[bug] get openvpn from snap, disable ipv6 workaround

when using snap, at least in qubes there's an error if we pick openvpn
from the system. if we're executing from a snap, we should pick the
snap's openpvn.

also disabling for now the ipv6 workaround, since it fails when
attempting to setup the i6 addr on the interface. --pull-filter should
work here, see https://community.openvpn.net/openvpn/ticket/849

1 files changed, 6 insertions, 6 deletions

diff --git a/src/leap/bitmask/vpn/helpers/linux/bitmask-root b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
index c76100af..46794c59 100755
--- a/src/leap/bitmask/vpn/helpers/linux/bitmask-root
+++ b/src/leap/bitmask/vpn/helpers/linux/bitmask-root
@@ -362,13 +362,13 @@ def get_openvpn_bin():
     Return the path for either the system openvpn or the one the
     bundle has put there.
     """
+    if os.environ.get('SNAP') and os.path.isfile(OPENVPN_SNAP_BIN):
+        # the snap option should be removed from the debian package.
+        return OPENVPN_SNAP_BIN
+
     if os.path.isfile(OPENVPN_SYSTEM_BIN):
         return OPENVPN_SYSTEM_BIN
 
-    # the snap option should be removed from the debian package.
-    if os.path.isfile(OPENVPN_SNAP_BIN):
-        return OPENVPN_SNAP_BIN
-
     # the bundle option should also be removed from the debian.
     if os.path.isfile(OPENVPN_LEAP_BIN):
         return OPENVPN_LEAP_BIN
@@ -776,7 +776,7 @@ def firewall_start(args):
         elif QUBES_VER == 3:
             run("systemctl", "restart", "qubes-firewall.service")
 
-    toggle_ipv6('disable')
+    # toggle_ipv6('disable')
 
 
 def firewall_stop():
@@ -856,7 +856,7 @@ def firewall_stop():
               "chain (maybe it is already destroyed?)", exc)
         ok = False
 
-    toggle_ipv6('enable')
+    # toggle_ipv6('enable')
 
     if not (ok or ipv4_chain_exists or ipv6_chain_exists):
         raise Exception("firewall might still be left up. "