[GH-ISSUE #1889] ExpressVPN internet issues (resolv.conf) #1270

New issue

Closed

opened 2026-05-05 07:45:39 -06:00 by gitea-mirror · 5 comments

gitea-mirror commented 2026-05-05 07:45:39 -06:00

Owner

Copy link

Originally created by @vguarnaccia on GitHub (Apr 15, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1889

Not sure if this is the best place to post this but I had an issue with the internet when using Firejail in conjunction with ExpressVPN.

After much troubling shooting, I realize it's because ExpressVPN symlinks /etc/resolv.conf -> /var/lib/expressvpn/resolv.conf. Ergo, I have to add whitelist /var/lib/expressvpn/resolv.conf to whitelist-var-common.local.

Originally created by @vguarnaccia on GitHub (Apr 15, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1889 Not sure if this is the best place to post this but I had an issue with the internet when using Firejail in conjunction with ExpressVPN. After much troubling shooting, I realize it's because ExpressVPN symlinks `/etc/resolv.conf` -> `/var/lib/expressvpn/resolv.conf`. Ergo, I have to add `whitelist /var/lib/expressvpn/resolv.conf` to `whitelist-var-common.local`.

gitea-mirror 2026-05-05 07:45:39 -06:00

• closed this issue
• added the
  networking
  label

gitea-mirror commented 2026-05-05 07:45:43 -06:00

Author

Owner

Copy link

@vguarnaccia commented on GitHub (Apr 20, 2018):

In order to use the browser plugin, one should whitelist all of /var/lib/expressvpn/.

<!-- gh-comment-id:382934043 --> @vguarnaccia commented on GitHub (Apr 20, 2018): In order to use the browser plugin, one should whitelist all of `/var/lib/expressvpn/`.

gitea-mirror commented 2026-05-05 07:45:45 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Apr 22, 2018):

If at all possible I'd recommend you instead use the native/real clients directly instead of using a wrapper as provided. ie. use OpenVPN or the NetworkManager VPN modules instead of the VPN providers program.

<!-- gh-comment-id:383343814 --> @SkewedZeppelin commented on GitHub (Apr 22, 2018): If at all possible I'd recommend you instead use the native/real clients directly instead of using a wrapper as provided. ie. use OpenVPN or the NetworkManager VPN modules instead of the VPN providers program.

gitea-mirror commented 2026-05-05 07:45:46 -06:00

Author

Owner

Copy link

@vguarnaccia commented on GitHub (Apr 22, 2018):

Do you think I should do so for security or performance reasons?

Thanks for replying.

<!-- gh-comment-id:383345804 --> @vguarnaccia commented on GitHub (Apr 22, 2018): Do you think I should do so for security or performance reasons? Thanks for replying.

gitea-mirror commented 2026-05-05 07:45:47 -06:00

Author

Owner

Copy link

@SkewedZeppelin commented on GitHub (Apr 22, 2018):

Assuming for example that it is just an (potentially outdated) OpenVPN client + wrapper:

Security: Newer versions might have more bugfixes.
Performance: Newer versions might have more optimizations
Privacy: You don't necessarily know what else the client might be doing
Your distro's version might also have more aggressive compiler options set which can be more secure (-fstack -fpie -fpic) and/or more performant (-O3)
etc.

at the same time the wrapper might be making extra changes to ensure that it is correctly working (ie. no dns leaks)

you gain some you lose some 😀

<!-- gh-comment-id:383349155 --> @SkewedZeppelin commented on GitHub (Apr 22, 2018): Assuming for example that it is just an (potentially outdated) OpenVPN client + wrapper: Security: Newer versions might have more bugfixes. Performance: Newer versions might have more optimizations Privacy: You don't necessarily know what else the client might be doing Your distro's version might also have more aggressive compiler options set which can be more secure (-fstack -fpie -fpic) and/or more performant (-O3) etc. at the same time the wrapper might be making extra changes to ensure that it is correctly working (ie. no dns leaks) you gain some you lose some :grinning:

gitea-mirror commented 2026-05-05 07:45:49 -06:00

Author

Owner

Copy link

@chiraag-nataraj commented on GitHub (May 2, 2018):

