Wireguard Blocking Internet: Unable to apply firewall rules. Try updating your kernel

[ItsABlackScreen]

Issue report

Operating system: Fedora 36 , Fedora 35

App version: 2022.5

Issue description

When there is a network outage, and mullvad is connected using the wireguard protocol, after about a minute of so it errors out with Unable to apply firewall rules. Try updating your kernel

This state exists even after the connection comes back, and is only fixed by manually disconnecting and reconnecting. After which it works fine.

Errors in Logs:

Error: Failed to apply firewall policy for connecting state
Caused by: Unable to translate network interface name "wg-mullvad" into index
Caused by: Failed to get index for interface wg-mullvad
Caused by: No such device (os error 19)

After the error running ifconfig -a shows that the wg-mullvad interface has disappeared.

Issue only occurs with wireguard and openvpn works fine in the same situation.

[faern]

Thanks for reporting this. Having our interface disappear is indeed an issue. We'll look into this.

[faern]

@ItsABlackScreen We have never seen this ourselves, and we use Fedora quite extensively. Do you happen to have some special networking setup? Do you run the default network manager for Fedora? When this happens, could you maybe check the logs of the NetworkManager and see if there is anything suspicious there? The command for doing so is:

sudo journalctl -u NetworkManager.service

[ItsABlackScreen]

My networking setup is the default that comes with Fedora KDE spin. My connection is also pretty standard.

The way I simulate a network outage is just changing the ip my router connects to from 10.xx.xx.88 to 10.xx.xx.47 So just an wrong/non-existant ip.

Here are the logs of the NetworkManager CMD : sudo journalctl -u NetworkManager.service

1. OpenVpn Incorrect ip at 10:30, corrected at 10:34

   Dec 28 10:30:38 fedora NetworkManager[2477]: <info>  [1672203638.0736] device (tun0): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0150] manager: (tun0): new Tun device (/org/freedesktop/NetworkManager/Devices/6)
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0294] device (tun0): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0298] device (tun0): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0303] device (tun0): Activation: starting connection 'tun0' (5ad014cc-c9ed-43fd-9d5f-85b41005a1e8)
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0326] device (tun0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0328] device (tun0): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0329] device (tun0): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0338] device (tun0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0601] device (tun0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0603] device (tun0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:34:27 fedora NetworkManager[2477]: <info>  [1672203867.0608] device (tun0): Activation: successful, device activated.

2. WireGuard Incorrect ip at 10:40 and blocking internet error at 10:40:46. No change after than even with the correct ip. If the ip is corrected before the blocking internet error, it connects OK.

