Skip to content

2023.3 Quantum-resistant tunnels + Multihop tunnel issue in Linux #4536

New issue
Jump to bottom
New issue
Jump to bottom
Closed
Closed
2023.3 Quantum-resistant tunnels + Multihop tunnel issue in Linux#4536
@cybeleroma

Description

@cybeleroma
cybeleroma
opened on Apr 8, 2023 · edited by cybeleroma

Issue report

Operating system: OpenSUSE, Debian

App version: 2023.3

Issue description

PQ multi-hop is not working in Linux. It is working properly only in Windows.

Single PQ tunnel in Linux working correctly.

Activity

rusticadam

rusticadam commented on Apr 8, 2023

@rusticadam
rusticadam
on Apr 8, 2023

I was able to reproduce the same issue in Fedora 37. Post-Quantum multi-hop tunnel is not being established. PSK error shows up in log. I am not a technical person, so could not fiddle around.

cybeleroma
changed the title 2022.3 PQ Multi-Hop tunnel issue in Linux 2023.3 PQ Multi-Hop tunnel issue in Linux on Apr 8, 2023
raksooo

raksooo commented on Apr 11, 2023

@raksooo
raksooo
on Apr 11, 2023
Member

Thanks for reporting! Could you try lowering the MTU in Settings > VPN Settings > WireGuard Settings?

cybeleroma

cybeleroma commented on Apr 11, 2023

@cybeleroma
cybeleroma
on Apr 11, 2023
Author

Hi,

Yes I have tried from the highest 1420 to lowest 1280 MTU and few other in-between random values, nothing worked. I could not go any lower than 1280 as the app does not allow to do so.

Thanks for reporting! Could you try lowering the MTU in Settings > VPN Settings > WireGuard Settings?

raksooo

raksooo commented on Apr 11, 2023

@raksooo
raksooo
on Apr 11, 2023
Member

Okay thank you! We'll investigate the issue!

dlon

dlon commented on Apr 11, 2023

@dlon
dlon
on Apr 11, 2023
Member

We're unfortunately unable to reproduce this issue. Could you please send us your logs? You can send a problem report by going to Settings > Support > Report a problem. Or just paste the relevant parts in this issue.

rusticadam

rusticadam commented on Apr 11, 2023

@rusticadam
rusticadam
on Apr 11, 2023 · edited by faern

We're unfortunately unable to reproduce this issue. Could you please send us your logs? You can send a problem report by going to Settings > Support > Report a problem. Or just paste the relevant parts in this issue.

