I was also using the Micah Lee method with Mullvad - since Qubes 4.0 with no problems whatsoever until about a month ago. Then my vpn mysteriously stopped working also in Qubes. Like you, it did still work on my linux mint and win 10 dual boot and also on my graphene-os cell installations. It was beyond my abilities to find the cause and since I already had a Protonmail account, I upgraded that to the Unlimited option. I was then able to get ProtonVPN up and running, with a little help from the forum here. I still don’t know the cause of my Mullvad woes, but as my subscription was about to expire shortly and I was happy to make the switch to Proton. All is working fine now.
trying them, thankyou. Unfortunately, neither seems to work yet. The wireguard protocol just doesn’t connect (Mullvad support isn’t able to help yet) and on the OpenVPN protocol I can’t get a vif for some unknown reason…
Mine is working fine with Mulvad guide using proxy vm on Wireguard . I also installed the new Mulvad Browser (based on Tor Browser) which has a button that lets you change VPN servers from a drop down. I really like this set-up
Micah’s instructions use hard-coded IP addresses. This has a tendency to break down over time as VPN providers shift their IPs.
(Also, the Mullvad instructions are not great either, as they ask the user to do things like “Add the following to the file /rw/config/qubes-firewall-user-script be sure to change 10.137.0.47 to the IP that matches your vif*”.)
Qubes-vpn-support has been working fine with Mullvad. You could give that a try. Its also a lot more automated and simpler to setup.
Mullvad has been migrating to higher bandwidth servers, so many of their IPs and public keys are changing. Presently there are 77 servers with messages…
I am not having any luck with any protocol. The Mullvad wireguard protocol gets me furthest - wireguard is connecting from my sys-vpn, but no App-vm can connect to the internet through it.
I really don’t understand. I don’t know if my problem has started with a failing with Micah Lee’s protocol (as descibed above), or something more fundamental that’s happened with my system.
I am preparing to reinstall my system to get around this.
Reinstalling the system is a nuclear option for what is likely to be a
straightforward issue.
As you say that the sys-vpn is connecting (and presumably working fine
down the VPN), but no connected app-vm is working, the issue is almost
certainly in the nftables rules you are using to guide traffic to the
tunnel.
If you want to follow this, then take a look at your firewall on
sys-vpn. nft list table nat and nft list table filter will be of
help.
If you want a packaged solution, you could take a look at https://qubes.3isec.org/tasks.html
There’s a package for mullvad-vpn which will create the VPN qube, and
configure it correctly.
I never presume to speak for the Qubes team.
When I comment in the Forum or in the mailing lists I speak for myself.
Thank you, @unman. I would have investigated that package if I’d known. However, I have already pulled the trigger on the nuclear option and reinstalled.
With a new OS, I have Mullvad’s wireguard protocol working. I still cannot get their OpenVPN protocol to work (the App-vm can ping 8.8.8.8 and www.google.com, but no Firefox connection).