   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.5601] device (wg-mullvad): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6709] manager: (wg-mullvad): new WireGuard device (/org/freedesktop/NetworkManager/Devices/8)
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6790] device (wg-mullvad): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6795] device (wg-mullvad): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6798] device (wg-mullvad): Activation: starting connection 'wg-mullvad' (09bc85be-583e-4c19-99b6-017bdd854a79)
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6814] device (wg-mullvad): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6816] device (wg-mullvad): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6817] device (wg-mullvad): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6818] device (wg-mullvad): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6824] device (wg-mullvad): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6825] device (wg-mullvad): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:03 fedora NetworkManager[2477]: <info>  [1672204203.6829] device (wg-mullvad): Activation: successful, device activated.
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.7030] device (wg-mullvad): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8197] manager: (wg-mullvad): new WireGuard device (/org/freedesktop/NetworkManager/Devices/9)
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8276] device (wg-mullvad): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8280] device (wg-mullvad): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8284] device (wg-mullvad): Activation: starting connection 'wg-mullvad' (ae2afdac-2435-4282-a097-e5222801a839)
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8305] device (wg-mullvad): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8308] device (wg-mullvad): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8309] device (wg-mullvad): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8312] device (wg-mullvad): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8318] device (wg-mullvad): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8319] device (wg-mullvad): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:07 fedora NetworkManager[2477]: <info>  [1672204207.8323] device (wg-mullvad): Activation: successful, device activated.
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.8722] device (wg-mullvad): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9701] manager: (wg-mullvad): new WireGuard device (/org/freedesktop/NetworkManager/Devices/10)
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9784] device (wg-mullvad): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9789] device (wg-mullvad): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9794] device (wg-mullvad): Activation: starting connection 'wg-mullvad' (430432f6-ac45-4bbb-9e5d-e8d999c3857f)
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9817] device (wg-mullvad): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9819] device (wg-mullvad): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9821] device (wg-mullvad): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9825] device (wg-mullvad): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9831] device (wg-mullvad): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9833] device (wg-mullvad): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:15 fedora NetworkManager[2477]: <info>  [1672204215.9836] device (wg-mullvad): Activation: successful, device activated.
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.0130] device (wg-mullvad): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1314] manager: (wg-mullvad): new WireGuard device (/org/freedesktop/NetworkManager/Devices/11)
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1401] device (wg-mullvad): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1405] device (wg-mullvad): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1410] device (wg-mullvad): Activation: starting connection 'wg-mullvad' (38b5f049-401f-42c5-bdf2-a8b5785284ea)
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1428] device (wg-mullvad): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1430] device (wg-mullvad): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1431] device (wg-mullvad): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1433] device (wg-mullvad): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1440] device (wg-mullvad): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1441] device (wg-mullvad): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:40:31 fedora NetworkManager[2477]: <info>  [1672204231.1444] device (wg-mullvad): Activation: successful, device activated.
   Dec 28 10:40:46 fedora NetworkManager[2477]: <info>  [1672204246.1705] device (wg-mullvad): state change: activated -> unmanaged (reason 'unmanaged', sys-iface-state: 'removed')

   Logs after the error shows up and manually reconnecting.

   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9427] manager: (wg-mullvad): new WireGuard device (/org/freedesktop/NetworkManager/Devices/12)
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9524] device (wg-mullvad): state change: unmanaged -> unavailable (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9528] device (wg-mullvad): state change: unavailable -> disconnected (reason 'connection-assumed', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9533] device (wg-mullvad): Activation: starting connection 'wg-mullvad' (8fada1f1-1a48-48fd-a0cf-fb8c38120b08)
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9556] device (wg-mullvad): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9558] device (wg-mullvad): state change: prepare -> config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9559] device (wg-mullvad): state change: config -> ip-config (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9579] device (wg-mullvad): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9915] device (wg-mullvad): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9917] device (wg-mullvad): state change: secondaries -> activated (reason 'none', sys-iface-state: 'external')
   Dec 28 10:44:25 fedora NetworkManager[2477]: <info>  [1672204465.9922] device (wg-mullvad): Activation: successful, device activated.

In both cases openvpn and wireguard the interface (tun0 and wg-mullvad) dissapear, after changing to wrong ip. With openvpn immediately With wireguard after the blocking internet error.

Wireguard tries to reconnect again and again. Is there an internal limit to reconnects that is being crossed and so that it thinks that it is unable to apply firewall rules?

[pinkisemils]

Does this happen if you enable systemd-resolved? This might happen if NetworkManager will try to manage our device - which shouldn't happen. Would you mind sending a problem report?

[ItsABlackScreen]

As far as i can tell systemd-resolved is enabled. I checked using
systemctl status systemd-resolved.service Which showed the service as active (running) I have also sent a problem report, with the issue url in description.

[github-userx]

I am a noob (not too technical skilled) but I think I experienced the same error notification from the Mullvad GUI App on UBUNTU-MATE 22.04 after/when I modified my Network settings (dhcp) with networkManager GUI.

(I did this because i wanted to keep a static local IP address but even after changing my router DHCP settings, NetworkManager constantly did bootps (bootstrap protocol) connections which I ended by specify the routing table/dhcp settings manually in NetworkManager).

When I saw the error notification I was very worried because obviously the Mullvad app is only as safe as the Operating system and Network settings it operates with.

[faern]

@github-userx Please send logs. You can use the report a problem feature in the app to send redacted logs to our support. If there is an issue, hopefully we can deduce the problem from there.