LAN Connections enabled on ProtonVPN, so I contacted support. They let me know that having Kill Switch enabled with LAN connection is incompatible:

"...the Killswitch and Allow LAN connections features are mutually exclusive due to their functionality differences, you will be unable to utilize both of them at the same time.

Unfortunately, due to compatibility issues within these features and some users experiencing issues when utilizing both of them, our team decided to make them mutually exclusive, therefore, at this moment you will not be able to utilize the Killswitch feature and have access to your LAN, therefore, if you wish to have access to your LAN, we suggest you keep the Killswitch feature disabled."

Not sure I understand how the two settings are related, but good to know! Another note is that Split Tunneling had no effect on this, so clearly Kill Switch also effects apps that are excluded in split tunneling also.

all 8 comments
sorted by: hot top controversial new old
[–] [email protected] 4 points 3 months ago (1 children)

our team decided to make them mutually exclusive, therefore, at this moment you will not be able to utilize the Killswitch feature and have access to your LAN

Yeah, I got the same reason when I asked about that issue with Android (GrapheneOS). I didn't run into this issue on Windows. I don't recall Mullvad running into this issue, either.

ProtonVPN has also been the only known app impacting GrapheneOS shipping a DNS leak fix due to "Proton is doing something weird" that other apps aren't doing. Proton is also convinced they're programing their app correct and aren't open to fixing it....whereas Mullvad did when prompted.

Lastly...if the Killswitch and LAN access are mutually exclusive, why does Proton let me turn both on and not explain it? You'd think if you turned on the Killswitch, it would grey out the LAN access with a note saying you can't have both. And if you try to turn on the LAN access with Killswitch on? It should pop up with a notification saying you can't have both with a yes/no prompt to take you to the Killswitch settings to turn that off if desired.

[–] [email protected] 2 points 3 months ago

Graphene here as well! I gave them that feedback in the support email chain... no reason to allow this setting combo without a warning. Also not clear why split tunnel doesn't remedy this, I would have thought apps excluded via split tunnel would be exempt from the VPN while it is connected and Kill switch is active (although obviously it makes sense that nothing is excluded when kill switch activates on vpn disconnect)

[–] [email protected] 3 points 3 months ago (1 children)

honestly, i expect this behavior with a kill switch.

but i switched to an easier to manage prevention mechanism; you run your vpn connection in its own container using gluetun, and then run your torrent client (or whatever app youre locking down) in a container with its network defined as the vpn container. your lan access the downloads via the docker host.

no muss, no fuss, no bleeding

[–] [email protected] 2 points 3 months ago (1 children)

Interesting! I have heard of gluetun but never tried it. What about the mobile scenario? In this case I was using Jellyfin client on Android to access the server on my PC

[–] [email protected] 1 points 3 months ago (1 children)

i use jellyfin also, but i dont hide it behind my VPN... no real reason to. it already has valid SSL cert, and user credentialing. so my jellyfin container uses the hosts network.

i only really care about my ISP detecting torrent activity as they can shut me down.

[–] [email protected] 1 points 3 months ago

Right, I don't want to either... But apparently split tunnel doesn't work as I expected, since Kill Switch still affects apps that are excluded in split tunnel

[–] [email protected] 3 points 3 months ago

I am very confused by this. I have Proton VPN running on two machines, my Windows gaming PC and my old gaming PC that's now working as a file server running Linux Mint. I have kill switch enabled on both. Jellyfin is running on the Mint PC (standard install, not Docker) and I regularly access it on my gaming PC via the browser. I can also access network drives from the Mint PC that I've mapped to the Windows PC. If I'm reading Proton's response right, I shouldn't be able to do this, yet I've been doing it for about a year.