diff options
| author | Linus Färnstrand <linus@mullvad.net> | 2020-01-28 00:21:58 +0100 |
|---|---|---|
| committer | Linus Färnstrand <linus@mullvad.net> | 2020-01-29 13:01:39 +0100 |
| commit | 2023884fd9cd6a4c88a45c28b8158ed54f3441e6 (patch) | |
| tree | a11e91612ce4b419f0b651c6a20d3e608664add5 /docs | |
| parent | 8aed4f3be70c45e0b877a6bb18cf7eb19312e6f6 (diff) | |
| download | mullvadvpn-2023884fd9cd6a4c88a45c28b8158ed54f3441e6.tar.xz mullvadvpn-2023884fd9cd6a4c88a45c28b8158ed54f3441e6.zip | |
Rename blocked state to its new name, error
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/security.md | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/docs/security.md b/docs/security.md index d71e8345a8..4e0ff30c3b 100644 --- a/docs/security.md +++ b/docs/security.md @@ -33,7 +33,7 @@ An app with permission to act as a VPN service can request to open a VPN tunnel provide a set of IP networks it would like to have routed via itself. Doing so and specifying the routes `0/0` and `::0/0` forces all traffic to go via the app. That is what this app does both when it has a VPN tunnel up, but also when in a state where it would like to block all network -traffic. Such as the [connecting], [disconnecting] and [blocked] states. In these states, all +traffic. Such as the [connecting], [disconnecting] and [error] states. In these states, all packets are simply dropped. ### iOS @@ -99,7 +99,7 @@ This is the default state that the `mullvad-daemon` starts in when the device bo The disconnected state behaves very differently depending on the value of the "block when disconnected" setting. If this setting is enabled, the disconnected state behaves -like and has the same security properties as, the [blocked] state. If the setting is +like and has the same security properties as, the [error] state. If the setting is disabled (the default), then it is the only state where the app does not enforce any firewall rules. It then behaves the same as if the `mullvad-daemon` was not even running. It lets network traffic flow in and out of the computer freely. @@ -155,7 +155,7 @@ active. All states transitioning into this state, and all states this state late transitions to, have their own security policies. This state is just a short transition between those, while the app waits for a running tunnel to come down and clean up after itself. -### Blocked +### Error This state is only active when there is a problem/error. As described in other sections, the app will never unlock the firewall and allow network traffic outside the tunnel unless a @@ -172,6 +172,10 @@ This state locks the firewall so no traffic can flow (except the always active e informs the user what the problem is. The user must then explicitly click disconnect in order to unlock the firewall and get access to the internet again. +If the firewall integration fails, so this state fails to block traffic. Then it is not much +left the app can do to prevent leaks. It then informs the user of the seriousness of the +situation. + ## Kill switch The app has an always on "kill switch" that can't be disabled. There is no setting for it. @@ -194,7 +198,7 @@ we fail closed, meaning if the packets don't leave encrypted in the way the app then they can't leave at all. Essentially, one can say that the app's "kill switch" is the fact that the [connecting], -[disconnecting] and [blocked] states prevent leaks via firewall rules. +[disconnecting] and [error] states prevent leaks via firewall rules. ### Block when disconnected @@ -253,5 +257,5 @@ network connections. Except when the user sends a problem report, then it spawn [connecting]: #connecting [connected]: #connected [disconnecting]: #disconnecting -[blocked]: #blocked +[error]: #error [GUI]: #desktop-electron-gui |