firefox and expressvpn

Briefly describe your issue below:

Hello,

I just installed the latest 64-bit parrot security dist and when I enable my vpn firefox is not able to connect online. if a disable my vpn firefox is able to connect online…tor and chromium work with vpn enabled. I’m using expressvpn service.

thanks,
Nick

What version of Parrot are you running? (include version, edition, and architecture)

What method did you use to install Parrot? (Debian Standard / Debian GTK / parrot-experimental)

Configured to multiboot with other systems? (yes / no)

If there are any similar issues or solutions, link to them below:

If there are any error messages or relevant logs, post them below:

If you start firefox from terminal, does it give any hints at the problem?

What error message does firefox browser give you? Connection timed out ect…

terminal out on starting firefox:

┌─[spock@parrot]─[~]
└──╼ $firefox
Reading profile /etc/firejail/firefox.profile
Reading profile /etc/firejail/firefox-common.profile
Reading profile /etc/firejail/firefox-common-addons.inc
Reading profile /etc/firejail/disable-common.inc
Reading profile /etc/firejail/disable-devel.inc
Reading profile /etc/firejail/disable-interpreters.inc
Reading profile /etc/firejail/disable-programs.inc
Reading profile /etc/firejail/whitelist-common.inc
Reading profile /etc/firejail/whitelist-var-common.inc
Parent pid 3282, child pid 3283
Warning: skipping pango for private /etc
Warning: skipping asound.conf for private /etc
Warning: skipping pki for private /etc
Warning: skipping crypto-policies for private /etc
Warning fcopy: skipping /etc/alternatives/wine.pl.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi.ru.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi.pl.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi.ja.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/vi.da.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/fakeroot.sv.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/faked.sv.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex.ru.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex.pl.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex.ja.1.gz, cannot find inode
Warning fcopy: skipping /etc/alternatives/ex.da.1.gz, cannot find inode
Private /etc installed in 69.69 ms
Post-exec seccomp protector enabled
Seccomp list in: @clock,@cpu-emulation,@debug,@module,@obsolete,@raw-io,@reboot,@resources,@swap,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,ni_syscall,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount,umount2,userfaultfd,vhangup,vmsplice, check list: @default-keep, prelist: adjtimex,clock_adjtime,clock_settime,settimeofday,modify_ldt,lookup_dcookie,perf_event_open,process_vm_writev,delete_module,finit_module,init_module,_sysctl,afs_syscall,create_module,get_kernel_syms,getpmsg,putpmsg,query_module,security,sysfs,tuxcall,uselib,ustat,vserver,ioperm,iopl,kexec_load,kexec_file_load,reboot,set_mempolicy,migrate_pages,move_pages,mbind,swapon,swapoff,acct,add_key,bpf,fanotify_init,io_cancel,io_destroy,io_getevents,io_setup,io_submit,ioprio_set,kcmp,keyctl,mount,name_to_handle_at,nfsservctl,open_by_handle_at,personality,pivot_root,process_vm_readv,ptrace,remap_file_pages,request_key,setdomainname,sethostname,syslog,umount2,userfaultfd,vhangup,vmsplice,
Child process initialized in 174.25 ms

Parent is shutting down, bye…

when I first installed the expressvpn firefox extension it worked as soon as I restarted firefox the expressvpn extension is there but if i click on its icon in the upper right had corner and I click on it asks to install it but in the extensions menu its there and enabled?

Here is the extension:

Ok its a plugin.
Might be worth trying firefox without sandboxing, see if it works then. Could be preventing the extension fully loading, hence asking to re-install.

From the console: firejail --noprofile firefox

If that works, we will have to look into modifying your firejail profiles.

ok running firejail --noprofile firefox works with the plugin.

I dont have much experience debugging and modifying firejail profiles, but i can offer a few suggestions.

The firejail manual, for reference: https://firejail.wordpress.com/features-3/man-firejail/

There are several extra logging options you can use, like --debug, --debug-blacklists. I would try a few of those (firejail --debug firefox), and see if the console outputs exactly what was blocked.

As you can see when you start firefox (firejail firefox) it lists all the profiles loaded. You can edit them, but they will be overwritten on updates. If you find a fix you will want to put it in a .local file.

Probably the easiest way, is to start firefox using --build (firejail --build firefox). When firefox starts, make sure the plugin has loaded and works, then exit firefox. Now go back to the command line, you will see firejail has created a profile, based off of how you used firefox. Hopefully in there will be something related to your plugin like a whitelist, you will then need to add that to a .local file, or you can add it to ‘/etc/firejail/firefox.profile’ to test it.

ok thank you for your help! I’ll definitely look into firejail and debuggin with it.

cheers,
nick

1 Like