[2023-04-11 10:23:06.327][mullvad_daemon::management_interface][DEBUG] set_quantum_resistant_tunnel(On)
[2023-04-11 10:23:06.327][mullvad_daemon::settings][DEBUG] Writing settings to /etc/mullvad-vpn/settings.json
[2023-04-11 10:23:06.338][mullvad_daemon::management_interface][DEBUG] Broadcasting new settings
[2023-04-11 10:23:09.622][mullvad_daemon::management_interface][DEBUG] update_relay_settings
[2023-04-11 10:23:09.623][mullvad_types::settings][DEBUG] Changing relay settings:
	from: Any tunnel protocol with OpenVPN through any port and WireGuard through any port over IPv4 or IPv6 in country se using any provider
	to: Any tunnel protocol with OpenVPN through any port and WireGuard through any port over IPv4 or IPv6 (via country se) in country se using any provider
[2023-04-11 10:23:09.623][mullvad_daemon::settings][DEBUG] Writing settings to /etc/mullvad-vpn/settings.json
[2023-04-11 10:23:09.635][mullvad_daemon::management_interface][DEBUG] Broadcasting new settings
[2023-04-11 10:23:09.635][mullvad_daemon][INFO] Initiating tunnel restart because the relay settings changed
[2023-04-11 10:23:16.797][mullvad_daemon::management_interface][DEBUG] update_relay_settings
[2023-04-11 10:23:16.797][mullvad_types::settings][DEBUG] Changing relay settings:
	from: Any tunnel protocol with OpenVPN through any port and WireGuard through any port over IPv4 or IPv6 (via country se) in country se using any provider
	to: WireGuard over any port over IPv4 or IPv6 (via country se) in country se using any provider
[2023-04-11 10:23:16.797][mullvad_daemon::settings][DEBUG] Writing settings to /etc/mullvad-vpn/settings.json
[2023-04-11 10:23:16.809][mullvad_daemon::management_interface][DEBUG] Broadcasting new settings
[2023-04-11 10:23:16.809][mullvad_daemon][INFO] Initiating tunnel restart because the relay settings changed
[2023-04-11 10:23:31.776][mullvad_daemon::management_interface][DEBUG] update_relay_settings
[2023-04-11 10:23:31.776][mullvad_types::settings][DEBUG] Changing relay settings:
	from: WireGuard over any port over IPv4 or IPv6 (via country se) in country se using any provider
	to: WireGuard over any port over IPv4 or IPv6 (via country se) in country nl using any provider
[2023-04-11 10:23:31.776][mullvad_daemon::settings][DEBUG] Writing settings to /etc/mullvad-vpn/settings.json
[2023-04-11 10:23:31.787][mullvad_daemon::management_interface][DEBUG] Broadcasting new settings
[2023-04-11 10:23:31.787][mullvad_daemon][INFO] Initiating tunnel restart because the relay settings changed
[2023-04-11 10:23:31.941][mullvad_daemon::management_interface][DEBUG] connect_tunnel
[2023-04-11 10:23:31.941][mullvad_daemon][DEBUG] Target state Unsecured => Secured
[2023-04-11 10:23:31.942][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-201 at [REDACTED]
[2023-04-11 10:23:31.942][mullvad_relay_selector][INFO] Selected entry relay se23-wireguard at [REDACTED] going through nl-ams-wg-201 at [REDACTED]
[2023-04-11 10:23:31.957][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4365/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:31.971][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:4365, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-201"), bridge_hostname: None, entry_hostname: Some("se23-wireguard"), obfuscator_hostname: None }) }
[2023-04-11 10:23:32.012][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:23:32.012][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4365/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:32.026][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:23:32.026][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4365/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:32.043][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange
[2023-04-11 10:23:36.044][talpid_wireguard][WARN] Timeout while negotiating PSK
[2023-04-11 10:23:36.163][talpid_core::tunnel_state_machine::connecting_state][DEBUG] WireGuard tunnel timed out
[2023-04-11 10:23:36.163][talpid_core::tunnel_state_machine::connecting_state][DEBUG] Tunnel monitor exited with block reason: None
[2023-04-11 10:23:36.163][talpid_core::tunnel_state_machine::connecting_state][DEBUG] The tunnel disconnected unexpectedly
[2023-04-11 10:23:36.163][talpid_routing::imp::imp][DEBUG] Clearing routes
[2023-04-11 10:23:36.164][mullvad_daemon][DEBUG] New tunnel state: Disconnecting(Reconnect)
[2023-04-11 10:23:36.164][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-101 at [REDACTED]
[2023-04-11 10:23:36.165][mullvad_relay_selector][INFO] Selected entry relay se23-wireguard at [REDACTED] going through nl-ams-wg-101 at [REDACTED]
[2023-04-11 10:23:36.165][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:55765/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:36.167][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:55765, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-101"), bridge_hostname: None, entry_hostname: Some("se23-wireguard"), obfuscator_hostname: None }) }
[2023-04-11 10:23:36.202][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:23:36.203][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:55765/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:36.221][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:23:36.221][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:55765/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:36.222][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange
[2023-04-11 10:23:36.383][mullvad_daemon::device][DEBUG] The current device is still valid
[2023-04-11 10:23:36.652][mullvad_daemon::device][DEBUG] Account has time left
[2023-04-11 10:23:44.223][talpid_wireguard][WARN] Timeout while negotiating PSK
[2023-04-11 10:23:44.338][talpid_core::tunnel_state_machine::connecting_state][DEBUG] WireGuard tunnel timed out
[2023-04-11 10:23:44.338][talpid_core::tunnel_state_machine::connecting_state][DEBUG] Tunnel monitor exited with block reason: None
[2023-04-11 10:23:44.338][talpid_core::tunnel_state_machine::connecting_state][DEBUG] The tunnel disconnected unexpectedly
[2023-04-11 10:23:44.338][talpid_routing::imp::imp][DEBUG] Clearing routes
[2023-04-11 10:23:44.339][mullvad_daemon][DEBUG] New tunnel state: Disconnecting(Reconnect)
[2023-04-11 10:23:44.339][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-201 at [REDACTED]
[2023-04-11 10:23:44.340][mullvad_relay_selector][INFO] Selected entry relay se21-wireguard at [REDACTED] going through nl-ams-wg-201 at [REDACTED]
