Open nothingmuch opened 2 months ago
You could for now manually add it towards talpid-core/src/firewall/mod.rs in the sourcecode at https://github.com/mullvad/mullvadvpn-app/blob/6868d3c3336a8289c56fdd978ad61ef8a19a7155/talpid-core/src/firewall/mod.rs and modify ALLOWED_LAN_NETS while rust code can be a bit scary i feel that this part is pretty self explanatory. and then manually compiling from said modified source preferably with build.sh --optimized so you get a release build now i cannot guarantee this to work since i have yet to test it myself but it could be a stopgap solution for now. Now only issue with this would be that you would not run the release version but the latest git commit unless you can figure out what commit they used to compile the latest release version.
nvm i think this should be the commit of the latest release https://github.com/mullvad/mullvadvpn-app/commit/b261238598f0237aaf420354445797a12a45d907
Sure i'm comfortable making that change, nixpkgs uses a binary release so it might take me a bit to test it first, but happy to make the effort if this change is likely to get accepted. I'll follow up soon.
Is it a bug?
I have checked if others have reported this already
Current Behavior
Although 100.64.0.0/100 is part of the IPv4 reserved address blocks used for internal networks, it is not included in the list of allowed addresses when LAN access is unblocked.
Strictly speaking that range is for carrier-grade NAT, so it's debatable whether or not that should be considered LAN.
However, not adding this manually to to nftables means I can't use tailscale and mullvad concurrently.
I'm aware of tailscale's mullvad integration, but unfortunately since I use headscale and not the tailscale service, I can't yet utilize this functionality.
Expected Behavior
With tailscale enabled and connected,
mullvad lan set allow
, when connecting to mullvad traffic on the tailscale interface should not be blocked.I can work around this using the following firewall rule:
but it would be less brittle and more secure if I would not have to do that statically, since that would still be allowed if
mullvad lan set block
is configured.Steps to Reproduce
tailscale up
mullvad lan set allow
tailscale ping ...
(works)mullvad connect
tailscale ping ...
(no response)mullvad disconnect
tailscale ping ...
(works)Failure Logs
No response
Operating system version
NixOS unstable (pre release 24.05)
Mullvad VPN app version
2023.6
Additional Information
No response