Closed Gin-no-kami closed 1 year ago
Does it work without the killswitch? i.e. --disable-killswitch
and if you use nftables
instead of iptables
?
Also make sure that Mullvad hasn't reset your keys - this happens occasionally. I'll try to test it with my own Mullvad user though.
I tried adding --no-killswitch
, using nftables
, and using --disable-ipv6
but I kept getting the same could not resolve hostname error.
Logs:
vopono -v exec --provider mullvad --server usa-uschi008 --firewall nftables --no-killswitch --disable-ipv6 "curl ifconfig.co/country"
2023-05-04T10:23:02.668Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.673Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
2023-05-04T10:23:02.673Z INFO vopono_core::util > Calling sudo for elevated privileges, current user will be used as default user
2023-05-04T10:23:02.673Z DEBUG vopono_core::util > Args: ["vopono", "-v", "exec", "--provider", "mullvad", "--server", "usa-uschi008", "--firewall", "nftables", "--no-killswitch", "--disable-ipv6", "curl ifconfig.co/country"]
2023-05-04T10:23:02.798Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.803Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
2023-05-04T10:23:02.803Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.804Z DEBUG vopono_core::util > Existing namespaces: []
2023-05-04T10:23:02.804Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.804Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "custom_config" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "custom_netns_name" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "open_hosts" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "allow_host_access" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "postup" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "predown" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "user" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "group" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "working-directory" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "dns" not found
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "protocol" not found
2023-05-04T10:23:02.804Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.804Z DEBUG vopono::exec > vopono config.toml: configuration property "interface" not found
2023-05-04T10:23:02.804Z DEBUG vopono_core::network::network_interface > ip addr
2023-05-04T10:23:02.805Z DEBUG vopono::exec > Interface: enp6s0
2023-05-04T10:23:02.805Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.806Z INFO vopono_core::util > Chosen config: /home/gin/.config/vopono/mv/wireguard/usa-uschi008.conf
2023-05-04T10:23:02.807Z DEBUG vopono_core::util > Existing namespaces: []
2023-05-04T10:23:02.807Z DEBUG vopono_core::util > ip netns add vopono_mv_usa-uschi008
2023-05-04T10:23:02.808Z INFO vopono_core::network::netns > Created new network namespace: vopono_mv_usa-uschi008
2023-05-04T10:23:02.808Z DEBUG vopono_core::util > Existing interfaces:
2023-05-04T10:23:02.809Z DEBUG vopono_core::util > Assigned IPs: []
2023-05-04T10:23:02.809Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip addr add 127.0.0.1/8 dev lo
2023-05-04T10:23:02.810Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip link set lo up
STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN
connected full enabled enabled missing enabled
2023-05-04T10:23:02.818Z DEBUG vopono_core::network::veth_pair > Detected NetworkManager running
2023-05-04T10:23:02.818Z DEBUG vopono_core::network::veth_pair > NetworkManager detected, adding _usa-uschi008_d to unmanaged devices
2023-05-04T10:23:02.818Z DEBUG vopono_core::network::veth_pair > Creating new NetworkManager config file: /etc/NetworkManager/conf.d/unmanaged.conf
2023-05-04T10:23:02.818Z DEBUG vopono_core::util > nmcli connection reload
2023-05-04T10:23:02.822Z DEBUG vopono_core::network::veth_pair > firewalld not detected running
2023-05-04T10:23:02.822Z DEBUG vopono_core::util > ip link add _usa-uschi008_d type veth peer name _usa-uschi008_s
2023-05-04T10:23:02.823Z DEBUG vopono_core::util > ip link set _usa-uschi008_d up
2023-05-04T10:23:02.824Z DEBUG vopono_core::util > ip link set _usa-uschi008_s netns vopono_mv_usa-uschi008 up
2023-05-04T10:23:02.881Z DEBUG vopono_core::util > ip addr add 10.200.1.1/24 dev _usa-uschi008_d
2023-05-04T10:23:02.881Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip addr add 10.200.1.2/24 dev _usa-uschi008_s
2023-05-04T10:23:02.883Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip route add default via 10.200.1.1 dev _usa-uschi008_s
2023-05-04T10:23:02.885Z INFO vopono_core::network::netns > IP address of namespace as seen from host: 10.200.1.2
2023-05-04T10:23:02.885Z INFO vopono_core::network::netns > IP address of host as seen from namespace: 10.200.1.1
2023-05-04T10:23:02.885Z DEBUG vopono_core::util > nft add table inet vopono_nat
2023-05-04T10:23:02.886Z DEBUG vopono_core::util > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
2023-05-04T10:23:02.887Z DEBUG vopono_core::util > nft add rule inet vopono_nat postrouting oifname enp6s0 ip saddr 10.200.1.0/24 counter masquerade
2023-05-04T10:23:02.889Z DEBUG vopono_core::util > nft add table inet vopono_bridge
2023-05-04T10:23:02.890Z DEBUG vopono_core::util > nft add chain inet vopono_bridge forward { type filter hook forward priority -10 ; }
2023-05-04T10:23:02.891Z DEBUG vopono_core::util > nft add rule inet vopono_bridge forward iifname _usa-uschi008_d oifname enp6s0 counter accept
2023-05-04T10:23:02.892Z DEBUG vopono_core::util > nft add rule inet vopono_bridge forward oifname _usa-uschi008_d iifname enp6s0 counter accept
2023-05-04T10:23:02.893Z DEBUG vopono_core::util > sysctl -q net.ipv4.ip_forward=1
2023-05-04T10:23:02.894Z DEBUG vopono_core::network::wireguard > Deserializing: 193.138.218.74 to Vec<IpAddr>
2023-05-04T10:23:02.894Z DEBUG vopono_core::network::wireguard > TOML config: WireguardConfig { interface: WireguardInterface { private_key: "REMOVEDFORPRIVACY", address: [10.67.64.81/32, fc00:bbbb:bbbb:bb01::4:4050/128], dns: Some([193.138.218.74]) }, peer: WireguardPeer { public_key: "REMOVEDFORPRIVACY", allowed_ips: [0.0.0.0/0, ::/0], endpoint: 68.235.43.90:51820, keepalive: None } }
2023-05-04T10:23:02.894Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip link add _usa-uschi008 type wireguard
2023-05-04T10:23:02.895Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 wg setconf _usa-uschi008 /tmp/vopono_nft.conf
2023-05-04T10:23:02.896Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip -4 address add 10.67.64.81/32 dev _usa-uschi008
2023-05-04T10:23:02.897Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip -6 address add fc00:bbbb:bbbb:bb01::4:4050/128 dev _usa-uschi008
2023-05-04T10:23:02.899Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip link set mtu 1420 up dev _usa-uschi008
2023-05-04T10:23:02.900Z DEBUG vopono_core::network::dns_config > Setting namespace vopono_mv_usa-uschi008 DNS server to 193.138.218.74
2023-05-04T10:23:02.901Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 wg set _usa-uschi008 fwmark 51820
2023-05-04T10:23:02.902Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip -4 route add 0.0.0.0/0 dev _usa-uschi008 table 51820
2023-05-04T10:23:02.903Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip -4 rule add not fwmark 51820 table 51820
2023-05-04T10:23:02.904Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 ip -4 rule add table main suppress_prefixlength 0
2023-05-04T10:23:02.905Z DEBUG vopono_core::util > sysctl -q net.ipv4.conf.all.src_valid_mark=1
2023-05-04T10:23:02.905Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 nft add table ip6 vopono_mv_usa-uschi008
2023-05-04T10:23:02.906Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 nft add chain ip6 vopono_mv_usa-uschi008 drop_ipv6_input { type filter hook input priority -1 ; policy drop; }
2023-05-04T10:23:02.908Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 nft add chain ip6 vopono_mv_usa-uschi008 drop_ipv6_output { type filter hook output priority -1 ; policy drop; }
2023-05-04T10:23:02.909Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 nft add chain ip6 vopono_mv_usa-uschi008 drop_ipv6_forward { type filter hook forward priority -1 ; policy drop; }
2023-05-04T10:23:02.911Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 nft -f /tmp/vopono_nft.sh
2023-05-04T10:23:02.912Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.912Z DEBUG vopono_core::network::netns > Writing lockfile: /home/gin/.config/vopono/locks/vopono_mv_usa-uschi008
2023-05-04T10:23:02.912Z DEBUG vopono_core::network::netns > Lockfile written: /home/gin/.config/vopono/locks/vopono_mv_usa-uschi008/26440
2023-05-04T10:23:02.912Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gin/.config
2023-05-04T10:23:02.922Z DEBUG vopono_core::network::netns > ip netns exec vopono_mv_usa-uschi008 sudo --preserve-env --user gin curl ifconfig.co/country
2023-05-04T10:23:02.922Z INFO vopono::exec > Application curl ifconfig.co/country launched in network namespace vopono_mv_usa-uschi008 with pid 26594
My keys were freshly generated and I had just run a sync.
Sorry for not including this information earlier, I am running arch and vopono 0.10.5 from the aur. I tried re-compiling vopono but that didn't fix it either.
Let me know if there is anything else I can try to test for you or other logs that you need.
So I am going to leave this note here just in case someone runs into a problem similar to mine. My networking is configured with NetworkManager. I fixed this issue by disabling the nftables service (iptables service was never running). I don't know if this is because the default rules that nftables includes was causing conflicts, but disabling it fixed my issue.
I went down this debugging path for an unrelated issue with getting dns issues in docker, but was happy to see that it fixed it in both applications.
I am trying to get the following command to run properly, however I am unable to resolve any hostnames once connected. This happens on basic curl commands or when I launch a browser like firefox. I have tried this with both ip & hostnames during
vopono sync' and the same results happen. The command I am running with is:
vopono -v exec --provider mullvad --server usa-uschi008 --firewall iptables "curl ifconfig.co/country"`Logs: