Nixpkgs: mullvad-vpn 2020.5 broken

Created on 1 Jul 2020  ·  5Comments  ·  Source: NixOS/nixpkgs

Describe the bug
Since upgrading to mullvad-vpn 2020.5 on nixos-unstable the client (mullvad-vpn) can't connect to mullvad-daemon anymore.

To Reproduce
Set services.mullvad-vpn.enable = true; and run mullvad-vpn.

Expected behavior
The mullvad client should be able to connect to the daemon.

Screenshots
image

Additional context
The mullvad-daemon.service seems to be fine. Here's the log:

● mullvad-daemon.service - Mullvad VPN daemon
     Loaded: loaded (/nix/store/49przm6pgdvk1f95h5k1mdsskk01p5s6-unit-mullvad-daemon.service/mullvad-daemon.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-07-01 11:15:34 CEST; 240ms ago
   Main PID: 9758 (mullvad-daemon)
         IP: 0B in, 0B out
      Tasks: 12 (limit: 4915)
     Memory: 7.5M
        CPU: 63ms
     CGroup: /system.slice/mullvad-daemon.service
             └─9758 /nix/store/ysfvx0k5y7n8g984dml1npprynvy5j1w-mullvad-vpn-2020.5/bin/mullvad-daemon -v --disable-stdout-timestamps

Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::relays][DEBUG] Reading relays from /nix/store/ysfvx0k5y7n8g984dml1npprynvy5j1w-mullvad-vpn-2020.5/share/mullvad/resources/relays.json
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::relays][INFO] Initialized with 661 cached relays from 2020-06-30 20:30:22.794
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::version_check][DEBUG] Loading version check cache from /var/cache/mullvad-vpn/version-info.json
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::relays][DEBUG] Starting relay list updater thread
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::version_check][WARN] Error: Unable to load cached version info
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: Caused by: Clearing version check cache due to a version mismatch
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::settings][INFO] Loading settings from /etc/mullvad-vpn/settings.json
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::account_history][INFO] Opening account history file in /etc/mullvad-vpn/account-history.json
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon::relays][DEBUG] Relay list updater thread has finished
Jul 01 11:15:34 felix-nixos mullvad-daemon[9758]: [mullvad_daemon][INFO] Management interface shut down

And the mullvad-vpn (client) log:

[2020-07-01 11:05:46.748][info] Connecting to transport with params { path: '/var/run/mullvad-vpn' }
[2020-07-01 11:05:46.748][debug] Connect socket
[2020-07-01 11:05:46.749][error] Socket error:  {
  constructor: 'Error',
  errno: 'ENOENT',
  code: 'ENOENT',
  syscall: 'connect',
  address: '/var/run/mullvad-vpn',
  stack: 'Error: connect ENOENT /var/run/mullvad-vpn\n' +
    '    at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1056:14)'
}
[2020-07-01 11:05:46.749][debug] Socket was closed due to an error:  {
  constructor: 'Error',
  errno: 'ENOENT',
  code: 'ENOENT',
  syscall: 'connect',
  address: '/var/run/mullvad-vpn',
  stack: 'Error: connect ENOENT /var/run/mullvad-vpn\n' +
    '    at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1056:14)'
}
[2020-07-01 11:05:46.749][error] Failed to connect to daemon: connect ENOENT /var/run/mullvad-vpn

Notify maintainers
@filalex77

Metadata
Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

Maintainer information:

# a list of nixpkgs attributes affected by the problem
attribute: mullvad-vpn
# a list of nixos modules affected by the problem
module: services.mullvad-vpn
bug nixos
Source
picture felschr
👍3

Most helpful comment

networking.iproute2.enable = true; fixed this particular issue for me, works with wireguard too.

In case it's any help, my full config is here: https://github.com/shazow/nixfiles/blob/fb222c4afb57503174afc14c9570ce93d15bba67/shazowic-beast.nix#L44-L47

picture shazow on 29 Aug 2020
👍2

All 5 comments

I got some more logging than provided in the systemd logs running it manually:

...
[2020-07-01 10:47:50.852][mullvad_daemon::relays][DEBUG] Relay list updater thread has finished
[2020-07-01 10:47:50.852][mullvad_daemon][INFO] Management interface shut down
[2020-07-01 10:47:51.852][mullvad_daemon][ERROR] Error: Unable to initialize daemon
Caused by: Tunnel state machine error
Caused by: Failed to initialize the route manager
Caused by: Internal route manager error
Caused by: Unable to create routing table for split tunneling
Caused by: No such file or directory (os error 2)
[2020-07-01 10:47:51.852][mullvad_daemon][DEBUG] Process exiting with code 1

The code in question seems to be here:

let file = fs::OpenOptions::new()
    .read(true)
    .open(RT_TABLES_PATH)
    .map_err(Error::ExclusionsRoutingTableSetup)?;

link

the path it's trying to write to is:

const RT_TABLES_PATH: &str = "/etc/iproute2/rt_tables";

link

The whole function initialize_exclusions_table is new in 2020.5.

