https://wiki.archlinux.org/api.php?action=feedcontributions&user=Ultima&feedformat=atomArchWiki - User contributions [en]2024-03-29T13:23:26ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Talk:Mullvad&diff=512722Talk:Mullvad2018-03-04T21:26:57Z<p>Ultima: /* Mullvad wiki page is outdated */ Fixed signing off</p>
<hr />
<div>==Mullvad wiki page is outdated==<br />
<br />
I believe a rewrite for this page is necessary. There is very good information here, however with the AUR package being outdated and the Mullvad website being changed somewhat radically, the information is not up-to-date or easy to follow if you have not configured this kind of thing before. <br />
<br />
I would like to restructure it with the steps I took, and clean up the information that is no longer relevant. If changes are better made gradually for this, please let me know. This is something I feel very strongly needs to be maintained in an easy-to-read and follow form, and I feel comfortable enough writing a simple but in-depth guide on how to accomplish a setup with the newest method of configuring this. I would not be requesting permission to make this major edit if the information were current and packages were not missing or broken. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 10:30, 2 March 2018 (UTC)<br />
<br />
: Indeed it seems that the situation with the related packages is quite a mess at the moment, but the logical first step would be getting them up to date and sorted out ''before'' editing the wiki article. It wouldn't make much sense to use the wiki for guiding to circumvent AUR package problems that really should be handled by the package maintainers, so I recommend directly contacting them about the issues. If the packages get fixed, is there still something needed to be changed or added in the wiki article? As a daily Mullvad user I'd really like to participate more on getting all this solved for the other users, but unfortunately I don't have enough time on my hands right now. [[User:Nd43|Nd43]] ([[User talk:Nd43|talk]]) 11:47, 2 March 2018 (UTC)<br />
<br />
:: The biggest issue with the current wiki does not actually have to do with the AUR. A simple replacement of the AUR package name would suffice in that area, however the instructions for setting it up are a little bit different now than they were then. You're required to download the zip file from Mullvad still, move certain files to /etc/openvpn/client, edit one of those files as shown in the github that the AUR sources the new package from, set up a different service through systemd (as reflected by the name of the new AUR package for the script to keep the resolv-conf updated) and provide other files from the zip in the /etc/openvpn/client directory. We could easily keep the wiki page under the same structure, but write the instructions to reflect the new method of configuring Mullvad via OpenVPN on boot. I apologize if any of this seems to be clustered together information or I am taking the wrong approach, this is my first time attempting to contribute to a wiki, however I hope I am doing a decent job at this. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 22:44, 2 March 2018 (UTC)<br />
::: I have created an example of what kind of things need to be changed in my own user page, https://wiki.archlinux.org/index.php/User:Ultima#Configuring_OpenVPN [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 21:26, 4 March 2018 (UTC)</div>Ultimahttps://wiki.archlinux.org/index.php?title=Talk:Mullvad&diff=512721Talk:Mullvad2018-03-04T21:26:40Z<p>Ultima: /* Mullvad wiki page is outdated */ Replied with a link to my user page, to demonstrate what changes need to be made to wiki page.</p>
<hr />
<div>==Mullvad wiki page is outdated==<br />
<br />
I believe a rewrite for this page is necessary. There is very good information here, however with the AUR package being outdated and the Mullvad website being changed somewhat radically, the information is not up-to-date or easy to follow if you have not configured this kind of thing before. <br />
<br />
I would like to restructure it with the steps I took, and clean up the information that is no longer relevant. If changes are better made gradually for this, please let me know. This is something I feel very strongly needs to be maintained in an easy-to-read and follow form, and I feel comfortable enough writing a simple but in-depth guide on how to accomplish a setup with the newest method of configuring this. I would not be requesting permission to make this major edit if the information were current and packages were not missing or broken. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 10:30, 2 March 2018 (UTC)<br />
<br />
