2024.3 always connects with UDP port 443 on quantum-resistant tunnels

[pallorc]

Is it a bug?

• I know this is an issue with the app, and contacting Mullvad support is not relevant.

I have checked if others have reported this already

• I have checked the issue tracker to see if others have reported similar issues.

Current Behavior

Starting with version 2024.2 on MacOS 14.4.1, Mullvad connects using UDP port 443 after trying a random, high-number port. This is using Wireguard. Prior versions of Mullvad connect to a random port on the same computer and the same network. I've also tested this with a second MacBook, so it's not specific to the machine.

For good measure, I tried iOS as well, and that's connecting to a random UDP port as expected. Same wi-fi network, same Mullvad server.

Expected Behavior

The Mullvad app should connect to a random, high-number UDP port.

Steps to Reproduce

Attempt to connect to any Wireguard server using the Mullvad app in MacOS.

Failure Logs

No response

Operating system version

MacOS 14.4.1

Mullvad VPN app version

2024.2

Additional Information

Thank you!

[pallorc]

Update:

I rolled back to 2024.2 beta 1. The behavior returns to normal. The Mullvad app connects instantly to a random, high-number UDP port every time.

[BionicBison05]

Same on my end.

[pallorc]

This issue persists on 2024.3 beta 1. Steps to reproduce are the same as above.

It seems that something was introduced between 2024.2 beta 1 and the final 2024.2 release that causes the client to fail to connect to random, high-number UDP ports and then fall back to UDP 443 every time it connects.

I don't know if the issue is limited to MacOS. Users of Linux and Windows might want to check to see what port the client is using to connect. I have seen this issue on two separate MacOS machines.

[pallorc]

Update:

After further troubleshooting, it appears that when the quantum resistant tunnel option is set to "on", the Mullvad client uses UDP 443. When quantum resistant tunnel is set to "auto" or "off", the Mullvad client uses a random, high-number UDP port as usual. This doesn't seem like it should be the intended behaviour.

I hope this helps!

[pallorc]

Thanks for the suggestion. However, this is not an issue with 2024.2 beta 1 and prior versions. Quantum resistant tunnels connect quickly and reliably on those versions, and not the newest. That suggests it's a change in the client app.

Also, quantum resistant tunnels have always been quick to connect for me. I've used many of the lowest latency servers nearby, with sub 30ms pings to 1.1.1.1. They've never had trouble connecting before. Switching back to 2024.2 beta 1, the issue completely goes away.

I'm open to further ideas though.

[staffa]

Coming from Windows 10, 22H2, with Mullvad 2024.3, and a separate computer on 22H2 with Mullvad 2024.2, I can say that I am not experiencing this issue.

[trevyn]

I'm seeing this too on macOS. My guess is that it's timeout-related: quantum-resistant tunnels take a few seconds to connect for me, so I think it's trying to connect on a random port, the quantum-resistant tunnel takes too long to establish, so it thinks that port is blocked, and falls back to 443 per https://github.com/mullvad/mullvadvpn-app/blob/2024.2/docs/relay-selector.md#default-constraints-for-tunnel-endpoints

Setting a manual high port and quantum-resistant tunnel works fine for me.