jm355
commented
2 hours ago On the android app, this is already handled correctly. Even on the same LAN, data to the server is routed through mullvad.
And for clarity, it's not an issue with the server. I can connect to the server when I'm connected to mullvad on any other network. The issue is only present when my computer is on the same LAN as the server and I'm connected to mullvad
Is it a bug?
I have checked if others have reported this already
Current Behavior
If you have a home server, and you're connected to the same network, mullvad blocks connection to it because the default route is to connect directly to that ip rather than go through mullvad. In other words, the default route is via the current network device (e.g. eth0) rather than mullvad (i.e. wg0-mullvad). But, mullvad blocks that traffic, and there isn't a route for it to go through mullvad, so the traffic just doesn't go through.
Expected Behavior
Connecting to a publicly accessible IPv6 address should work even if you're on the same LAN as the server in question, by routing through mullvad first.
Steps to Reproduce
Failure Logs
No response
Operating system version
Arch Linux latest
Mullvad VPN app version
2024.7
Additional Information
The solution as far as I can tell is simply for mullvad to add a route for the IPv6 prefix to go through mullvad. In my case, the routing table had
and after adding
with
sudo ip -6 route replace 2001:db8:abcd:1234::/64 dev wg0-mullvad metric 100 protocol static, I'm now able to connect. I think mullvad should create this route automatically.Or, maybe this can be handled by nftables? I know mullvad adds a big table with a lot of rules, but I don't really understand it, but it could be as simple as adding a specific rule for IPs with the same prefix to also go through mullvad instead of being blocked? I'm not familiar enough with nftables to be sure