: Indeed it seems that the situation with the related packages is quite a mess at the moment, but the logical first step would be getting them up to date and sorted out ''before'' editing the wiki article. It wouldn't make much sense to use the wiki for guiding to circumvent AUR package problems that really should be handled by the package maintainers, so I recommend directly contacting them about the issues. If the packages get fixed, is there still something needed to be changed or added in the wiki article? As a daily Mullvad user I'd really like to participate more on getting all this solved for the other users, but unfortunately I don't have enough time on my hands right now. [[User:Nd43|Nd43]] ([[User talk:Nd43|talk]]) 11:47, 2 March 2018 (UTC)<br />
<br />
:: The biggest issue with the current wiki does not actually have to do with the AUR. A simple replacement of the AUR package name would suffice in that area, however the instructions for setting it up are a little bit different now than they were then. You're required to download the zip file from Mullvad still, move certain files to /etc/openvpn/client, edit one of those files as shown in the github that the AUR sources the new package from, set up a different service through systemd (as reflected by the name of the new AUR package for the script to keep the resolv-conf updated) and provide other files from the zip in the /etc/openvpn/client directory. We could easily keep the wiki page under the same structure, but write the instructions to reflect the new method of configuring Mullvad via OpenVPN on boot. I apologize if any of this seems to be clustered together information or I am taking the wrong approach, this is my first time attempting to contribute to a wiki, however I hope I am doing a decent job at this. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 22:44, 2 March 2018 (UTC)<br />
::: I have created an example of what kind of things need to be changed in my own user page, https://wiki.archlinux.org/index.php/User:Ultima#Configuring_OpenVPN</div>Ultimahttps://wiki.archlinux.org/index.php?title=User:Ultima&diff=512720User:Ultima2018-03-04T21:23:55Z<p>Ultima: /* Configuring OpenVPN */ Modifications of my own page to correct code elements.</p>
<hr />
<div>:Example of Mullvad changes required<br />
[[ja:Mullvad]]<br />
[https://mullvad.net/en/ Mullvad] is a VPN service based in Sweden which operates on [[OpenVPN]] servers. They provide their own [https://mullvad.net/download/ GUI client] available in the [[Arch User Repository]] as {{AUR|mullvad}}, but it can also be used with a configuration file for OpenVPN as explained in this article.<br />
<br />
== Configuring OpenVPN ==<br />
<br />
First make sure the packages {{Pkg|openvpn}} and {{Pkg|openresolv}} are installed, then proceed to download Mullvad's OpenVPN configuration file package from [https://www.mullvad.net/download/config/ their website] (under the "other platforms" tab) and unzip the downloaded files to {{ic|/etc/openvpn/client/}}. The files that need to be moved are mullvad.conf mullvad_ca.crt mullvad_crl.pem and mullvad_userpass.txt.<br />
<br />
Remember to change your mullvad.conf file to a shorter name for use with systemd later.<br />
<br />
# mv /etc/openvpn/client/mullvad_us.conf /etc/openvpn/client/mullvad.conf<br />
<br />
In order to use the nameservers supplied by Mullvad, [[OpenVPN#Update resolv-conf script|update-resolv-conf script]] is being called upon starting and stopping the connection with OpenVPN to modify [[resolv.conf]] to include the correct IP addresses. This script is also included in the Mullvad configuration zipfile, but should be moved to {{ic|/etc/openvpn/}} to match the path specified in the Mullvad configuration file:<br />
<br />
# mv /etc/openvpn/client/update-resolv-conf /etc/openvpn/<br />
<br />
The script can be kept updated with the AUR package {{aur|openvpn-update-systemd-resolved}}, which also contains a fix for DNS leaks.<br />
<br />
After configuration the VPN connection can be [[enabled|managed]] with {{ic|openvpn-client@mullvad.service}}. If the service fails to start with an error like {{ic|Cannot open TUN/TAP dev /dev/net/tun: No such device <nowiki>(errno=19)</nowiki>}}, you might need to reboot the system to enable OpenVPN creating the correct network device for the task.<br />
<br />
You will also need to enable and start systemd-resolved as a systemd service.<br />
<br />
# systemctl enable systemd-resolved.service<br />
# systemctl start systemd-resolved.service<br />
Modifications need to be made to the mullvad.conf file in /etc/openvpn/client in order to ensure that the systemd-resolved script is run before the interface closes.<br />
<br />
{{hc|/etc/openvpn/client/mullvad.conf|script-security 2<br />
setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin<br />
up /etc/openvpn/scripts/update-systemd-resolved<br />
down /etc/openvpn/scripts/update-systemd-resolved<br />
down-pre}}<br />
<br />
Modifying the /etc/nsswitch.conf file may be necessary to use systemd-resolved.<br />
<br />
# # Use /etc/resolv.conf first, then fall back to systemd-resolved<br />
# hosts: files dns resolve myhostname<br />
# # Use systemd-resolved first, then fall back to /etc/resolv.conf<br />
# hosts: files resolve dns myhostname<br />
# # Don't use /etc/resolv.conf at all<br />
# hosts: files resolve myhostname<br />
<br />
