[VPN] Mullvad VPN

dginovker · June 12, 2022, 4:08pm

Project information: Mullvad is an open source VPN solution with a native Linux .deb and .rpm client

Name: Mullvad VPN
Homepage: Mullvad VPN - Privacy is a universal right
License: GPL v3
Upstream has been contacted: Yes

There is an open Github Issue on their repository from 2018 with tonnes of support, but despite this, the Mullvad team is small and doesn’t have the bandwidth to focus on it. I’m posting here, hoping someone who enjoys packaging can take a look at this and get the VPN up and running on Flatpak

PS if anyone wants to give this a crack, DM me for a free Mullvad key

Edit: Someone seems to have gone through my post history and flagged all my threads/comments - The system is telling me to edit my comment to make it reappear, so that’s what this is

1player · June 13, 2022, 9:57am

This is still flagged for some reason, possibly because you’ve offered a “financial contribution” as reward and someone might’ve thought it was spam.

In any case, this is a legitimate request and I’d like to have the application packaged as Flatpak as well, it’s not working correctly on Silverblue due to a weird directory layout and SELinux issues.

If I have some spare time I might give it a try, but no promise yet.

dginovker · June 13, 2022, 5:35pm

Honestly all my posts are flagged, so I don’t think it has to do with anything in this post in particular

1player · June 13, 2022, 5:49pm

Maybe try contacting a moderator and see if they can help?

Erick555 · June 14, 2022, 3:23pm

I think vpn apps needs advanced control over host network stack which is something flatpaks don’t have access to.

1player · June 25, 2022, 9:36am

Flatpaks can be given access to the host network stack if need be, so I think it’s feasible.

1player · June 26, 2022, 7:48am

I’ve done some exploratory research on the feasibility of wrapping Mullvad into a Flatpak and I don’t think it’s possible at this time.

The fact that it requires host network access is the least of our problems, as it should be easy to give the sandbox access to the host network namespace.

The big issue instead is that the desktop application relies on a system-level daemon that can either be configured to start at boot, or the application manages itself when you start or stop the VPN. The GUI is just a shell that talks with this daemon via RPC: mullvadvpn-app/architecture.md at master · mullvad/mullvadvpn-app · GitHub

With flatpak there is no way of running background daemons, which would break the “start VPN at boot” option, and the fact that Mullvad expects to interact with this daemon through systemctl, which isn’t available inside the sandbox, pretty much makes it impossible to be packaged as it is, without major changes upstream.

Sadly, Mullvad has said many times they do not have the bandwidth to explore alternative configurations than the standard .deb and .rpm they provide so unless someone has the patience of rearchitecturing their application and getting it approved and merged in the first place, there’s not much we can do.

Erick555 · July 3, 2022, 6:06pm

You are confusing access with control. Flatpak can have only the former. The latter needs system level daemon. You made same conclusion as mine without realizing it.