mullvadvpn-app icon indicating copy to clipboard operation
mullvadvpn-app copied to clipboard

Published 20 hours ago verified publisher icon mullvad

Torrenting does not work between two peers on the same LAN that are both running Mullvad with local network sharing enabled

Open K4LCIFER opened this issue 1 year ago • 4 comments

Issue report

Operating system: Arch Linux App version: 2022.2

Issue description

Torrenting does not work between two peers on the sam LAN which are both running MulvadVPN with local network sharing enabled. If one peer disables local network sharing, then the torrent works properly. I would imagine that torrents should work on the same LAN if local network sharing is enabled on both peers.

K4LCIFER avatar Jul 16 '22 21:07 K4LCIFER

If a peer has local network sharing disabled, the firewall should prevent all traffic to private IP ranges. Either we have a leak in our firewall rules, or you misinterpret that they are able to communicate over the LAN. Are you sure the torrent traffic is going directly between the peers on the LAN, and not via the tunnel and internet? How do you determine that's the case?

What IP ranges do you run on your LAN? I sit one of the ranges listed here under 4. If the "Allow LAN" setting is enabled, the following is also allowed:

faern avatar Jul 22 '22 08:07 faern

If a peer has local network sharing disabled, the firewall should prevent all traffic to private IP ranges.

The point that I was trying to make was that local network sharing seemed to not allow two different peers to communicate on the same local network.

K4LCIFER avatar Aug 11 '22 06:08 K4LCIFER

I suppose the issue here is the same one as in #3827. Probably a missing route. Your LAN is probably not correctly configured, but currently working by accident since all traffic goes via the router anyway without Mullvad

faern avatar Aug 11 '22 06:08 faern

No. This issue is completely unrelated to that one. This one was found with devices connected on the same LAN.

K4LCIFER avatar Aug 11 '22 07:08 K4LCIFER

Local Peer Discovery works with messages on UDP Multicast group 239.192.152.143:6771, which I suppose will be broken by mullvad whether in LAN sharing mode or not.

kubrickfr avatar Aug 14 '22 17:08 kubrickfr

Yes. Currently the 239.192.152.143 IP is not in the range of allowed LAN IPs in our code. See our security documentation. However, I see that 239.192.0.0/14 is supposed to be restricted to the local network, and is not valid on the public internet. So maybe we can add this network to the list of allowed outgoing IP ranges.. We'll discuss it.

faern avatar Aug 15 '22 12:08 faern

We'll consider maybe allowing all of 239.0.0.0/8 as it's defined as administratively scoped, all of it.

faern avatar Aug 15 '22 13:08 faern