== DNS leaks ==<br />
<br />
By default, Mullvad configurations allow DNS leaks and for usual VPN use cases this is an unfavourable privacy defect. Mullvad's GUI client settings have an option called "Stop DNS leaks" to prevent this from happening by removing every DNS server IP from the system configuration and replacing them with an IP pointing out to Mullvad's own ''allegedly'' non-logging DNS server, valid during the VPN connection. This fix can also be applied with the plain OpenVPN method by configuring [[resolv.conf]] to use '''only''' the Mullvad DNS server IP specified on their [https://www.mullvad.net/guides/dns-leaks/ website].<br />
<br />
The resolv.conf update script version in {{aur|openvpn-update-systemd-resolved}} implements a different fix for the leaks by using the exclusive interface switch {{ic|-x}} when running the {{ic|resolvconf}} command, but this might cause another form of DNS leakage by making even every local network address resolve via the DNS server provided by Mullvad, as noted in the [https://github.com/masterkorp/openvpn-update-resolv-conf/issues/18 script's GitHub issue page].</div>Ultimahttps://wiki.archlinux.org/index.php?title=User:Ultima&diff=512718User:Ultima2018-03-04T21:16:07Z<p>Ultima: Created a modified version of the mullvad wiki page in order to demonstrate what kind of changes need to be made in order for the new configuration to work, to see if others will approve changes to be made on the original page directly.</p>
<hr />
<div>:Example of Mullvad changes required<br />
[[ja:Mullvad]]<br />
[https://mullvad.net/en/ Mullvad] is a VPN service based in Sweden which operates on [[OpenVPN]] servers. They provide their own [https://mullvad.net/download/ GUI client] available in the [[Arch User Repository]] as {{AUR|mullvad}}, but it can also be used with a configuration file for OpenVPN as explained in this article.<br />
<br />
== Configuring OpenVPN ==<br />
<br />
First make sure the packages {{Pkg|openvpn}} and {{Pkg|openresolv}} are installed, then proceed to download Mullvad's OpenVPN configuration file package from [https://www.mullvad.net/download/config/ their website] (under the "other platforms" tab) and unzip the downloaded files to {{ic|/etc/openvpn/client/}}. The files that need to be moved are mullvad.conf mullvad_ca.crt mullvad_crl.pem and mullvad_userpass.txt.<br />
<br />
Remember to change your mullvad.conf file to a shorter name for use with systemd later.<br />
<br />
# mv /etc/openvpn/client/mullvad_us.conf /etc/openvpn/client/mullvad.conf<br />
<br />
In order to use the nameservers supplied by Mullvad, [[OpenVPN#Update resolv-conf script|update-resolv-conf script]] is being called upon starting and stopping the connection with OpenVPN to modify [[resolv.conf]] to include the correct IP addresses. This script is also included in the Mullvad configuration zipfile, but should be moved to {{ic|/etc/openvpn/}} to match the path specified in the Mullvad configuration file:<br />
<br />
# mv /etc/openvpn/client/update-resolv-conf /etc/openvpn/<br />
<br />
The script can be kept updated with the AUR package {{aur|openvpn-update-systemd-resolved}}, which also contains a fix for DNS leaks.<br />
<br />
After configuration the VPN connection can be [[enabled|managed]] with {{ic|openvpn-client@mullvad.service}}. If the service fails to start with an error like {{ic|Cannot open TUN/TAP dev /dev/net/tun: No such device <nowiki>(errno=19)</nowiki>}}, you might need to reboot the system to enable OpenVPN creating the correct network device for the task.<br />
<br />
You will also need to enable and start systemd-resolved as a systemd service.<br />
<br />
# systemctl enable systemd-resolved.service<br />
# systemctl start systemd-resolved.service<br />
<br />
Modifications need to be made to the mullvad.conf file in /etc/openvpn/client in order to ensure that the systemd-resolved script is run before the interface closes.<br />
<br />
# script-security 2<br />
# setenv PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin<br />
# up /etc/openvpn/scripts/update-systemd-resolved<br />
# down /etc/openvpn/scripts/update-systemd-resolved<br />
# down-pre<br />
<br />
Modifying the /etc/nsswitch.conf file may be necessary to use systemd-resolved.<br />
<br />
# # Use /etc/resolv.conf first, then fall back to systemd-resolved<br />
# hosts: files dns resolve myhostname<br />
# # Use systemd-resolved first, then fall back to /etc/resolv.conf<br />
# hosts: files resolve dns myhostname<br />
# # Don't use /etc/resolv.conf at all<br />
# hosts: files resolve myhostname<br />
<br />
== DNS leaks ==<br />
<br />
By default, Mullvad configurations allow DNS leaks and for usual VPN use cases this is an unfavourable privacy defect. Mullvad's GUI client settings have an option called "Stop DNS leaks" to prevent this from happening by removing every DNS server IP from the system configuration and replacing them with an IP pointing out to Mullvad's own ''allegedly'' non-logging DNS server, valid during the VPN connection. This fix can also be applied with the plain OpenVPN method by configuring [[resolv.conf]] to use '''only''' the Mullvad DNS server IP specified on their [https://www.mullvad.net/guides/dns-leaks/ website].<br />
