cross-posted from: https://lemmy.blahaj.zone/post/2728889

From the article:

Since Tailscale was founded in 2019, customers have been forced to choose between either Tailscale or Mullvad without the ability for them to co-exist.
Today we announce a partnership with Tailscale that allows you to use both in conjunction through the Tailscale app. This functionality is not available through the Mullvad VPN app. This partnership allows customers of Tailscale to make use of our WireGuard VPN servers as “exit nodes”. This means that whilst connected to Tailscale, you can access your devices across Tailscale’s mesh network, whilst still connecting outbound through Mullvad VPN WireGuard servers in any location.

Announcement also on Tailscale blog.

  • emax_gomax@lemmy.world
    link
    fedilink
    English
    arrow-up
    66
    arrow-down
    4
    ·
    1 year ago

    I have the utmost respect and appreciation for mullvad but I don’t need a vpn without port forwarding so I cancelled my sub. They are still objectively the vest vpn, this is the only sticking point.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        31
        arrow-down
        1
        ·
        edit-2
        1 year ago

        You need it for file sharing apps like BitTorrent or Soulseek, if you don’t want to be seen as a leech, and/or you want to use private trackers where you need to maintain a good ratio. :)

          • dan@upvote.au
            link
            fedilink
            English
            arrow-up
            9
            ·
            edit-2
            1 year ago

            Why would you use a seedbox if you have a home server? The home server can be the seedbox. A lot of homelabbers would have a good enough connection for it.

            Edit: Using a VPN with port forwarding, of course.

            • Mara@pawb.social
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Generally when you download files over torrent through your ISP, you end up getting love letters from rightsholders. I personally use a homelab NAS as my seedbox and for my public tracker stuff (as well as anime downloads over XDCC) I use Mullvad. I don’t seed overly much on public trackers because of it, but my ratio on private trackers is sky high because ISPs won’t send love letters for private trackers.

              • maus@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                4
                ·
                1 year ago

                Not if you properly setup your limits… and symmetrical fiber has become much more common.

        • retro@infosec.pub
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          16
          ·
          1 year ago

          Most private trackers don’t allow a shared VPN like Mullvad anyway. Some do but most don’t.

          • gaylord_fartmaster@lemmy.world
            link
            fedilink
            English
            arrow-up
            23
            ·
            1 year ago

            Most private trackers don’t allow you to browse the tracker site from a shared VPN, but I’ve never seen one that doesn’t allow your torrent client to connect over one. That would make no sense.

          • Yote.zip@pawb.social
            link
            fedilink
            English
            arrow-up
            12
            ·
            1 year ago

            I haven’t personally seen a private tracker that blocks your actual bittorrent announces to the tracker with a VPN, though I know a couple prevent you from browsing the site itself with one.

      • dan@upvote.au
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Another use case (in addition to the BitTorrent use case) is if you want to host a site but hide your IP. You can run Nginx and configure it to listen on a port the VPN service has allocated to you. Good VPN services like AirVPN let you choose ports, and those ports are always allocated to you.

        • reddithalation@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          although people hosting illegal content using port forwarding is likely one of the reasons they removed it, so its a tricky problem

          • dan@upvote.au
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 year ago

            One of the main reasons people use VPNs is for illegal content… Port forwarding doesn’t change that.

            • reddithalation@sopuli.xyz
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              1 year ago

              sure illegal content can be accessed over a vpn without port forwarding, but when someone is hosting a child porn site over a mullvad ip, that is clearly a larger problem

              • lud@lemm.ee
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Yeah, I assume the kind of people that runs a VPN doesn’t mind copyright infringement that much, but any sane person wouldn’t like to contribute to the distribution of CSAM even if they are legally not doing anything wrong.

                • akrot@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  1 year ago

                  That’s one of the main issues that criminals are more likely tonvalue privacy (for survival) than the average user that considers it a plus. And by criminal it can stretch from benign stuff like copyright infringement to being a hitman.

    • Salix@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Yeah, unfortunately because of this decision from Mullvad, they also lost me as customer and I had to move to another.

