cross-posted from: https://lemmy.blahaj.zone/post/2728889
From the article:
Since Tailscale was founded in 2019, customers have been forced to choose between either Tailscale or Mullvad without the ability for them to co-exist.
Today we announce a partnership with Tailscale that allows you to use both in conjunction through the Tailscale app. This functionality is not available through the Mullvad VPN app. This partnership allows customers of Tailscale to make use of our WireGuard VPN servers as “exit nodes”. This means that whilst connected to Tailscale, you can access your devices across Tailscale’s mesh network, whilst still connecting outbound through Mullvad VPN WireGuard servers in any location.Announcement also on Tailscale blog.
I have the utmost respect and appreciation for mullvad but I don’t need a vpn without port forwarding so I cancelled my sub. They are still objectively the vest vpn, this is the only sticking point.
What does port forwarding gain you on a VPN? Sorry if the question is ignorant
You need it for file sharing apps like BitTorrent or Soulseek, if you don’t want to be seen as a leech, and/or you want to use private trackers where you need to maintain a good ratio. :)
Most private trackers don’t allow a shared VPN like Mullvad anyway. Some do but most don’t.
Another use case (in addition to the BitTorrent use case) is if you want to host a site but hide your IP. You can run Nginx and configure it to listen on a port the VPN service has allocated to you. Good VPN services like AirVPN let you choose ports, and those ports are always allocated to you.
although people hosting illegal content using port forwarding is likely one of the reasons they removed it, so its a tricky problem
Did they change something? I’ve been port forwarding for a couple of years now.
They removed port forwarding back in July
https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports/
I think it was something todo with CSAM hosting. It’s shit but understandable to why they removed it
https://mullvad.net/en/blog/2023/5/2/update-the-swedish-authorities-answered-our-protocol-request/
Well that’s awesome news.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters | More Letters |
---|---|
CSAM | Child Sexual Abuse Material |
DNS | Domain Name Service/System |
IP | Internet Protocol |
NAS | Network-Attached Storage |
Plex | Brand of media server package |
SSH | Secure Shell for remote terminal access |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
8 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #116 for this sub, first seen 7th Sep 2023, 21:05] [FAQ] [Full list] [Contact] [Source code]
Wow this is great. I’ve been having trouble getting exit nodes working properly with these two. Sad that mullvad dropped port forwarding though so I’m not sure if I’ll stay with them.
Yeah I swapped over to ProtonVPN after they dropped support for port forwarding. Shame really because I did really enjoy Mullvad’s VPN service.
Yeah I’ve been using it for about a year and half or so on my main devices and it’s been wonderful. I’m likely going to down the list of supported providers from the gluetun docs and decide from there. Throwing my torrents and all that behind a vpn was the catalyst for signing up so I’ll continue to look for that support first and everything else is secondary.
Does the port forwarding works on Linux CLI? Last time I checked it was only through their GUI app
Yeah the Proton VPN gui app for Linux does not include port forwarding. I believe only their Windows app does at the moment. However, if you use their Wireguard certs and then follow their port forwarding instructions, it works quite well. Make sure you either disable IPv6 on your system or set IPv6 to link-local and add ::/0
to AllowedIPs, otherwise your IPv6 will leak since ProtonVPN does not support IPv6 at the moment.
I’m pretty sure it’s entirely disabled. Their announcement post says it’s being removed and doesn’t call out any exceptions.
I run my clients through a gluetun container with forwarding set up and ever since their announced end of support date (July I think?) I have had 0B uploaded for any of my trackers.
E: realized you may be asking about proton, oops
Do people use Tailscale to be able to access local things on their network like Plex media servers when they’re not home? Tailscale looks interesting but I haven’t found a usecase where it would benefit me
I don’t really use it for this, but here are some things I do use it for:
- metrics scraping on servers without needing to open ports or worry about ssl encryption. Works great for federating Prometheus instances or scraping exporters
- secure access to machines not directly exposed to the internet. I.e. ssh access to my home box while I’m traveling
- being an exit node for web traffic while traveling. I.e. maybe you are traveling and have a bank who is giving you grief about logging in – masquerade that connection from your home IP
I mostly just use it for metrics scraping though
Plex probably isn’t the best example, but yes, you can use Tailscale to create a sort of mesh network to access devices within private networks. Essentially any device that’s connected to tailscale can be contacted by other clients connected to tailscale. There are extra routing things you can do to use a tailscale device as a sort of “exit node”, but that’s the basic gist.
It’s accessing literally anything you self host from home, with minimal latency and without any port forwarding on your router or exposing your services to the Internet.
It’s primary benefit is how fast it is, how much easier it is to set up for even the most novice of users, and how ubiquitous all the clients are.
Plus it’s free for 100 endpoints, which is far more than most individuals will need for home labs. And even that you can get around by using subnet routing.
If you’ve ever wanted to run your own sort of Dropbox or Google docs (Syncthing/Next cloud) but didn’t want to deal with the security hassle of exposing it to the Internet, this removes that completely. No more struggling with open ports, fail2ban, or messing with reverse proxies.