Unable to connect to institution's websites when connecting to its WPA2-Enterprise network on Silverblue

[sith-on-mars]

Issue report

Operating system: Fedora Silverblue 38 App version: 2023.3

Issue description

I found myself unable to connect to my university's websites if I connected to my university wifi (WPA2-Enterprise) on my Silverblue. No matter which connection method I and which server I tried it remained the same. I was able to connect to my university's websites when I connected to my phone hotspot.

The issue didn't happen on my iOS device currently and on other Linux systems I used in the past. Maybe Mullvad still has some incompatibility issue with immutable system?

[sith-on-mars]

I found the same issue when using other VPN providers. Therefore, it should be the issue of Silverblue rather than Mullvad itself.

[Anvil5465]

This has been a persistent issue for me with Fedora Workstation and Pop!_OS for years. iVPN used to work for me until an update sometime in late 2021. I gave up and switched back to Mullvad then. Have you made any headway on this?

[faern]

I don't understand the problem. How is Mullvad involved? Can you please explain your setup in more detail?

[Anvil5465]

@faern I have only ever experienced this with my university's eduroam network, which has the following security setup:

With the VPN enabled, I can connect to any website I choose except for those containing the university's domain name (e.g. it.university.edu, med.university.edu, law.university.edu). It doesn't matter if I launch a browser in split tunneling mode - it still doesn't connect. It just gives an error like this:

The VPN has to be completely disabled in order to connect to one of these university.edu websites from the eduroam network. Also, I can connect to these websites just fine using Mullvad if I'm on any other wifi network, which means it's not simple ip address blocking. I have replicated this issue on all recent versions of Pop!_OS including 21.04, 21.10, and 22.04, and fedora 38 and 39. Like I said in my previous post, I have replicated this issue with Mullvad and iVPN, though it's been some time since I have tried iVPN.

Notably, this issue is not present at all on iOS or Android. I can even use my Pixel 6a phone running GrapheneOS to connect to the eduroam network, create a hotspot extending the network to my linux laptop, have mullvad enabled on both devices, and suddenly I'm able to connect to university.edu just fine.

Apparently, according to some email correspondence I had with Mullvad support, I was able to resolve the issue a couple years ago by not using the Mullvad app and following these instructions instead, but I think I switched back to the app because I missed some of the functionality it offered.

I don't believe there is anything else particularly relevant to my setup, but let me know if you need any more information.

[sith-on-mars]

Hi @Anvil5465 thanks a lot for raising this. I had the exact same problem as you on Silverblue 38 and 39. It's likely to be an upstream bug from Fedora Workstation. I posted on a few months ago, the Fedora forum, thought it was a Silverblue exclusive issue.

The same issue persisted with other VPN providers it seemed. It happened to the iVPN app as well. I tried Windscribe but even couldn't establish the connection.

If you still want to use the app, the workaround is to set up SOCKS5 proxy on the browser.

Feel free to report the bug to Fedora.

[Anvil5465]

Thank you!! That workaround fixes it for me!