[2023-04-11 10:23:44.340][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:44.356][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:53, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-201"), bridge_hostname: None, entry_hostname: Some("se21-wireguard"), obfuscator_hostname: None }) }
[2023-04-11 10:23:44.373][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:23:44.373][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:44.374][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:23:44.374][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:44.390][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange
[2023-04-11 10:23:59.392][talpid_wireguard][WARN] Timeout while negotiating PSK
[2023-04-11 10:23:59.495][talpid_core::tunnel_state_machine::connecting_state][DEBUG] WireGuard tunnel timed out
[2023-04-11 10:23:59.495][talpid_core::tunnel_state_machine::connecting_state][DEBUG] The tunnel disconnected unexpectedly
[2023-04-11 10:23:59.495][talpid_core::tunnel_state_machine::connecting_state][DEBUG] Tunnel monitor exited with block reason: None
[2023-04-11 10:23:59.496][talpid_routing::imp::imp][DEBUG] Clearing routes
[2023-04-11 10:23:59.497][mullvad_daemon][DEBUG] New tunnel state: Disconnecting(Reconnect)
[2023-04-11 10:23:59.497][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-203 at [REDACTED]
[2023-04-11 10:23:59.497][mullvad_relay_selector][INFO] Selected entry relay se4-wireguard at [REDACTED] going through nl-ams-wg-203 at [REDACTED]
[2023-04-11 10:23:59.497][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:59.500][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:53, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-203"), bridge_hostname: None, entry_hostname: Some("se4-wireguard"), obfuscator_hostname: None }) }
[2023-04-11 10:23:59.531][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:23:59.531][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:59.532][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:23:59.532][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:53/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:23:59.545][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange
[2023-04-11 10:24:14.546][talpid_wireguard][WARN] Timeout while negotiating PSK
[2023-04-11 10:24:14.667][talpid_core::tunnel_state_machine::connecting_state][DEBUG] WireGuard tunnel timed out
[2023-04-11 10:24:14.667][talpid_core::tunnel_state_machine::connecting_state][DEBUG] The tunnel disconnected unexpectedly
[2023-04-11 10:24:14.668][talpid_core::tunnel_state_machine::connecting_state][DEBUG] Tunnel monitor exited with block reason: None
[2023-04-11 10:24:14.668][talpid_routing::imp::imp][DEBUG] Clearing routes
[2023-04-11 10:24:14.668][mullvad_daemon][DEBUG] New tunnel state: Disconnecting(Reconnect)
[2023-04-11 10:24:14.669][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-003 at [REDACTED]
[2023-04-11 10:24:14.669][mullvad_relay_selector][INFO] Selected entry relay se-sto-wg-002 at [REDACTED] going through nl-ams-wg-003 at [REDACTED]
[2023-04-11 10:24:14.669][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4969/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:14.671][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:4969, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-003"), bridge_hostname: None, entry_hostname: Some("se-sto-wg-002"), obfuscator_hostname: None }) }
[2023-04-11 10:24:14.701][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:24:14.701][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4969/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:14.702][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:24:14.702][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:4969/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:14.723][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange
[2023-04-11 10:24:29.724][talpid_wireguard][WARN] Timeout while negotiating PSK
[2023-04-11 10:24:29.842][talpid_core::tunnel_state_machine::connecting_state][DEBUG] WireGuard tunnel timed out
[2023-04-11 10:24:29.842][talpid_core::tunnel_state_machine::connecting_state][DEBUG] The tunnel disconnected unexpectedly
[2023-04-11 10:24:29.842][talpid_core::tunnel_state_machine::connecting_state][DEBUG] Tunnel monitor exited with block reason: None
[2023-04-11 10:24:29.842][talpid_routing::imp::imp][DEBUG] Clearing routes
[2023-04-11 10:24:29.843][mullvad_daemon][DEBUG] New tunnel state: Disconnecting(Reconnect)
[2023-04-11 10:24:29.843][mullvad_relay_selector][INFO] Selected relay nl-ams-wg-101 at [REDACTED]
[2023-04-11 10:24:29.843][mullvad_relay_selector][INFO] Selected entry relay se-sto-wg-011 at [REDACTED] going through nl-ams-wg-101 at [REDACTED]
[2023-04-11 10:24:29.843][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:48005/UDP, Blocking LAN, interface: none. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:29.845][mullvad_daemon][DEBUG] New tunnel state: Connecting { endpoint: TunnelEndpoint { endpoint: Endpoint { address: [REDACTED]:51820, protocol: Udp }, tunnel_type: Wireguard, quantum_resistant: true, proxy: None, obfuscation: None, entry_endpoint: Some(Endpoint { address: [REDACTED]:48005, protocol: Udp }) }, location: Some(GeoIpLocation { ipv4: None, ipv6: None, country: "Netherlands", city: Some("Amsterdam"), latitude: 52.35, longitude: 4.916667, mullvad_exit_ip: true, hostname: Some("nl-ams-wg-101"), bridge_hostname: None, entry_hostname: Some("se-sto-wg-011"), obfuscator_hostname: None }) }
[2023-04-11 10:24:29.880][talpid_wireguard][DEBUG] Using kernel WireGuard implementation
[2023-04-11 10:24:29.881][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:48005/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:29.882][talpid_routing::imp::imp][DEBUG] Adding routes: {RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }, RequiredRoute { prefix: V4(Ipv4Network { addr: [REDACTED], prefix: 32 }), node: RealNode(Node { ip: None, device: Some("wg-mullvad") }), main_table: true }}
[2023-04-11 10:24:29.882][talpid_core::firewall][INFO] Applying firewall policy: Connecting to [REDACTED]:48005/UDP over "wg-mullvad" (ip: [REDACTED], v4 gw: [REDACTED], v6 gw: None, allowed in-tunnel traffic: [REDACTED]:1337/TCP, [REDACTED]:51820/UDP), Blocking LAN. Allowing endpoint [REDACTED]:443/TCP
[2023-04-11 10:24:29.897][talpid_wireguard][DEBUG] Performing PQ-safe PSK exchange

