[X] I know this is an issue with the app, and contacting Mullvad support is not relevant.
I have checked if others have reported this already
[X] I have checked the issue tracker to see if others have reported similar issues.
Current Behavior
When excluding traffic to and from 10.0.0.0/8 by setting ctmark 0x00000f41 and fwmark 0x6d6f6c65 on outgoing and incoming traffic to and from 10.0.0.0/8, all internet traffic is excluded and sent over the host's internet connection, rather than being tunneled.
Expected Behavior
When excluding traffic to and from 10.0.0.0/8 by setting ctmark 0x00000f41 and fwmark 0x6d6f6c65 on outgoing and incoming traffic to and from 10.0.0.0/8, only that traffic should be excluded.
Steps to Reproduce
Update to app 2024.4
Apply the following netfilter ruleset:
define EXCLUDED_IPS_V4 = {
10.0.0.0/8,
}
table inet excludeTraffic {
chain excludeOutgoing1 {
type route hook output priority 0; policy accept;
ip daddr $EXCLUDED_IPS_V4 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain allowIncoming {
type filter hook input priority -100; policy accept;
ip daddr $EXCLUDED_IPS_V4 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
chain allowOutgoing2 {
type route hook output priority -100; policy accept;
ip saddr $EXCLUDED_IPS_V4 ct mark set 0x00000f41 meta mark set 0x6d6f6c65;
}
}
3. Check your external IP address
### Failure Logs
_No response_
### Operating system version
Linux 6.8.9-arch1-2
### Mullvad VPN app version
Broke in `2024.2`. Worked fine on `2024.1`.
### Additional Information
This was not the result of a kernel upgrade because it started happening immediately after updating Mullvad without restarting my system.
Is it a bug?
I have checked if others have reported this already
Current Behavior
When excluding traffic to and from
10.0.0.0/8
by setting ctmark0x00000f41
and fwmark0x6d6f6c65
on outgoing and incoming traffic to and from10.0.0.0/8
, all internet traffic is excluded and sent over the host's internet connection, rather than being tunneled.Expected Behavior
When excluding traffic to and from
10.0.0.0/8
by setting ctmark0x00000f41
and fwmark0x6d6f6c65
on outgoing and incoming traffic to and from10.0.0.0/8
, only that traffic should be excluded.Steps to Reproduce
table inet excludeTraffic { chain excludeOutgoing1 { type route hook output priority 0; policy accept; ip daddr $EXCLUDED_IPS_V4 ct mark set 0x00000f41 meta mark set 0x6d6f6c65; }
}