fix: handle KS failures for headless server#13
Open
Yujilik wants to merge 2 commits intoProtonVPN:stablefrom
Open
fix: handle KS failures for headless server#13Yujilik wants to merge 2 commits intoProtonVPN:stablefrom
Yujilik wants to merge 2 commits intoProtonVPN:stablefrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR addresses crashes on headless Linux environments by making kill switch operations conditional/fault-tolerant when the user has kill switch disabled, while still enforcing failures when kill switch protection is explicitly requested. It also adds a NetworkManager drop-in intended to allow NM to manage WireGuard devices so WireGuard connections don’t fail as “strictly unmanaged” on some distributions.
Changes:
- Make kill switch operations non-fatal when kill switch is OFF (log warnings instead), while propagating failures for ON/PERMANENT.
- Skip enabling kill switch during connection establishment when kill switch is OFF.
- Add and attempt to install a NetworkManager conf.d drop-in to allow WireGuard device management (plus Debian install mapping).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| setup.py | Adds post-install/develop hooks that copy an NM config to /etc and reload NetworkManager. |
| proton/vpn/core/connection.py | Wraps kill switch setting application in exception handling; warns instead of crashing when KS is OFF. |
| proton/vpn/connection/states.py | Adjusts state machine kill switch behavior to avoid KS calls when OFF; adds headless warning constant and additional exception swallowing. |
| debian/python3-proton-vpn-api-core.install | Installs the NM drop-in into /etc/NetworkManager/conf.d/ for Debian packaging. |
| config/10-protonvpn-wireguard.conf | Adds NM keyfile config intended to treat WireGuard devices as managed. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
protonvpn connectcrashed on headless servers (VPS, containers) because kill switch operations required NetworkManager with polkit privileges, kill switch methods were called unconditionally in every state transition, even when the user had disabled kill switch.Fix: