Custom wireguard configuration not working

[Digitalone1]

I synced the Mullvad config, but I noticed the endpoints are all IPv4. What if I want to use IPv6?

I wanted to make a custom config, but it seems there's no documentation on the config options. Where can I find a list of all the options and their meaning?

The user guide mostly talks about the supported providers, but how can I set a custom config for Mullvad with IPv6 servers?

I know there's the --custom option, but when I supply a wireguard config, it does not work.

[Digitalone1]

vopono exec --help gives the list of supported options, but running

vopono -v exec --provider custom --custom "path-to-custom-mullvad-wg-config.conf" --protocol wireguard --firewall IpTables "chromium"

I got no connection at all. I'm missing something. Any help?

[jamesmcm]

I think IPv6 endpoints won't work with the masquerade rules, see #181

If you need IPv6, it'd be helpful if you could take a look at it.

[Digitalone1]

That's unlucky. Well, thanks anyway.

[Digitalone1]

I have to reopen this issue because I downloaded the same configuration, but with IPv4 endpoint and it's not working yet.

What am I missing now? Any hint?

This is the file:

[Interface]
PrivateKey = ***
Address = 10.71.109.103/32
DNS = 10.64.0.1

[Peer]
PublicKey = ***
AllowedIPs = 0.0.0.0/0
Endpoint = 193.32.127.66:51280

[jamesmcm]

Can you provide the verbose output (e.g. vopono -v exec ... ) and try with --no-killswitch?

[Digitalone1]

Keys and user hidden:

 2024-06-23T20:22:55.788Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:55.795Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
 2024-06-23T20:22:55.795Z INFO  vopono_core::util             > Calling sudo for elevated privileges, current user will be used as default user
 2024-06-23T20:22:55.795Z DEBUG vopono_core::util             > Args: ["vopono", "-v", "exec", "--provider", "custom", "--custom", "/home/****/Documenti/VPN/ch-zrh-wg-001.conf", "--protocol", "wireguard", "--no-killswitch", "mullvad-browser"]
 2024-06-23T20:22:55.974Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:55.982Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
 2024-06-23T20:22:55.982Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:55.984Z DEBUG vopono_core::util             > Existing namespaces: []
 2024-06-23T20:22:55.984Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:55.984Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "custom-netns-name" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "open-hosts" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "hosts" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "open-ports" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "forward" not found
[src/args_config.rs:132:9] &command.postup = None
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "postup" not found
[src/args_config.rs:135:9] &postup = None
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "predown" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "group" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "working-directory" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "dns" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "user" not found
 2024-06-23T20:22:55.984Z DEBUG vopono::args_config           > configuration property "port-forwarding-callback" not found
 2024-06-23T20:22:55.984Z DEBUG vopono_core::network::network_interface > ip addr
 2024-06-23T20:22:55.986Z DEBUG vopono::args_config                     > Interface: wlo1
 2024-06-23T20:22:55.987Z DEBUG vopono_core::util                       > Existing namespaces: []
 2024-06-23T20:22:55.987Z DEBUG vopono_core::util                       > ip netns add vo_c_JgnAEwB
 2024-06-23T20:22:55.988Z INFO  vopono_core::network::netns             > Created new network namespace: vo_c_JgnAEwB
 2024-06-23T20:22:55.990Z DEBUG vopono_core::util                       > Existing interfaces: 
 2024-06-23T20:22:55.991Z DEBUG vopono_core::util                       > Assigned IPs: []
 2024-06-23T20:22:55.991Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip addr add 127.0.0.1/8 dev lo
 2024-06-23T20:22:55.993Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip link set lo up
STATE      CONNECTIVITY  WIFI-HW    WIFI       WWAN-HW  WWAN       METERED         
collegato  pieno         abilitato  abilitato  missing  abilitato  no (ipotizzato) 
 2024-06-23T20:22:56.009Z DEBUG vopono_core::network::veth_pair         > Detected NetworkManager running
 2024-06-23T20:22:56.009Z DEBUG vopono_core::network::veth_pair         > NetworkManager detected, adding vo_c_JgnAEwB_d to unmanaged devices
 2024-06-23T20:22:56.009Z DEBUG vopono_core::network::veth_pair         > Creating new NetworkManager config file: /etc/NetworkManager/conf.d/unmanaged.conf
 2024-06-23T20:22:56.009Z DEBUG vopono_core::util                       > nmcli connection reload
 2024-06-23T20:22:56.017Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2024-06-23T20:22:56.017Z DEBUG vopono_core::util                       > ip link add vo_c_JgnAEwB_d type veth peer name vo_c_JgnAEwB_s
 2024-06-23T20:22:56.019Z DEBUG vopono_core::util                       > ip link set vo_c_JgnAEwB_d up
 2024-06-23T20:22:56.021Z DEBUG vopono_core::util                       > ip link set vo_c_JgnAEwB_s netns vo_c_JgnAEwB up
 2024-06-23T20:22:56.065Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev vo_c_JgnAEwB_d
 2024-06-23T20:22:56.067Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip addr add 10.200.1.2/24 dev vo_c_JgnAEwB_s
 2024-06-23T20:22:56.070Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip route add default via 10.200.1.1 dev vo_c_JgnAEwB_s
 2024-06-23T20:22:56.075Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2024-06-23T20:22:56.075Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2024-06-23T20:22:56.075Z DEBUG vopono_core::util                       > iptables -t nat -A POSTROUTING -s 10.200.1.0/24 -o wlo1 -j MASQUERADE
 2024-06-23T20:22:56.076Z DEBUG vopono_core::util                       > iptables -I FORWARD -i vo_c_JgnAEwB_d -o wlo1 -j ACCEPT
 2024-06-23T20:22:56.077Z DEBUG vopono_core::util                       > iptables -I FORWARD -o vo_c_JgnAEwB_d -i wlo1 -j ACCEPT
 2024-06-23T20:22:56.078Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2024-06-23T20:22:56.079Z DEBUG vopono_core::network::wireguard         > Deserializing: 10.64.0.1 to Vec<IpAddr>
 2024-06-23T20:22:56.079Z DEBUG vopono_core::network::wireguard         > TOML config: WireguardConfig { interface: WireguardInterface { private_key: "****", address: [10.71.109.103/32], dns: Some([10.64.0.1]) }, peer: WireguardPeer { public_key: "****", allowed_ips: [0.0.0.0/0], endpoint: 193.32.127.66:51820, keepalive: None } }
 2024-06-23T20:22:56.079Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip link add vo_c_JgnAEwB type wireguard
 2024-06-23T20:22:56.082Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB wg setconf vo_c_JgnAEwB /tmp/vopono_nft.conf
 2024-06-23T20:22:56.084Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -4 address add 10.71.109.103/32 dev vo_c_JgnAEwB
 2024-06-23T20:22:56.087Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip link set mtu 1420 up dev vo_c_JgnAEwB
 2024-06-23T20:22:56.090Z DEBUG vopono_core::network::dns_config        > Setting namespace vo_c_JgnAEwB DNS server to 10.64.0.1
 2024-06-23T20:22:56.092Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB wg set vo_c_JgnAEwB fwmark 51820
 2024-06-23T20:22:56.094Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -4 route add 0.0.0.0/0 dev vo_c_JgnAEwB table 51820
 2024-06-23T20:22:56.097Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -4 rule add not fwmark 51820 table 51820
 2024-06-23T20:22:56.099Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -4 rule add table main suppress_prefixlength 0
 2024-06-23T20:22:56.103Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.conf.all.src_valid_mark=1
 2024-06-23T20:22:56.104Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -6 route add ::/0 dev vo_c_JgnAEwB table 51820
 2024-06-23T20:22:56.107Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -6 rule add not fwmark 51820 table 51820
 2024-06-23T20:22:56.109Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip -6 rule add table main suppress_prefixlength 0
 2024-06-23T20:22:56.111Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB iptables -t raw -A PREROUTING ! -i vo_c_JgnAEwB -d 10.71.109.103/32 -m addrtype ! --src-type LOCAL -j DROP
 2024-06-23T20:22:56.113Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB iptables -t mangle -A POSTROUTING -p udp -j MARK --set-mark 51820
 2024-06-23T20:22:56.116Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB iptables -t mangle -A PREROUTING -p udp -j CONNMARK --save-mark
 2024-06-23T20:22:56.119Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip6tables -t mangle -A POSTROUTING -p udp -j MARK --set-mark 51820
 2024-06-23T20:22:56.122Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB ip6tables -t mangle -A PREROUTING -p udp -j CONNMARK --save-mark
 2024-06-23T20:22:56.125Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:56.125Z DEBUG vopono_core::network::netns             > Writing lockfile: /home/****/.config/vopono/locks/vo_c_JgnAEwB
 2024-06-23T20:22:56.125Z DEBUG vopono_core::network::netns             > Lockfile written: /home/****/.config/vopono/locks/vo_c_JgnAEwB/102380
 2024-06-23T20:22:56.125Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/****/.config
 2024-06-23T20:22:56.137Z DEBUG vopono_core::network::netns             > ip netns exec vo_c_JgnAEwB sudo --preserve-env --user **** mullvad-browser
 2024-06-23T20:22:56.138Z INFO  vopono::exec                            > Application mullvad-browser launched in network namespace vo_c_JgnAEwB with pid 102466

[Digitalone1]

I'm using ufw. Maybe is that the culprit? Should I set a specific rule?

[jamesmcm]

Can you try if you disable ufw, and also maybe just try to ping when it is running e.g.:

sudo ip netns exec vo_c_JgnAEwB ping 8.8.8.8

But the issue is probably ufw, it'd be easiest to disable it or move the rules to iptables (or switch everything to nftables) if you need them.

[Digitalone1]

I could disable it, but my intention is to run ufw anyway.

Well, I give up, it's too complex. I didn't like Mullvad devs not implementing the inverse split tunnelling, but now I understand why they did that.