search

mullvad / mullvadvpn-app

The Mullvad VPN client app for desktop and mobile
https://mullvad.net/
GNU General Public License v3.0
4.89k stars 335 forks source link

.NET applications cannot access the Internet via Split Tunneling. #6002

Closed bartico6 closed 5 months ago

bartico6 commented 5 months ago

Is it a bug?

I have checked if others have reported this already

Current Behavior

Adding a C#/.NET application utilising TcpClient APIs (or specifying a V6 address family and using a v4-on-v6 address) in the Split Tunneling section of the Mullvad application results in the application having no internet access whatsoever, due to the socket APIs receiving an access denied error.

Expected Behavior

After adding the application to split tunneling, the application should still have internet access.

Steps to Reproduce

  1. Download a C# application that makes use of TcpClient APIs with a default constructor (a good example is the video game Terraria that I'm currently experiencing this with) - you can also use my repro application: https://github.com/bartico6/MullvadVPN-Repro-001
  2. Add the application's executable to split tunneling
  3. Attempt to open a socket connection
  4. Receive an access denied error in the debugger. image

Failure Logs

No response

Operating system version

Windows 10 22H2

Mullvad VPN app version

2023.6, unknown if it ever worked.

Additional Information

This occurs because TcpClient API on IPV6-enabled machines will attempt to establish a IPV6 socket initially, then connect it to an v4-on-v6 address [::ffff:255.255.255.255] which yields an access denied exception - this seems eerily familiar as similar issues for Java exist. This issue merely extends the scope of the issue to .NET applications as well.

If you enable the "enable IPv6" option in the VPN app, the error changes from AccessDenied to AddressNotAvailable but is otherwise still the same & unusable (the same address, app and code works perfectly fine if Mullvad is turned off)

bartico6 commented 5 months ago

I forgot to mention - the exact same code, app, IP and everything will work in two other scenarios - if it's not in split tunneling (so, going through Mullvad normally), and if Mullvad is completely out of the equation - it's specifically a split tunneling issue :-)

raksooo commented 5 months ago

This is the same cause as https://github.com/mullvad/mullvadvpn-app/issues/4873, https://github.com/mullvad/mullvadvpn-app/issues/2972 and https://github.com/mullvad/mullvadvpn-app/issues/3990. I'll close this since it's a duplicate.