Can't get InternetAccessControl addon working (veyon-4.8.2 / Ubuntu-mate 20.04)
-
Hi,
I tried basic option : "Block with firewall, port 80,443 and 21" and it just does nothing :
No particular change in veyon master's ui's thumbnails, when I enabled the function (main menu bar or contextual menu on a single computer).
The information popup, when mouse over the thumbnails shows "features running : none" (not sure it is the exact translation).
On the client, I still can browse the whole internet, without any restriction.Documentation on this addon is... really minimal ;-), I found no post about this addon on this forum, neither on the internet.
Can someone explain how it does make it work (Ubuntu 22.04). Should ufw be activated on computers (which is not the case in ubuntu 22.04) ? Should I configure it (firewall) to make addon work ? how?... I made some tests, but no way to get it working, and I'm not really a specialist about firewalls and routing.
Is there some clues I could find on client or master to debug the situation ? Where ?.... What change should I find on client when it works (conf, services...)?I really need help on this, because this is probably one of the most important feature for teachers (exam context, for example).
Of course, I bought the license for this addon
Regards
E.T. -
Hi,
I answer to myself, in case it could help others.First, addon has to be installed on both clients and master, but conf is needed only clients side (allowing different configuration on different clients).
To debug, you just have to usenft list rulesetbash command on clients to see if something changed and what.
When blocking is effective, you should get something like :table inet veyon_internet_access_control { }Empty, like upon, when blocking is inactive, or containing a list of rules (the rules you chosed), when blocking is active.
In Veyon Master interface, the notice of blocking active or not is not updating immediatly, but you can use F5 key to update it.
Maybe a visible change in blocked clients thumbnail could be a good thing ( strikethrough @ in the corner ?).For now, (in my tests), blocking doesn't work if a user is already connected (and unblock too). First, the user has to disconnect, then you (de)activate blocking, and then he connects back.
Hope it helps
E.T.
-
Some other usefull informations about this addon, from Todybox :
To get the last option working on linux (preconfigured firewall rule, asking for a name).
First, you have to write an nft conf file, containing your blocking rules (see nftables docs for that).
Then, put this file on clients in : /etc/veyon/iac/firewall/rules.d/ (create directories if needed, of course).
And put the name of this file in veyon-configurator (datafield "name").
On Linux, this option will launch the following command on clients when activating Internet blocking on master :nft -f /etc/veyon/iac/firewall/rules.d/myfilewhere "myfile" is the name you declared in veyon-configrator
It works fine, I tested...
E.T.
-
I forgot something in my previous post :
VERY IMPORTANT : The table in your nft file must be named like the file (the name you gave in veyon-configurator) too, or you won't be able to deactivate blocking from master.
As example, if you declare "myfile" in veyon-configurator: On clients, you must put a file called myfile in /etc/veyon/iac/firewall/rules.d/, containing your rules, and the table in this file must be called myfile too :table inet myfile {Don't forget to activate InternetAccessControl/UnblockOnServiceStart=true in veyon config, this is the best (only?) way to be sure internet is available for next users, without any need to do anything (automatically deactivates blocking on clients when the user logs out, or reboots).
Finally got all this running like I wanted to...
Thanks to Todybox for his precious help (and job on Veyon, of course).E.T.