Impossible to add Gamepass games to Split Tunnelling due to permissions

[hugalafutro]

Issue report

Operating system: Windows 11 Pro 22H2

App version: 2022.5

Issue description

It lets you navigate to the Gamepass game folder and .exe, but when trying to open it claims insufficient permissions

I have found https://github.com/mullvad/mullvadvpn-app/issues/2822, but that mentions Store apps which run under RuntimeBroker.exe and the solution offered is to install from different source so the processes are split and can be added to Mullvad, but the Gamepass games are mostly not like that I just can't click OK when I find the .exe. Hope that makes sense.

I generally do not mind Mullvad reconnecting twice a day, but not when I'm at the end of 1 hour raid really. I can't really turn vpn off without uninstalling so what are my options here?

[faern]

I can't really turn vpn off without uninstalling so what are my options here?

I'm not saying this is the solution to your problem, but I'm curious why you can't disable the VPN without uninstalling? You can just disconnect the tunnel with the disconnect button and continue using your computer without VPN, without uninstalling.

The permission error does indeed look like a bug. Our app tries to read out the icon and app name from the binary when you perform that action, and for some reason your user does not have the permission to do so? Very strange. We'll treat it as a bug and see what we can find.

[hugalafutro]

I forgot I had the lockdown mode on 😃 so when I quit the app I had no internet, but that aside I'd still prefer to tunnel the rest of the pc's traffic via vpn for privacy reasons even while playing the game.

If it's any help this is what the permissions on the file look like, it's an online game (obviously) installed from Gamepass and as such I'm not going to modify the file such as taking ownership or change the attributes should their antitamper solution pick it up.

edit: since you mentioned the icon I was wondering where the desktop shortcut gets it from, but when I click change icon it shows the default c:/windows/system32/shell32.dll icons:

[faern]

Thank you for the screenshots. I'll let @raksooo step in here and maybe ask more relevant questions, since he has implemented this file selection and parsing.

[dlon]

For what it's worth, you could probably add the path from the CLI until this has been fixed:

mullvad split-tunnel app add "<path to exe here>"

To verify that it's working, you could list excluded processes while the application is running:

mullvad split-tunnel pid list

[hugalafutro]

I've tried that, but no luck.

In doing so I discovered Windows has the game directrory symbolically linked (? I'm not sure what junction is in this context) to C:/Program Files and launches from there, I tried to add that path too, to no avail: edit: I restarted the game after adding the 2nd path.

[faern]

The list pid will only list running processes that are excluded. So if the game is not running it won't show up there. Have you tried it, does it go outside the tunnel? What does mullvad split-tunnel app list give you?

[hugalafutro]

I see, in that case it seems to be working when adding via cli:

while game is running:

PS C:\Users\sammael> mullvad split-tunnel app list
Excluded applications:
    M:\GamePass\Warhammer 40,000- Darktide\Content\binaries\Darktide.exe
    C:\Program Files\WindowsApps\FatsharkAB.Warhammer40000DarktideNew_1.0.455.0_x64__hwm6pnepa3ng2\binaries\Darktide.exe
PS C:\Users\sammael> mullvad split-tunnel pid list
2396               darktide.exe

Thanks for the workaround!

[raksooo]

I've had a look at this and it's not due to us reading the file name and icon, and as I understand it the error dialog isn't created by Electron either. A quick search online gave me the impression that this error dialog is part of the Windows file open dialog, and unfortunately there aren't any options exposed by Electron that could help prevent this error.

I suspect that the error is caused by one of the following:

• The file is owned by Administrators
• Gamepass blocks others from opening the file in some way

I don't know much about these parts of Windows so I could be wrong.

The documentation about the file open dialog doesn't say anything about permissions: https://learn.microsoft.com/en-us/windows/win32/api/shobjidl_core/nn-shobjidl_core-ifileopendialog

[HotCakeX]

I tried this with my Xbox games on Windows 11. Opened Xbox app, went to game settings => Files => Browse and it showed me the game files and I could access them and do whatever I want with them like delete/copy/paste etc.

They allowed direct access to the game files at least more than year ago. This is done so that users can mod their games.

however, the main executable of the game itself couldn't be deleted which makes sense because modding games don't involve replacing the actual main executable of the game, that'd be done in cases of cheating or bypassing anti-cheat engines.

If you want to repair game files and restore the deleted files, using verify option in game settings of Xbox app will scan the files and only download the missing/altered ones.

I'd just turn off the VPN connection and play my game. or if ping isn't that big of a deal, keep using VPN while playing game. Wireguard and OpenVPN UDP are pretty fast and I never notice any difference when playing online FPS games on them.

If disconnecting VPN would pose a security risk to your system then what you really need is to configure Windows Firewall and make it tighter, no unsolicited incoming connections, disable edge traversal in inbound connections etc. check 3rd party program firewall rules and disable any of them you don't need.

[hugalafutro]

It wasn't about latency, but more about mullvad reconnecting randomly as it's wont to do once or twice a day and disconnecting me in middle of mission.

The whole point is moot though, as the game utilizes the xbox subsystems for its social aspects, so whitelisting the .exe alone just breaks the game as the game runs outside vpn, while the xbox app runs inside vpn.

I'll leave the issue open however as the original issue remains unchanged, unless the team decides it's outside of scope of Mullvad app to deal with in which case go ahead and close it.

[Naxterra]

I think it would be better to have an option or ability to exclude all Xbox and MS Store apps / games. Some games require to be online all the time, and when there is a change in the network, game quits itself.

[DAOWAce]

Tagging for relevance:

https://github.com/mullvad/mullvadvpn-app/issues/2808 https://github.com/mullvad/mullvadvpn-app/issues/2822

Sad to see these things still languishing for almost 2 years.