Wanted to share something I found out about today when I was troubleshooting Jellyfin, hopefully it will help people out. Jellyfin wouldn’t connect when I had LAN Connections enabled on ProtonVPN, so I contacted support. They let me know that having Kill Switch enabled with LAN connection is incompatible:

"…the Killswitch and Allow LAN connections features are mutually exclusive due to their functionality differences, you will be unable to utilize both of them at the same time.

Unfortunately, due to compatibility issues within these features and some users experiencing issues when utilizing both of them, our team decided to make them mutually exclusive, therefore, at this moment you will not be able to utilize the Killswitch feature and have access to your LAN, therefore, if you wish to have access to your LAN, we suggest you keep the Killswitch feature disabled."

Not sure I understand how the two settings are related, but good to know! Another note is that Split Tunneling had no effect on this, so clearly Kill Switch also effects apps that are excluded in split tunneling also.

  • FutileRecipe@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    3 months ago

    our team decided to make them mutually exclusive, therefore, at this moment you will not be able to utilize the Killswitch feature and have access to your LAN

    Yeah, I got the same reason when I asked about that issue with Android (GrapheneOS). I didn’t run into this issue on Windows. I don’t recall Mullvad running into this issue, either.

    ProtonVPN has also been the only known app impacting GrapheneOS shipping a DNS leak fix due to “Proton is doing something weird” that other apps aren’t doing. Proton is also convinced they’re programing their app correct and aren’t open to fixing it…whereas Mullvad did when prompted.

    Lastly…if the Killswitch and LAN access are mutually exclusive, why does Proton let me turn both on and not explain it? You’d think if you turned on the Killswitch, it would grey out the LAN access with a note saying you can’t have both. And if you try to turn on the LAN access with Killswitch on? It should pop up with a notification saying you can’t have both with a yes/no prompt to take you to the Killswitch settings to turn that off if desired.

    • ashaman2007@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Graphene here as well! I gave them that feedback in the support email chain… no reason to allow this setting combo without a warning. Also not clear why split tunnel doesn’t remedy this, I would have thought apps excluded via split tunnel would be exempt from the VPN while it is connected and Kill switch is active (although obviously it makes sense that nothing is excluded when kill switch activates on vpn disconnect)

  • originalucifer@moist.catsweat.com
    link
    fedilink
    arrow-up
    3
    ·
    3 months ago

    honestly, i expect this behavior with a kill switch.

    but i switched to an easier to manage prevention mechanism; you run your vpn connection in its own container using gluetun, and then run your torrent client (or whatever app youre locking down) in a container with its network defined as the vpn container. your lan access the downloads via the docker host.

    no muss, no fuss, no bleeding

    • ashaman2007@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      3 months ago

      Interesting! I have heard of gluetun but never tried it. What about the mobile scenario? In this case I was using Jellyfin client on Android to access the server on my PC

      • originalucifer@moist.catsweat.com
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        i use jellyfin also, but i dont hide it behind my VPN… no real reason to. it already has valid SSL cert, and user credentialing. so my jellyfin container uses the hosts network.

        i only really care about my ISP detecting torrent activity as they can shut me down.

        • ashaman2007@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          3 months ago

          Right, I don’t want to either… But apparently split tunnel doesn’t work as I expected, since Kill Switch still affects apps that are excluded in split tunnel

  • Kernal64@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    3
    ·
    3 months ago

    I am very confused by this. I have Proton VPN running on two machines, my Windows gaming PC and my old gaming PC that’s now working as a file server running Linux Mint. I have kill switch enabled on both. Jellyfin is running on the Mint PC (standard install, not Docker) and I regularly access it on my gaming PC via the browser. I can also access network drives from the Mint PC that I’ve mapped to the Windows PC. If I’m reading Proton’s response right, I shouldn’t be able to do this, yet I’ve been doing it for about a year.