Mullvad VPN DNS Hijacking

Hello to everyone.

I set up the mullvad qube following this guide:

The mullvad vpn service qube works but i tested the dns with “dnsleaktest” and also with the mullvad extension on firefox and it shows me a dns leak to cloudflare.

Following the guide i edited the script and added values to properly config mullvad dns but nothing to do., the problem persist.
I found here a guide by Solene, Im wonder if there is a workaround using the guide by mullvad site

I don’t really find the root problem

Advices and helps are welcome

Thank you so much

1 Like

Hi,

By default, your VPN qube is still allowing qubes below to use Qubes OS internal DNS for resolving, they are using sys-firewall or sys-net.

You need to block this, and redirect requests to the DNS server you want to use.

1 Like

Thank you for helping me.
Im a little bit newbi, how can I do it?

Thank you

1 Like

I tried with AI advices but nothing… so frustrating

1 Like

Does it help if you run this in the vpn qube /usr/lib/qubes/qubes-setup-dnat-to-ns ?

1 Like

I post here the message it returns:

Traceback (most recent call last):
File “/usr/lib/qubes/qubes-setup-dnat-to-ns”, line 145, in
install_firewall_rules(get_dns_resolved())
File “/usr/lib/qubes/qubes-setup-dnat-to-ns”, line 133, in install_firewall_rules
old_rules = subprocess.check_output(
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/subprocess.py”, line 466, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/subprocess.py”, line 548, in run
with Popen(*popenargs, **kwargs) as process:
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/subprocess.py”, line 1024, in init
self._execute_child(args, executable, preexec_fn, close_fds,
File “/usr/lib/python3.11/subprocess.py”, line 1901, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: ‘nft’

I really don’t understand

1 Like

Weird, it looks like you do not have nftables installed, are you using a minimal template? nftables may be required.

1 Like

“sys mullvad” as a net cube based on a debian-12-xfce template

2 Likes

Some apps don’t use the system DNS. Like Firefox uses Cloudflare if you enable DNS over HTTPS. Make sure something like this is not the case.

3 Likes

Right, in addition, it is not clear whether @kabuto is using Firefox (ESR) or Mullvad Browser.

1 Like