Mullvad VPN GUI cuts out lan network

NovumGain · December 18, 2023, 9:21pm

As the title says, in any templateVM, mullvad makes all LAN IPs just vanish, when turned on. And yes, I’ve tried turning on the Local Network option. OpenVPN, Wireguard, none of them work. any ideas? i can’t seem to figure this out. I’m assuming it has to do with the firewall VM. My setup is currently Netvm → firewallvm → qube-with-mullvad. the ip I’m trying to connect to is connected to a switch, connected to my NAS.

i can ping the NAS until i turn the vpn on
(p.s., i am by far not used to qubes nor working. I’m a noob at both, although experienced at linux and general pc stuff)

NovumGain · December 18, 2023, 9:44pm

I’ve googled this for hours, and nobody seems to be having the same issue… thus leading me to believe it’s a qubes problem

Euwiiwueir · December 18, 2023, 10:36pm

You’re sure that this isn’t intentional behavior?

I don’t know how you have your VPN qube configured but if you’re otherwise happy with it you might try routing like this:

Netvm → firewallvm → qube-with-mullvad → [qubes that access WAN]
Netvm → firewallvm → [qubes that access LAN]

That is, don’t route local traffic through the VPN qube. The easy capability for this kind of configuration is a benefit of using Qubes.

NovumGain · December 18, 2023, 10:56pm

i originally tried that, but for some reason no LAN was able to be interacted with - so i opted to make it a single qube, since, i don’t need more than 1 mullvad qube (only for it to still not work) . that said, in the mullvad settings, there’s a setting for this, and i have it turned on, which implies it’s a qubes problem (I’m guessing one with iptables, but I’ve never dealt with them) - and incase it was a bug, i tried the CLI, still the same. to back that it’s qubes, there wasn’t anything about this online that i could find unrelated to qubes.

apparatus · December 18, 2023, 11:08pm

My guess is that it’s a general issue of Mullvad VPN app installed in VM and not specific to Qubes OS. I guess it’s determining your LAN subnet based on system network interface settings.

NovumGain · December 18, 2023, 11:15pm

more than likely - that said, it does work on a typical fedora install is the weird thing. that was my last install was fedora 37 - same version, strangely enough. and i could access LAN in retrospect. so yeah it’s a qubes-specific problem.

Euwiiwueir · December 18, 2023, 11:29pm

Kind-of an aside, but you’d probably be better served setting up a dedicated VPN qube rather than a multi-purpose qube in which you also run the Mullvad app (I think this is what you’re saying you’re doing, but I’m not certain). This ensures your traffic doesn’t accidentally go clear if e.g. the Mullvad app crashes.

The instructions here are up to date and not too tricky to follow:

This is also IMO more in line with “the Qubes way” and will guide you toward patterns of use that are more amenable to finding good help here, I think.

NovumGain · December 19, 2023, 12:06am

I agree – and thank you for that post – I had just figured out that it was wireguard that was the problem, then I saw your post, lol.

NovumGain · December 19, 2023, 1:02am

until the problem gets sold, my problem is temporarily fixed. i have to move stuff manually now, but at least that way it’s safer anyways. thank you everybody for the help