Can't get this to work | Arch Linux Mullvad

[FeyrisTan]

I installed vopono-bin from the aur since the git package does not compile "cc link error".
Using vopono sync worked and it created the files for mullvad.
Now I'm using this to open librewolf:

'vopono exec --provider mullvad --server denmark-dkcph001 librewolf'

browser launches but without being able to access the internet.

Verbose output:

❯ vopono --verbose exec --provider mullvad --server denmark-dkcph001 "librewolf"
 2025-03-15T19:17:13.708Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:13.708Z DEBUG vopono_core::util > Cleaning dead lock files...
 2025-03-15T19:17:14.720Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
 2025-03-15T19:17:14.720Z INFO  vopono_core::util             > Calling sudo for elevated privileges, current user will be used as default user
 2025-03-15T19:17:14.720Z DEBUG vopono_core::util             > Args: ["vopono", "--verbose", "exec", "--provider", "mullvad", "--server", "denmark-dkcph001", "librewolf"]
[sudo] password for gomi: 
 2025-03-15T19:17:17.871Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:17.871Z DEBUG vopono_core::util > Cleaning dead lock files...
 2025-03-15T19:17:18.880Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native
 2025-03-15T19:17:18.880Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:18.882Z DEBUG vopono_core::util             > Existing namespaces: []
 2025-03-15T19:17:18.882Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:18.882Z DEBUG vopono_core::util             > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "custom" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "custom-netns-name" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "open-hosts" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "hosts" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "open-ports" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "forward" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "postup" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "predown" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "group" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "working-directory" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "dns" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "user" not found
 2025-03-15T19:17:18.882Z DEBUG vopono::args_config           > configuration property "port-forwarding-callback" not found
 2025-03-15T19:17:18.882Z DEBUG vopono_core::network::network_interface > ip addr
 2025-03-15T19:17:18.886Z DEBUG vopono::args_config                     > Interface: wlan0
 2025-03-15T19:17:18.886Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:18.889Z DEBUG vopono_core::util                       > Existing namespaces: []
 2025-03-15T19:17:18.889Z DEBUG vopono_core::util                       > ip netns add vo_mv_DQ3hJHu
 2025-03-15T19:17:18.893Z INFO  vopono_core::network::netns             > Created new network namespace: vo_mv_DQ3hJHu
 2025-03-15T19:17:18.895Z DEBUG vopono_core::util                       > Existing interfaces: 
 2025-03-15T19:17:18.896Z DEBUG vopono_core::util                       > Assigned IPs: []
 2025-03-15T19:17:18.897Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip addr add 127.0.0.1/8 dev lo
 2025-03-15T19:17:18.902Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip link set lo up
STATE      CONNECTIVITY  WIFI-HW  WIFI     WWAN-HW  WWAN     METERED      
connected  full          enabled  enabled  missing  enabled  no (guessed) 
 2025-03-15T19:17:18.929Z DEBUG vopono_core::network::veth_pair         > Detected NetworkManager running
 2025-03-15T19:17:18.929Z DEBUG vopono_core::network::veth_pair         > NetworkManager detected, adding vo_mv_DQ3hJHu_d to unmanaged devices
 2025-03-15T19:17:18.929Z DEBUG vopono_core::network::veth_pair         > Appending to existing NetworkManager config file: /etc/NetworkManager/conf.d/unmanaged.conf
 2025-03-15T19:17:18.929Z DEBUG vopono_core::util                       > nmcli connection reload
 2025-03-15T19:17:18.945Z DEBUG vopono_core::network::veth_pair         > firewalld not detected running
 2025-03-15T19:17:18.945Z DEBUG vopono_core::util                       > ip link add vo_mv_DQ3hJHu_d type veth peer name vo_mv_DQ3hJHu_s
 2025-03-15T19:17:18.950Z DEBUG vopono_core::util                       > ip link set vo_mv_DQ3hJHu_d up
 2025-03-15T19:17:18.952Z DEBUG vopono_core::util                       > ip link set vo_mv_DQ3hJHu_s netns vo_mv_DQ3hJHu up
 2025-03-15T19:17:18.964Z DEBUG vopono_core::util                       > ip addr add 10.200.1.1/24 dev vo_mv_DQ3hJHu_d
 2025-03-15T19:17:18.966Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip addr add 10.200.1.2/24 dev vo_mv_DQ3hJHu_s
 2025-03-15T19:17:18.970Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip route add default via 10.200.1.1 dev vo_mv_DQ3hJHu_s
 2025-03-15T19:17:18.977Z INFO  vopono_core::network::netns             > IP address of namespace as seen from host: 10.200.1.2
 2025-03-15T19:17:18.977Z INFO  vopono_core::network::netns             > IP address of host as seen from namespace: 10.200.1.1
