Mullvad VPN Service in Fedora Silverblue

Hello,
Just today I did a fresh Fedora Silverblue 34 install, and all went well.

Since I use Mullvad VPN, I downloaded the .rpm file from their site and layered it with rpm-ostree install <the mullvad .rpm file>. It seemed to install correctly, but upon running Mullvad VPN, I get stuck on a screen that shows “Connecting to Mullvad system service…”.

After some digging, I found out that in order for me to use Mullvad, the daemon needs to be running in the background, but the mullvad-daemon.service file for Systemd was missing. I assumed this is because the OS is immutable, so in the install it did not create the mullvad-daemon.service file as the /lib/systemd/system/ directory is immutable.

Since /etc/systemd/system/ was mutable I decided to try and write my own service file. This is the service file that I made;

[Unit]
Description=Mullvad Daemon

[Service]
Type=idle
ExecStart='/opt/Mullvad VPN/resources/mullvad-daemon'

[Install]
WantedBy=multi-user.target

When running this service with sudo systemctl start mullvad, it doesn’t give any output, but does not start as I’d expect it to. Here is the output of when I then run sudo systemctl status mullvad;

× mullvad.service - Mullvad Daemon
     Loaded: loaded (/etc/systemd/system/mullvad.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sun 2021-10-31 02:07:12 CEST; 4s ago
    Process: 12701 ExecStart=/opt/Mullvad VPN/resources/mullvad-daemon (code=exited, status=1/FAILURE)
   Main PID: 12701 (code=exited, status=1/FAILURE)
        CPU: 10ms

Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Failed to open the address cache file
Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Permission denied (os error 13)
Oct 31 02:07:12 fedora mullvad-daemon[12701]: [2021-10-31 02:07:12.667][mullvad_daemon][ERROR] Error: Unable to initialize daemon
Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Unable to create RPC client
Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Failed to load address cache
Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Failed to update the address cache file
Oct 31 02:07:12 fedora mullvad-daemon[12701]: Caused by: Permission denied (os error 13)
Oct 31 02:07:12 fedora mullvad-daemon[12701]: [2021-10-31 02:07:12.667][mullvad_daemon::management_interface][INFO] Management interface shut down
Oct 31 02:07:12 fedora systemd[1]: mullvad.service: Main process exited, code=exited, status=1/FAILURE
Oct 31 02:07:12 fedora systemd[1]: mullvad.service: Failed with result 'exit-code'.

I am not sure what to get out of this. I tried moving the service file to /run/systemd/system/ (which is also not immutable) but the results did not change.

There were other things I tried too, like setting User=root and Group=root in my service file, but that did not change anything at all. I also tried making a user service, which did not do much either, seeing as mullvad-daemon needs to be run with root.

Later, I found out that there was indeed a .service file included in /opt/Mullvad VPN/resources/mullvad-daemon.service which looks like this:

# Systemd service unit file for the Mullvad VPN daemon

[Unit]
Description=Mullvad VPN daemon
Wants=network.target
After=network-online.target
After=NetworkManager.service
After=systemd-resolved.service
StartLimitBurst=5
StartLimitIntervalSec=20

[Service]
Restart=always
RestartSec=1
ExecStart=/opt/Mullvad\x20VPN/resources/mullvad-daemon -v --disable-stdout-timestamps

[Install]
WantedBy=multi-user.target

Unfortunately, even after starting this (the official mullvad-daemon service) it wont work as expected. This is the output of sudo systemctl status mullvad-daemon after a bit;

× mullvad-daemon.service - Mullvad VPN daemon
     Loaded: loaded (/etc/systemd/system/mullvad-daemon.service; disabled; vendor preset: disabled)
     Active: failed (Result: exit-code) since Sun 2021-10-31 02:29:26 CEST; 32s ago
    Process: 13298 ExecStart=/opt/Mullvad VPN/resources/mullvad-daemon -v --disable-stdout-timestamps (code=exited, status=1/FAILURE)
   Main PID: 13298 (code=exited, status=1/FAILURE)
        CPU: 7ms

Oct 31 02:29:26 fedora systemd[1]: mullvad-daemon.service: Scheduled restart job, restart counter is at 5.
Oct 31 02:29:26 fedora systemd[1]: Stopped Mullvad VPN daemon.
Oct 31 02:29:26 fedora systemd[1]: mullvad-daemon.service: Start request repeated too quickly.
Oct 31 02:29:26 fedora systemd[1]: mullvad-daemon.service: Failed with result 'exit-code'.
Oct 31 02:29:26 fedora systemd[1]: Failed to start Mullvad VPN daemon.

I found a log file at /var/log/mullvad-vpn/daemon.log which contains the following;

[2021-10-31 02:29:25.563][mullvad_daemon::version][INFO] Starting mullvad-daemon - 2021.5 2021-10-25
[2021-10-31 02:29:25.563][mullvad_daemon][INFO] Logging to /var/log/mullvad-vpn
[2021-10-31 02:29:25.564][mullvad_daemon::rpc_uniqueness_check][DEBUG] Failed to locate/connect to another daemon instance, assuming there isn't one
[2021-10-31 02:29:25.564][mullvad_daemon][INFO] Management interface listening on /var/run/mullvad-vpn
[2021-10-31 02:29:25.564][mullvad_rpc::address_cache][DEBUG] Loading API addresses from "/var/cache/mullvad-vpn/api-ip-address.txt"
[2021-10-31 02:29:25.564][mullvad_rpc][ERROR] Error: Failed to load cached API addresses. Falling back on bundled list
Caused by: Failed to open the address cache file
Caused by: Permission denied (os error 13)
[2021-10-31 02:29:25.564][mullvad_rpc::address_cache][DEBUG] Loading API addresses from "/usr/lib/opt/Mullvad VPN/resources/api-ip-address.txt"
[2021-10-31 02:29:25.564][mullvad_rpc::address_cache][DEBUG] Using API address: 193.138.218.78:443
[2021-10-31 02:29:25.564][mullvad_daemon][ERROR] Error: Unable to initialize daemon
Caused by: Unable to create RPC client
Caused by: Failed to load address cache
Caused by: Failed to update the address cache file
Caused by: Permission denied (os error 13)
[2021-10-31 02:29:25.564][mullvad_daemon][DEBUG] Process exiting with code 1

It shows a few similar errors to before, which is why I thought it would be worth showing the output from my own service too.

In case anyone asks, the permissions of the /opt/Mullvad VPN/resources/mullvad-daemon file are -rwxr-xr-x. 2 root root 19671976 Jan 1 1970 mullvad-daemon as output from ls -l mullvad-daemon

And to be clear, the daemon runs properly when running it directly. From there I can just run Mullvad VPN like usual, and it would work. But I need the daemon to be started, because it wont do to keep starting the daemon manually. It also needs to be running if I wish to use the terminal client.

Either way, I am very confused about this situation and I am not really sure where to go from here. Using a VPN is a pretty big priority for me, so I don’t think I’d stay on Silverblue if I couldnt get it to work, which is unfortunate as I am really enjoying it so far… Even if it’s just been a matter of hours :]. I have already tried many other minor solutions besides these, but none seemed to have worked. Can anyone help me out, or maybe point me in the right direction? Maybe anyone has previous experience with running VPNs on Silverblue? Any help is appreciated.

Much thanks :]

Hi,

Could be related to selinux, looks like a similar issue has been discussed on Mullvad’s github:

Thanks Tom.

1 Like

Hi there, thanks a lot for linking me this :]

Somebody had posted a solution there, it was indeed related to SELinux.
And after following the solution, everything works as intended and the
daemon is running as expected.

Cheers!

1 Like