@SkewedZeppelin Completely OT, but this is why I've set up a mini router which sets up my VPN and ensures there are no DNS leaks and stuff. That way, I just let my laptop connect as normal without VPN. As a side bonus, anything which connects to the hotspot goes through the VPN :D

<!-- gh-comment-id:385984549 --> @chiraag-nataraj commented on GitHub (May 2, 2018): @SkewedZeppelin Completely OT, but this is why I've set up a mini router which sets up my VPN and ensures there are no DNS leaks and stuff. That way, I just let my laptop connect as normal without VPN. As a side bonus, anything which connects to the hotspot goes through the VPN :D

gitea-mirror referenced this issue 2026-05-05 10:10:06 -06:00

[PR #1270] [MERGED] completing noexec #3906

gitea-mirror referenced this issue 2026-05-05 10:10:21 -06:00

[PR #1315] [CLOSED] pulseaudio with whitelisting #3917

gitea-mirror referenced this issue 2026-05-05 10:10:40 -06:00

[PR #1380] [CLOSED] tidy up of disable-common.inc #3936

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

serialize_remounts_v2

landlock_v4

landlock

release-0.9.64

release-0.9.62

gitlab_ci

LTSbase

fred_ctests

docs

0.9.80

0.9.80-rc1

0.9.78

0.9.76

0.9.76-rc4

0.9.76-rc3

0.9.76-rc2

0.9.76-rc1

0.9.74

landlock-split

0.9.72

0.9.72rc1

0.9.70

0.9.68

0.9.68rc1

0.9.66

0.9.66rc1

0.9.64.4

0.9.64.2

0.9.64

0.9.64rc1

0.9.62.4

0.9.62.2

0.9.62

0.9.56.2-LTS

0.9.60

0.9.60-rc1

0.9.58.2

0.9.58

0.9.58-rc1

0.9.56-LTS-release

0.9.56-LTS

0.9.56

0.9.56-rc1

0.9.54

0.9.54-rc2

0.9.54-rc1

0.9.52

0.9.38.12

0.9.50

0.9.50-rc1

0.9.48

0.9.46

0.9.46-rc1

0.9.44.10

0.9.44.8

0.9.44.6

0.9.38.10

0.9.44.4

0.9.38.8

0.9.44.2

0.9.44

0.9.44-rc1

0.9.38.4

0.9.42

0.9.42-rc2

0.9.38.2

0.9.42-rc1

disable-globalcfg

0.9.40

0.9.40-rc1

0.9.38

0.9.38-rc1

0.9.36

0.9.36-rc1

0.9.34

0.9.34-rc1

0.9.32

0.9.32-rc1

0.9.30

0.9.30-rc1

Labels

Clear labels   

LTS merge

  

LTS merge

  

bug

  

bug

  

converted-to-discussion

  

doc-todo

  

documentation

  

duplicate

  

enhancement

  

file-transfer

  

firecfg

  

firejail-in-firejail

  

firetools

  

graphics

  

help wanted

  

information_old

  

installation

  

invalid

  

modif

  

moved

  

needinfo

  

networking

  

notabug

  

notourbug

  

old-version

  

overlayfs

  

packaging

  

profile-request

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question_old

  

removal

  

runtime-permissions

  

sandbox-ipc

  

security

  

stale

  

wiki

  

wiki

  

wontfix

  

wordpress

  

workaround

No labels

LTS merge

LTS merge

bug

bug

converted-to-discussion

doc-todo

documentation

duplicate

enhancement

file-transfer

firecfg

firejail-in-firejail

firetools

graphics

help wanted

information_old

installation

invalid

modif

moved

needinfo

networking

notabug

notourbug

old-version

overlayfs

packaging

profile-request

pull-request

question

question_old

removal

runtime-permissions

sandbox-ipc

security

stale

wiki

wiki

wontfix

wordpress

workaround

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1270

No description provided.