 2025-03-15T19:17:18.977Z DEBUG vopono_core::util                       > nft add table inet vopono_nat
 2025-03-15T19:17:18.983Z DEBUG vopono_core::util                       > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; }
 2025-03-15T19:17:18.991Z DEBUG vopono_core::util                       > nft add rule inet vopono_nat postrouting oifname wlan0 ip saddr 10.200.1.0/24 counter masquerade
 2025-03-15T19:17:19.000Z DEBUG vopono_core::util                       > nft add table inet vopono_bridge
 2025-03-15T19:17:19.004Z DEBUG vopono_core::util                       > nft add chain inet vopono_bridge forward { type filter hook forward priority -10 ; }
 2025-03-15T19:17:19.009Z DEBUG vopono_core::util                       > nft add rule inet vopono_bridge forward iifname vo_mv_DQ3hJHu_d oifname wlan0 counter accept
 2025-03-15T19:17:19.014Z DEBUG vopono_core::util                       > nft add rule inet vopono_bridge forward oifname vo_mv_DQ3hJHu_d iifname wlan0 counter accept
 2025-03-15T19:17:19.020Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.ip_forward=1
 2025-03-15T19:17:19.022Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:19.024Z INFO  vopono_core::util                       > Chosen config: /home/gomi/.config/vopono/mv/wireguard/denmark-dkcph001.conf
 2025-03-15T19:17:19.024Z DEBUG vopono_core::network::wireguard         > Deserializing: 193.138.218.74 to Vec<IpAddr>
 2025-03-15T19:17:19.024Z DEBUG vopono_core::network::wireguard         > TOML config: WireguardConfig { interface: WireguardInterface { private_key: "********", address: [10.75.185.247/32, fc00:bbbb:bbbb:bb01::c:b9f6/128], dns: Some([193.138.218.74]) }, peer: WireguardPeer { public_key: "egl+0TkpFU39F5O6r6+hIBMPQLOa8/t5CymOZV6CC3Y=", allowed_ips: [0.0.0.0/0, ::/0], endpoint: 45.129.56.67:51820, keepalive: None } }
 2025-03-15T19:17:19.025Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip link add vo_mv_DQ3hJHu type wireguard
 2025-03-15T19:17:19.030Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu wg setconf vo_mv_DQ3hJHu /tmp/vopono_nft.conf
 2025-03-15T19:17:19.034Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -4 address add 10.75.185.247/32 dev vo_mv_DQ3hJHu
 2025-03-15T19:17:19.039Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -6 address add fc00:bbbb:bbbb:bb01::c:b9f6/128 dev vo_mv_DQ3hJHu
 2025-03-15T19:17:19.043Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip link set mtu 1420 up dev vo_mv_DQ3hJHu
 2025-03-15T19:17:19.049Z DEBUG vopono_core::network::dns_config        > Setting namespace vo_mv_DQ3hJHu DNS server to 193.138.218.74
 2025-03-15T19:17:19.050Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu wg set vo_mv_DQ3hJHu fwmark 51820
 2025-03-15T19:17:19.054Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -4 route add 0.0.0.0/0 dev vo_mv_DQ3hJHu table 51820
 2025-03-15T19:17:19.059Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -4 rule add not fwmark 51820 table 51820
 2025-03-15T19:17:19.063Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -4 rule add table main suppress_prefixlength 0
 2025-03-15T19:17:19.067Z DEBUG vopono_core::util                       > sysctl -q net.ipv4.conf.all.src_valid_mark=1
 2025-03-15T19:17:19.069Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -6 route add ::/0 dev vo_mv_DQ3hJHu table 51820
 2025-03-15T19:17:19.073Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -6 rule add not fwmark 51820 table 51820
 2025-03-15T19:17:19.078Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu ip -6 rule add table main suppress_prefixlength 0
 2025-03-15T19:17:19.083Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu nft -f /tmp/vopono_nft.sh
 2025-03-15T19:17:19.091Z DEBUG vopono_core::network::wireguard         > Setting Wireguard killswitch....
 2025-03-15T19:17:19.091Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu nft add table inet vo_mv_DQ3hJHu
 2025-03-15T19:17:19.099Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu nft add chain inet vo_mv_DQ3hJHu output { type filter hook output priority -500 ; policy accept; }
 2025-03-15T19:17:19.105Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu nft add rule inet vo_mv_DQ3hJHu output oifname != vo_mv_DQ3hJHu mark != 51820 fib daddr type != local counter reject
 2025-03-15T19:17:19.112Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:19.112Z DEBUG vopono_core::network::netns             > Writing lockfile: /home/gomi/.config/vopono/locks/vo_mv_DQ3hJHu
 2025-03-15T19:17:19.112Z DEBUG vopono_core::network::netns             > Lockfile written: /home/gomi/.config/vopono/locks/vo_mv_DQ3hJHu/104057
 2025-03-15T19:17:19.112Z DEBUG vopono_core::util                       > Using config dir from $HOME config: /home/gomi/.config
 2025-03-15T19:17:19.132Z DEBUG vopono_core::network::netns             > ip netns exec vo_mv_DQ3hJHu sudo --preserve-env --user gomi librewolf
 2025-03-15T19:17:19.132Z INFO  vopono::exec                            > Application librewolf launched in network namespace vo_mv_DQ3hJHu with pid 104171