<br />
The resolv.conf update script version in {{aur|openvpn-update-systemd-resolved}} implements a different fix for the leaks by using the exclusive interface switch {{ic|-x}} when running the {{ic|resolvconf}} command, but this might cause another form of DNS leakage by making even every local network address resolve via the DNS server provided by Mullvad, as noted in the [https://github.com/masterkorp/openvpn-update-resolv-conf/issues/18 script's GitHub issue page].</div>Ultimahttps://wiki.archlinux.org/index.php?title=Talk:Mullvad&diff=512539Talk:Mullvad2018-03-02T22:44:08Z<p>Ultima: /* Mullvad wiki page is outdated */ Continued discussion on Mullvad page being outdated</p>
<hr />
<div>==Mullvad wiki page is outdated==<br />
<br />
I believe a rewrite for this page is necessary. There is very good information here, however with the AUR package being outdated and the Mullvad website being changed somewhat radically, the information is not up-to-date or easy to follow if you have not configured this kind of thing before. <br />
<br />
I would like to restructure it with the steps I took, and clean up the information that is no longer relevant. If changes are better made gradually for this, please let me know. This is something I feel very strongly needs to be maintained in an easy-to-read and follow form, and I feel comfortable enough writing a simple but in-depth guide on how to accomplish a setup with the newest method of configuring this. I would not be requesting permission to make this major edit if the information were current and packages were not missing or broken. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 10:30, 2 March 2018 (UTC)<br />
<br />
: Indeed it seems that the situation with the related packages is quite a mess at the moment, but the logical first step would be getting them up to date and sorted out ''before'' editing the wiki article. It wouldn't make much sense to use the wiki for guiding to circumvent AUR package problems that really should be handled by the package maintainers, so I recommend directly contacting them about the issues. If the packages get fixed, is there still something needed to be changed or added in the wiki article? As a daily Mullvad user I'd really like to participate more on getting all this solved for the other users, but unfortunately I don't have enough time on my hands right now. [[User:Nd43|Nd43]] ([[User talk:Nd43|talk]]) 11:47, 2 March 2018 (UTC)<br />
<br />
:: The biggest issue with the current wiki does not actually have to do with the AUR. A simple replacement of the AUR package name would suffice in that area, however the instructions for setting it up are a little bit different now than they were then. You're required to download the zip file from Mullvad still, move certain files to /etc/openvpn/client, edit one of those files as shown in the github that the AUR sources the new package from, set up a different service through systemd (as reflected by the name of the new AUR package for the script to keep the resolv-conf updated) and provide other files from the zip in the /etc/openvpn/client directory. We could easily keep the wiki page under the same structure, but write the instructions to reflect the new method of configuring Mullvad via OpenVPN on boot. I apologize if any of this seems to be clustered together information or I am taking the wrong approach, this is my first time attempting to contribute to a wiki, however I hope I am doing a decent job at this. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 22:44, 2 March 2018 (UTC)</div>Ultimahttps://wiki.archlinux.org/index.php?title=Talk:Mullvad&diff=512470Talk:Mullvad2018-03-02T10:30:23Z<p>Ultima: tl;dr I want to rewrite the Mullvad page and fix broken links/update information based on the new setup methods.</p>
<hr />
<div>==Mullvad wiki page is outdated==<br />
<br />
I believe a rewrite for this page is necessary. There is very good information here, however with the AUR package being outdated and the Mullvad website being changed somewhat radically, the information is not up-to-date or easy to follow if you have not configured this kind of thing before. <br />
<br />
I would like to restructure it with the steps I took, and clean up the information that is no longer relevant. If changes are better made gradually for this, please let me know. This is something I feel very strongly needs to be maintained in an easy-to-read and follow form, and I feel comfortable enough writing a simple but in-depth guide on how to accomplish a setup with the newest method of configuring this. I would not be requesting permission to make this major edit if the information were current and packages were not missing or broken. [[User:Ultima|Ultima]] ([[User talk:Ultima|talk]]) 10:30, 2 March 2018 (UTC)</div>Ultima