/etc/iproute2 doesn't exist on my machine

06kellyjac picture 06kellyjac on 1 Jul 2020

Ok adding networking.iproute2.enable = true; copies the iproute2 config files into /etc

Mullvad adds 1 mullvad_exclusions to the end of /etc/iproute2/rt_tables

IDK if this is an ideal solution or one that fits NixOS but the mullvad daemon is working now.

06kellyjac picture 06kellyjac on 1 Jul 2020

While enabling networking.iproute2.enable = true; seems to fix the issue with OpenVPN but it's still not working for me when I try to use Wireguard.

felschr picture felschr on 15 Aug 2020 
[2020-08-15 00:50:26.473][mullvad_daemon::version][INFO] Starting mullvad-daemon - 2020.5 2020-06-25
[2020-08-15 00:50:26.473][mullvad_daemon][INFO] Logging to /var/log/mullvad-vpn
[2020-08-15 00:50:26.474][mullvad_daemon][INFO] Management interface listening on /var/run/mullvad-vpn
[2020-08-15 00:50:26.543][mullvad_daemon::relays][INFO] Initialized with 753 cached relays from 2020-08-15 00:01:31.212
[2020-08-15 00:50:26.543][mullvad_daemon::version_check][WARN] Error: Unable to load cached version info
Caused by: Clearing version check cache due to a version mismatch
[2020-08-15 00:50:26.543][mullvad_daemon::settings][INFO] Loading settings from /etc/mullvad-vpn/settings.json
[2020-08-15 00:50:26.543][mullvad_daemon::account_history][INFO] Opening account history file in /etc/mullvad-vpn/account-history.json
[2020-08-15 00:50:26.571][talpid_core::firewall][INFO] Applying firewall policy: Blocked, Allowing LAN
[2020-08-15 00:50:26.572][mullvad_daemon][INFO] Restoring cached target state
[2020-08-15 00:50:26.572][mullvad_daemon][INFO] Account already has wireguard key
RTNETLINK answers: No such file or directory
[2020-08-15 00:50:26.572][talpid_core::routing::imp::imp][WARN] Failed to delete routing policy: ip command failed
[2020-08-15 00:50:27.624][mullvad_daemon::relays][ERROR] Error: Failed to download the list of relays
Caused by: Hyper error
Caused by: error trying to connect: tcp connect error: Connection refused (os error 111)
Caused by: tcp connect error: Connection refused (os error 111)
Caused by: Connection refused (os error 111)
[2020-08-15 00:50:28.933][mullvad_daemon][WARN] Unable to fetch GeoIP location: Error: Hyper error
Caused by: error trying to connect: dns error: failed to lookup address information: Name or service not known
Caused by: dns error: failed to lookup address information: Name or service not known
Caused by: failed to lookup address information: Name or service not known
[2020-08-15 00:50:29.865][mullvad_daemon::relays][INFO] Selected relay de12-wireguard at 193.27.14.66
[2020-08-15 00:50:29.865][talpid_core::firewall][INFO] Applying firewall policy: Connecting to 193.27.14.66:42392 over UDP with gateways 10.64.0.1,fc00:bbbb:bbbb:bb01::1, Allowing LAN
[2020-08-15 00:50:29.992][mullvad_daemon::management_interface][ERROR] Unable to get account data from API: Error: Hyper error
Caused by: error trying to connect: tcp connect error: Connection refused (os error 111)
Caused by: tcp connect error: Connection refused (os error 111)
Caused by: Connection refused (os error 111)
[2020-08-15 00:50:39.016][mullvad_daemon::management_interface][ERROR] Unable to get account data from API: Error: Hyper error
Caused by: error trying to connect: tcp connect error: Connection refused (os error 111)
Caused by: tcp connect error: Connection refused (os error 111)
Caused by: Connection refused (os error 111)
[2020-08-15 00:50:44.921][talpid_core::tunnel::wireguard][WARN] Timeout while checking tunnel connection
[2020-08-15 00:50:44.923][talpid_core::tunnel_state_machine::connecting_state][WARN] Error: Tunnel has stopped unexpectedly
Caused by: Failed while listening for events from the Wireguard tunnel
Caused by: Tunnel timed out
felschr picture felschr on 15 Aug 2020

networking.iproute2.enable = true; fixed this particular issue for me, works with wireguard too.

In case it's any help, my full config is here: https://github.com/shazow/nixfiles/blob/fb222c4afb57503174afc14c9570ce93d15bba67/shazowic-beast.nix#L44-L47

shazow picture shazow on 29 Aug 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

spacekitteh picture spacekitteh  ·  3Comments
vaibhavsagar picture vaibhavsagar  ·  3Comments
ob7 picture ob7  ·  3Comments
edolstra picture edolstra  ·  3Comments
grahamc picture grahamc  ·  3Comments