Mullvad slows usage of apt in Ubuntu

[ricardomatias]

Issue report

Operating system: Pop_OS 20.04

App version: mullvad 2020.4

Issue description

I've tried both through the GUI and CLI and the behavior is the same. Every time mullvad is connected some processes become slower to respond. I've noticed that apt update becomes slower even before the privilege is given to update. There's a noticeable delay when mullvad is on vs off. The connection speed or latency is not the issue.

[faern]

Might be related to us just dropping outgoing packets that tries to exit on the wrong interfaces. This causes the programs that send them to have to wait for a timeout before they give up. We are actually already working on making this outgoing blocking reject instead of drop. This will likely speed up some local programs.

[ghost]

I'm still facing this issue. It has not been resolved in 2020.6 update as well.

[ricardomatias]

This issue is still open, can we please get an update?

[pinkisemils]

It's probably related to NetworkManager's slight mishap when applying DNS config to systemd-resolved. NetworkManager sets the ~. search domain for all network interfaces, which is a specific way to instruct systemd-resolved to use the specified interface for all search queries. Since our firewall blocks all DNS requests that aren't routed through our tunnel (for now), systemd-resolved might be trying to reach your local DNS resolver via your default interface before trying our DNS resolver on the tunnel, which will block things.

This should be fixed upstream eventually, but if this is a critical issue, you may set the TALPID_DNS_MODULE to static-file or resolvconf so that our daemon will manage DNS via replacing /etc/resolv.conf with our own file, and hopefully resetting it back to what it was afterwards. To set the environment variable to use a different DNS method for our daemon, you have to edit the systemd service definition, the easiest way is to edit it via systemctl edit mullvad-daemon and add the following lines:

[Service]
Environment="TALPID_DNS_MODULE=static-file"

This can be problematic, but in case you are encountering issues with your DNS after disconnecting from a tunnel, you can try restarting NetworkManager to reset /etc/resolv.conf - systemctl restart NetworkManager. And if you do end up forcing a different DNS management method, I highly advise to remove the environment variable after NetworkManager has been fixed.

We also are currently testing a release of our app that will allow custom DNS servers, so maybe that will be a way to side-step the issue by allowing the local resolver to be used if you are OK with leaking DNS to a local resolver.

[ricardomatias]

Could you elaborate on "We also are currently testing a release of our app that will allow custom DNS servers, so maybe that will be a way to side-step the issue by allowing the local resolver to be used if you are OK with leaking DNS to a local resolver." please?

I couldn't get your previous suggestion to work and since custom DNS servers are here, how can I fix this issue?

[Sprooty]

Any update on this?

[faern]

We have not heard any report about this in a very long time. I'm ready to close this unless someone still have problems with the issue and can proved some more details about their setup and config to help us reproduce it.

[Sprooty]

Certainly still appears to be an issue for me Faern. Ubuntu 22.04, with Mullvad installed proxying across the world, APT times out to many sources. Issue goes away with Mullvad disabled. Using Wireguard (without Mullvad), works fine.

I will try find some time to go back, reinstall mullvad and reproduce this.

[MarkusPettersson98]

Any luck with reproducing this issue @Sprooty ?