mullvadvpn-app icon indicating copy to clipboard operation
mullvadvpn-app copied to clipboard

Published 20 hours ago verified publisher icon mullvad

Unable to communicate from a device running mullvad to devices on a statically routed subnet with local network sharing enabled

Open K4LCIFER opened this issue 1 year ago • 1 comments

Issue report

Operating system: Arch Linux

App version: 2022.2

Issue description

Say you have the following network: image Router A has a static route to the network of Router B, and vice versa. If Device A has Mullvad VPN running (with local network sharing enabled), it is unable to communicate to Device B, and vice versa. communication works as expected with Mullvad VPN disabled.

K4LCIFER avatar Aug 11 '22 06:08 K4LCIFER

You need to set up the correct routes on Device A. My guess is that device A only has a special route for 192.168.0.1/24 saying it's the local LAN and has no gateway. Similarly you need to add a route to device A to network 192.168.1.1/24 and say it's accessible via router A. If this is not there all traffic to 192.168.1.1/24 is routed via the default route, which the VPN picks up and sends in the encrypted tunnel.

Our app can't magically know what LAN networks are available behind routers etc. You need to either make router A advertise the 192.168.1.1/24 network via DHCP, or statically set that route up on device A.

It works without Mullvad because the traffic to your second LAN is matched against the default route, which in that case has router A as your gateway. It's sent to router A and router A knows to send it to router B. But with Mullvad on the default route is now the encrypted tunnel, and router A will never be able to see the traffic and redirect it.

faern avatar Aug 11 '22 06:08 faern

I have the same "problem" (as explained by @faern it's normal and expected), and whenever I need to access devices on "network B", I just manually add the route to the network via my router. In your case you would need to do

sudo ip r add 192.168.1.0/24 via 192.168.0.1

And mullvad will leave that traffic alone if you have local network sharing enabled.

you can add these (normally useless) routes to you NetworkManager configuration too.

kubrickfr avatar Aug 14 '22 17:08 kubrickfr

I'm closing this as I think we have provided the answer to the original question.

faern avatar Aug 15 '22 12:08 faern

Ran into this issue, too.

  • Option 1: Add static routes to device that is using Mullvad App image

  • Option 2: Add static routes to the interface (LAN) via rfc3442

    • Create the string value (click image below to go to calculator): image
    • Add option 121 to interface (for example, in OPNsense under Additional Options) image

After you've applied the settings, disconnect and then connect again and you should be good to go.

For my LAN I went with Option 2, but for a machine that I have on my guest network I went with Option 1 as to not broadcast my setup unnecessarily.

05nelsonm avatar Nov 30 '22 20:11 05nelsonm