Mullvad PQ Multi-Hop failure.log

cybeleroma

cybeleroma commented on Apr 11, 2023

@cybeleroma
cybeleroma
on Apr 11, 2023
Author

https://github.com/mullvad/mullvadvpn-app/files/11199496/Mullvad.PQ.Multi-Hop.failure.log

Yepp, similar issue.

We're unfortunately unable to reproduce this issue. Could you please send us your logs? You can send a problem report by going to Settings > Support > Report a problem. Or just paste the relevant parts in this issue.

I did send the log file through "Report a problem" on April 8, 2023 .

The errors are pretty much similar to what @rusticadam posted above.

faern
changed the title 2023.3 PQ Multi-Hop tunnel issue in Linux 2023.3 Quantum-resistant tunnels + Multihop tunnel issue in Linux on Apr 12, 2023
cybeleroma

cybeleroma commented on Apr 16, 2023

@cybeleroma
cybeleroma
on Apr 16, 2023 · edited by cybeleroma
Author

Hi, I did some further digging and troubleshooting. Below are my findings.

  1. Quantum-Resistant tunnel with Multi-Hop is working with Linux only when UDP-over-TCP is "on" or Obfuscation mode is set to "automatic".
  2. If Obfuscation is "off", then Quantum-Resistant tunnel with Multi-Hop is not working over UDP.
  3. I also have noticed that some servers were not capable of creating Quantum-Resistant tunnel, but that is not much big of an issue yet. (I will do some further digging on this).

We're unfortunately unable to reproduce this issue. Could you please send us your logs? You can send a problem report by going to Settings > Support > Report a problem. Or just paste the relevant parts in this issue.

I think you were not able to reproduce the issue because of what I have mentioned above in point 1 & 2

Anyway, I am uploading my latest log file where I have performed these troubleshooting. Please note, beginning logs are when I had Obfuscation set to Automatic or TCP mode enabled. Later deliberately I set Obfuscation to Off and as expected connection failed with PSK error.

MullVad VPN.log

I hope this helps and please find a solution as TCP connections are very slow.

But, if this an expected scenario, then update the guide and faq to inform that Quantum-Resistant tunnel with Multi-Hop will only work with TCP connection.

dlon

dlon commented on Apr 17, 2023

@dlon
dlon
on Apr 17, 2023 · edited by dlon
Member

Thank you for the troubleshooting! We have identified a cause. Unfortunately, it is a symptom of a larger issue with multihop that we don't have a short-term solution for, but we will try to mitigate this particular problem as well.

raksooo

raksooo commented on Apr 19, 2023

@raksooo
raksooo
on Apr 19, 2023
Member

I'll close this since it's now solved and merged into main, and we'll soon make a beta release with the fix.

raksooo
closed this as completedon Apr 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

      Participants

      @dlon@raksooo@rusticadam@cybeleroma

      Issue actions
        2023.3 Quantum-resistant tunnels + Multihop tunnel issue in Linux · Issue #4536 · mullvad/mullvadvpn-app