      It kinda sucks because I loved Mullvad. They had great servers, customer service, and I do like their Android & Linux program.

    • magikmw@lemm.ee
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Did they change something? I’ve been port forwarding for a couple of years now.

  • Decronym@lemmy.decronym.xyzB
    link
    fedilink
    English
    arrow-up
    27
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

    Fewer Letters More Letters
    CSAM Child Sexual Abuse Material
    DNS Domain Name Service/System
    IP Internet Protocol
    NAS Network-Attached Storage
    Plex Brand of media server package
    SSH Secure Shell for remote terminal access
    VPN Virtual Private Network
    VPS Virtual Private Server (opposed to shared hosting)

    8 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.

    [Thread #116 for this sub, first seen 7th Sep 2023, 21:05] [FAQ] [Full list] [Contact] [Source code]

  • skadden@ctrlaltelite.xyz
    link
    fedilink
    English
    arrow-up
    22
    ·
    1 year ago

    Wow this is great. I’ve been having trouble getting exit nodes working properly with these two. Sad that mullvad dropped port forwarding though so I’m not sure if I’ll stay with them.

    • Molecular0079@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      Yeah I swapped over to ProtonVPN after they dropped support for port forwarding. Shame really because I did really enjoy Mullvad’s VPN service.

      • natenten@feddit.nl
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Does the port forwarding works on Linux CLI? Last time I checked it was only through their GUI app

        • Molecular0079@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Yeah the Proton VPN gui app for Linux does not include port forwarding. I believe only their Windows app does at the moment. However, if you use their Wireguard certs and then follow their port forwarding instructions, it works quite well. Make sure you either disable IPv6 on your system or set IPv6 to link-local and add ::/0 to AllowedIPs, otherwise your IPv6 will leak since ProtonVPN does not support IPv6 at the moment.

        • skadden@ctrlaltelite.xyz
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          I’m pretty sure it’s entirely disabled. Their announcement post says it’s being removed and doesn’t call out any exceptions.

          I run my clients through a gluetun container with forwarding set up and ever since their announced end of support date (July I think?) I have had 0B uploaded for any of my trackers.

          E: realized you may be asking about proton, oops

      • skadden@ctrlaltelite.xyz
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Yeah I’ve been using it for about a year and half or so on my main devices and it’s been wonderful. I’m likely going to down the list of supported providers from the gluetun docs and decide from there. Throwing my torrents and all that behind a vpn was the catalyst for signing up so I’ll continue to look for that support first and everything else is secondary.

  • Nix@merv.news
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    Do people use Tailscale to be able to access local things on their network like Plex media servers when they’re not home? Tailscale looks interesting but I haven’t found a usecase where it would benefit me

    • liara@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      I don’t really use it for this, but here are some things I do use it for:

      • metrics scraping on servers without needing to open ports or worry about ssl encryption. Works great for federating Prometheus instances or scraping exporters
      • secure access to machines not directly exposed to the internet. I.e. ssh access to my home box while I’m traveling
      • being an exit node for web traffic while traveling. I.e. maybe you are traveling and have a bank who is giving you grief about logging in – masquerade that connection from your home IP

      I mostly just use it for metrics scraping though

    • Rockslide0482@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      Plex probably isn’t the best example, but yes, you can use Tailscale to create a sort of mesh network to access devices within private networks. Essentially any device that’s connected to tailscale can be contacted by other clients connected to tailscale. There are extra routing things you can do to use a tailscale device as a sort of “exit node”, but that’s the basic gist.

    • DigitalPortkey@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      It’s accessing literally anything you self host from home, with minimal latency and without any port forwarding on your router or exposing your services to the Internet.

      It’s primary benefit is how fast it is, how much easier it is to set up for even the most novice of users, and how ubiquitous all the clients are.

      Plus it’s free for 100 endpoints, which is far more than most individuals will need for home labs. And even that you can get around by using subnet routing.

      If you’ve ever wanted to run your own sort of Dropbox or Google docs (Syncthing/Next cloud) but didn’t want to deal with the security hassle of exposing it to the Internet, this removes that completely. No more struggling with open ports, fail2ban, or messing with reverse proxies.

