[GH-ISSUE #3835] Is there a way to force a jail outside Network Manager systemwide VPN? #2415

New issue

Open

opened 2026-05-05 09:05:29 -06:00 by gitea-mirror · 2 comments

gitea-mirror commented

2026-05-05 09:05:29 -06:00

Owner

Originally created by @Futureknows on GitHub (Dec 17, 2020).
Original GitHub issue: https://github.com/netblue30/firejail/issues/3835

Once I enable a OpenVPN connection using network manager, is there a way to force discrete jails to connect outside the tunnel? If I use --net=enp10s0 (the default ethernet interface) it still tunnels through the OpenVPN connection. Sometimes if I open firejails this way before establishing an OpenVPN through Network manager, they remain discrete, but after enabling OpenVPN, subsequent enp10s0 jails get routed through the tunnel.

Originally created by @Futureknows on GitHub (Dec 17, 2020). Original GitHub issue: https://github.com/netblue30/firejail/issues/3835 Once I enable a OpenVPN connection using network manager, is there a way to force discrete jails to connect outside the tunnel? If I use --net=enp10s0 (the default ethernet interface) it still tunnels through the OpenVPN connection. Sometimes if I open firejails this way _before_ establishing an OpenVPN through Network manager, they remain discrete, but after enabling OpenVPN, subsequent enp10s0 jails get routed through the tunnel.

gitea-mirror added the

networking

label 2026-05-05 09:05:29 -06:00

gitea-mirror commented

2026-05-05 09:05:31 -06:00

Author

Owner

@rusty-snake commented on GitHub (Apr 6, 2021):

Maybe with --net=br0 and an bridge that has direct inet access.

@rusty-snake commented on GitHub (Apr 6, 2021): Maybe with `--net=br0` and an bridge that has direct inet access.

gitea-mirror commented

2026-05-05 09:05:32 -06:00

Author

Owner

@Futureknows commented on GitHub (Apr 6, 2021):

Thanks. I noticed if I launch a firejail on net=virbr0 (Redhat default
bridge) before I connect to a VPN with Network Manager, then I can run
inside and outside the systemwide VPN simultaneously with jails.
However, any firejails launched with *net=virbr0 *after connecting to a VPN
through Network manager, those firejails don't get a connection.
I'm sure this can be fixed with editing iptables but it's beyond me. It
would be a very handy feature.

On Tue, Apr 6, 2021 at 7:28 AM rusty-snake @.***> wrote:

Maybe with --net=br0 and an bridge that has direct inet access.

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
https://github.com/netblue30/firejail/issues/3835#issuecomment-814166517,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AFAS623OZS4YZI5CNYMLKWLTHMLBDANCNFSM4VACG35A
.

@Futureknows commented on GitHub (Apr 6, 2021): Thanks. I noticed if I launch a firejail on *net=virbr0* (Redhat default bridge) before I connect to a VPN with Network Manager, then I can run inside and outside the systemwide VPN simultaneously with jails. However, any firejails launched with *net=virbr0 *after connecting to a VPN through Network manager, those firejails don't get a connection. I'm sure this can be fixed with editing iptables but it's beyond me. It would be a very handy feature. On Tue, Apr 6, 2021 at 7:28 AM rusty-snake ***@***.***> wrote: > Maybe with --net=br0 and an bridge that has direct inet access. > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/netblue30/firejail/issues/3835#issuecomment-814166517>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AFAS623OZS4YZI5CNYMLKWLTHMLBDANCNFSM4VACG35A> > . >

gitea-mirror referenced this issue

2026-05-05 10:17:23 -06:00

[PR #2415] [MERGED] Add 'alternatives' to all private-etc lines #4294

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#2415

No description provided.

Rows
Columns