Um.... Wtf?
-
must be firewall > socks > wireguard > vpn
-
-
-
-
-
-
-
-
That's a real bad bug if the failure condition is to bypass your system security settings.
I saw after I commented that you had already configured it to block. Didnt feel necessary to correct it..
-
-
-
-
-
I mean not using whatever app your trying to pass mullvads dns through. Trying to see if it is the OS, or the other (firewall?) app causing your issue. That way you can file a bug report to the right place. If its your not your OS and mullvad works as expected its the other app. Might not be worth using depending on what applications your trying to lock away from the internet.
On my computer I had firefox set using cloudflare dns and also had mullvad handling my dns causing leakage. Well not really but I has two ip show up in dnsleaktest. One cloudflare and the other mullvad. Is your browser the issue here, can you set dns in the browser settings?
-
-
-
I have a way to solve your problem only thing is it's going to kill your battery life.
Apps I used to have 2 "vpns"
First Insular or Shelter use one of them to create a work profile.
Apps inside of The Work Profile
Exclave
VPN APP of choice for example MullvadVPNApps outside of The Work Profile
Tracker Control
PersonalDNSfilterWhat I did is that i configured Tracker Control to send all DNS requests to the locally running DNS service that Personal DNS Filter creates as well as telling Tracker controll to not capture trafic from Personal DNS Filter. I also then configured Personal DNS Filter to use Mullvad DNS witg DoH or DoT. Then i configured Tracker control to send all traffic to a socks5 proxy (that is created by Exclave) that way the traffic from a app goes like this.
All traffic that isn't DNS
App ---> Tracker contol ---> Exclave ---> MullvadVPNDNA traffic
App ---> Tracker control ---> Personal DNS Filter ---> Mullvad DNSLook I had this for a while and I don't recommend it due to the battery drain. Remember this setup will use 2 VPN slots run 4 services. A DNS proxy, a full socks5 and A wireguard VPN at the same time as a complete work profile. Good luck tho!
-
-
yes, but actually no.
there are apps (like rethink DNS) that pack multiple functions in the app. if an app is being used to handle a VPN connection, it gets to process all your network traffic, see for each packet which app does it belong to, and can do both firewalling, split tunneling by app or type of traffic, and can also filter packets. most VPN apps just don't bother with it because its a complex task, and most users wouldn't use it anyway.
There's also AFWall+ that can configure the kernel's firewall with root permissions, without setting itself up to handle a V0N connection.
both of these apps are available on f-droid
-
And if you use GOS you can individually select which apps have any network access at all
