You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I know this is an issue with the app, and contacting Mullvad support is not relevant.
I have checked if others have reported this already
I have checked the issue tracker to see if others have reported similar issues.
Current Behavior
Although 100.64.0.0/100 is part of the IPv4 reserved address blocks used for internal networks, it is not included in the list of allowed addresses when LAN access is unblocked.
Strictly speaking that range is for carrier-grade NAT, so it's debatable whether or not that should be considered LAN.
However, not adding this manually to to nftables means I can't use tailscale and mullvad concurrently.
I'm aware of tailscale's mullvad integration, but unfortunately since I use headscale and not the tailscale service, I can't yet utilize this functionality.
Expected Behavior
With tailscale enabled and connected, mullvad lan set allow, when connecting to mullvad traffic on the tailscale interface should not be blocked.
I can work around this using the following firewall rule:
table inet mullvadExclusions {
chain mullvadAllowTailsacle {
type route hook output priority -1; policy accept;
ip daddr 100.64.0.0/10 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
but it would be less brittle and more secure if I would not have to do that statically, since that would still be allowed if mullvad lan set block is configured.
Steps to Reproduce
tailscale up
mullvad lan set allow
tailscale ping ... (works)
mullvad connect
tailscale ping ... (no response)
mullvad disconnect
tailscale ping ... (works)
Failure Logs
No response
Operating system version
NixOS unstable (pre release 24.05)
Mullvad VPN app version
2023.6
Additional Information
No response
The text was updated successfully, but these errors were encountered:
You could for now manually add it towards talpid-core/src/firewall/mod.rs in the sourcecode at https://github.com/mullvad/mullvadvpn-app/blob/6868d3c3336a8289c56fdd978ad61ef8a19a7155/talpid-core/src/firewall/mod.rs
and modify ALLOWED_LAN_NETS
while rust code can be a bit scary i feel that this part is pretty self explanatory.
and then manually compiling from said modified source preferably with build.sh --optimized so you get a release build now i cannot guarantee this to work since i have yet to test it myself but it could be a stopgap solution for now.
Now only issue with this would be that you would not run the release version but the latest git commit unless you can figure out what commit they used to compile the latest release version.
Sure i'm comfortable making that change, nixpkgs uses a binary release so it might take me a bit to test it first, but happy to make the effort if this change is likely to get accepted. I'll follow up soon.
Is it a bug?
I have checked if others have reported this already
Current Behavior
Although 100.64.0.0/100 is part of the IPv4 reserved address blocks used for internal networks, it is not included in the list of allowed addresses when LAN access is unblocked.
Strictly speaking that range is for carrier-grade NAT, so it's debatable whether or not that should be considered LAN.
However, not adding this manually to to nftables means I can't use tailscale and mullvad concurrently.
I'm aware of tailscale's mullvad integration, but unfortunately since I use headscale and not the tailscale service, I can't yet utilize this functionality.
Expected Behavior
With tailscale enabled and connected,
mullvad lan set allow
, when connecting to mullvad traffic on the tailscale interface should not be blocked.I can work around this using the following firewall rule:
but it would be less brittle and more secure if I would not have to do that statically, since that would still be allowed if
mullvad lan set block
is configured.Steps to Reproduce
tailscale up
mullvad lan set allow
tailscale ping ...
(works)mullvad connect
tailscale ping ...
(no response)mullvad disconnect
tailscale ping ...
(works)Failure Logs
No response
Operating system version
NixOS unstable (pre release 24.05)
Mullvad VPN app version
2023.6
Additional Information
No response
The text was updated successfully, but these errors were encountered: