Issues configuring MullvadVPN Firewall settings

88uhbvpqboufpcez · July 30, 2022, 6:38pm

This is the doc in question that I followed: Mullvad on Qubes OS 4 - Guides | Mullvad VPN

I followed this article and I successfully configured everything above DNS Hijacking. After following the DNS Hijacking section, something went wrong. I believe I successfully configured the /rw/config/qubes-firewall-user-script, although I have no idea how to verify it (or even what the purpose of it was). I believe where I went wrong was the qvm-firewall terminal settings where you have to manually configure the firewall rules.

I followed the instructions exactly, but after doing so I could not access the internet in AppVMs with MullvadVPN set as their NetVM. I figured out how to reset the firewall settings and I’m able to get internet again.

Before resetting the firewall, I used the AppVM terminal and pinged google.com, and it said the packets were filtered. I assume this is because the ICMP protocol was set to drop - I don’t know much about networking but I thought if you don’t accept ICMP then how are you going to receive a response from a server?

I believe the issue was with the IP addresses I entered. I used Servers | Mullvad VPN to reference the IP addresses I want to use (instead of using the OpenVPN configuration file). I added the IPV6 and IPV4 addresses, hoping the IPV6 would take priority where available. Can someone help me out?

Kate · July 30, 2022, 7:06pm

I don’t use mullvad however checkout micahflee’s Using Mullvad In Qubes Guide, quite easy to follow, secure and works for any vpn.

Also, the purpose of the DNS hijacking script is to prevent dns leaks, in order to check if you have dns leaks use mullvad’s connection tool, it will tell you if you are leaking a non mullvad dns.

88uhbvpqboufpcez · July 30, 2022, 7:11pm

I did check for DNS leaks and there’s no leaks, without having configured the settings under DNS Hijacking. AFAIK, DNS Hijacking is possible even if you’re not leaking your DNS. It doesn’t prevent DNS leaks, it prevents a hacker from hijacking your DNS. I could be wrong.

TheGardner · August 1, 2022, 7:11am

had the same issues, after I setup a MullvadVM recently. Thing with the firewall settings was - the doc said “1. delete the ACCEPT rule & 2. add the DROP --before rule”. It finally worked, if you pass the first step and only add the DROP --before rule.
The doc accidentally is arguing, that you possibly have more ACCEPT rules in your firewall setting “for a new and just build qube” than just one.

88uhbvpqboufpcez · August 4, 2022, 12:17am

@TheGardner I ended up following micah lee’s guide instead and it seems more thorough and it works.