Nordvpn on Kinoite

Hello,
I use Nordvpn but through Networkmanager instead of their app.

I do this cause I have had some bad experiences with their app, now that I use Kinoite it just makes things easier, although I miss several functions which the app has and which I don’t have now.
Is it possible to install the app in a toolbox so you don’t have to layer the software? Or will it not work then?

i never got it fully working on toolbox/distrobox it came up with permission, wheel groups couldent start it fully so best option is just layer it

I can only speak of MullvadVPN which has an RPM repo and works perfectly fine. In the past I layered their RPMs manually downloaded.

Toolbox uses a rootless Podman container, which means even executing sudo in there doesnt grant it access to your actual system directories.

Only the home is mounted into the container to have access to all user files.

So as no software inside the container can change anything outside home, logically it also cannot manipulate your network.

Android is way more advanced here, where the VPN functionality is done by the system and various unprivileged apps can just hook in there and get the access to control it. The system then passes all system traffic to the unprivileged app, which does the VPN routing (I guess).

Desktop Linux has quite some things to learn here.

Most notably, Networkmanager has no support for VPN killswitches, to block network when not being connected. This is crucial if you need anonymity or need to prevent leaks, like having a Torrent client running without a VPN.

Thus, the VPN clients from Mullvad and Proton integrate more features themselves, than what is natively available.

Somehow I thought so already but wasn’t sure, hence the question.
Thank you for you answer.

there is possible hard way to run it from docker with proxys, but that is hard way and easier is just layer it

Yes, that is one of the missing elements I wrote about. I guess I just keep using Network manager to handle the VPN.
Thanks.

nordVPN killswitch works perfectly just layer it autoconnect is awsome feature too and threatprotectionlite on DNS level

1 Like