I do have ufw but disabling it did not make a difference.

[jamesmcm]

Can you try with --no-killswitch ?

And when it's running try to ping from inside - e.g.:

$ sudo ip netns exec vo_mv_DQ3hJHu bash
$ $ ping 8.8.8.8

to see if the issue is the DNS or the actual connectivity?

[FeyrisTan]

100% packet loss.

[jamesmcm]

Hmm, it's hard to debug network issues - but do you have anything running that could affect the iptables / nftables rules like docker, ufw, etc.?

Also could you please add the vopono-git error here (or on the AUR page) as it'd be good to fix that too.

[hadeedsarfaraz]

I believe I have found the issue. You are deserializing 193.138.218.74 which is the legacy mullvad dns that was deprecated and now removed. The issue is the sync command is somehow pulling that dns into the wireguard files. I tried downloading the config files from mullvad and see the new dns in it.

[hadeedsarfaraz]

IP 10.8.0.1 (OpenVPN) or 10.64.0.1 (WireGuard)

• from https://mullvad.net/en/help/socks5-proxy
• https://mullvad.net/en/help/quantum-resistant-tunnels-with-wireguard

[jamesmcm]

Thanks, the DNS setting shouldn't cause packet loss pinging 8.8.8.8 though.

I'll fix that though!

[jamesmcm]

Also the issue is that address ( 10.64.0.1 ) is internal to the VPN so might be server-dependent, I don't have an active account to check right now.

[hadeedsarfaraz]

I have an active mullvad account and downloaded all the vpn config files from their site. They all decalre 10.64.0.1 in the wireguard configs.

[jamesmcm]

Thanks, and are you able to connect if you specify it in the config without having to specify --open-hosts too?

[hadeedsarfaraz]

Yes I am able to, When I run vopono -v exec --provider mullvad --server usa-ushou002.conf "sh local-quick.sh " --firewall iptables --no-killswitch it works as expected.

[jamesmcm]

Thanks, you shouldn't need --no-killswitch though.

[yeahitsterry]

I'm also having the same issue getting this work. Using Arch and Mullvad as well.
I can launch apps, but no internet connection.