    • kinttach@lemm.ee
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Not Plex, but yes. I use it with Microsoft Remote Desktop if I need to access a work-related computer that I keep at home while traveling.

      I also use it for the more typical use case of a cloud server that I can ssh into even though it exposes zero ports publicly.

    • deleted@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I use it to reach all of my services when I go out.

      I’ve audiobooks, RSS, music, and cloud.

  • nyakojiru@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    The issue with Tailscale is that in phone it uses the VPN and you are not able to a vpn or a Adblock service like Adguard. But now I believe it will be interesting to have a exit node with Mullvad vpn to block all shit on all devices inside the tailscale nerwork . Another good thing of tailscale it makes services like jellyfin, plex and syncthing easier.

    • chili1553@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      I use tailscale with next dns, it works great. I don’t use magic DNS, however, but it’s a trade off I’m okay with for the benefit of blocking at the edge

  • CumBroth@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    1 year ago

    If anyone wants to achieve something similar without using Tailscale or with alternative VPN providers, the setup outlined in this LSIO guide is pretty neat: https://www.linuxserver.io/blog/advanced-wireguard-container-routing

    Edit: Don’t be intimidated by the word “advanced”. I struggled with this a bit at first (was also adapting it to use at home instead of on a VPS that’s tunneling to home) but I got it working eventually and learned a lot in the process. Willing to assist folks who want to set it up.

    • dan@upvote.au
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      As an aside, I wish technical documents like this would stop saying “Wireguard client” and “Wireguard server”. Wireguard doesn’t have clients and servers - everyone is a peer, and whether you can route through the peer or not is just based on the routing table and nftables/iptables rules.

    • zzzz@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      You can also achieve this with any VPN by using two Docker containers:

      1. Gluetun: https://github.com/qdm12/gluetun
      2. Tailscale: https://tailscale.com/kb/1282/docker/

      Set Gluetun up to connect to your VPN (they support a huge number of providers) and then set the Tailscale container to use the Gluetun’s network. Then, use that Tailscale container as your exit node.

      You can also combine this with a self-hosted Headscale (https://github.com/juanfont/headscale) instance.

  • Lunch@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I’m glad these two great companies found their way together, love to see it!

  • Eager Eagle@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    fwiw I’ve been using cloudflare tunnels with mullvad for almost a year and never had problems accessing my stuff.

  • zjaume@lemm.ee
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    I always wanted this mesh feature in mullvad. But how this works with privacy? I mean, does the combination with a user loged service like tailscale diminish the privacy of anonymous mullvad accounts?

    • warmaster@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      I think it’s diminished, yes. Regardless of whatever PR spin they might pull, I don’t think there’s any way around it.

  • nieceandtows@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    1 year ago

    Could somebody help me out? I setup Tailscale on my media server box, trying to use it alongside Windscribe has basically bricked ssh on the box. With this news, am I to understand that Tailscale will not work with any vpn other than mullvad?

    • PriorProject@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      1
      ·
      1 year ago

      I don’t know what’s up on your case, but I would not jump to the conclusion that it’s impossible to use tailscale with any other VPN in any circumstance.

      Rather, tailscale and Mullvad will now work easily and out of the box. For other VPNs, you may need to do understand the topology and routing of virtual devices and have the technical ability and system permissions to make deep networking changes.

      So I’d expect one can probably find a way for most things to coexist on a Linux server. On a non-rootrr android phone? I’m less confident.

    • mea_rah@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      In Tailscale you can set up an exit node which lets you access the entire internet via its internet connection.

      You could set up an exit node that would let you access the internet via some (anonymizing) VPN providers like Mullvad or any other.

      This sounds like Tailscale is simply setting up this exit node for Mullvad on their side and providing it as a service. So it’s not like using another VPN anonymizers is impossible, it’s just convenient to use Mullvad.

    • BastingChemina@slrpnk.net
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      I just it with protonVPN on Linux with no issue.

      I don’t know about exit node on Tailscale because I don’t use it but the rest is working absolutely fine.