- cross-posted to:
- selfhost@lemmy.ml
- privacy@lemmy.ml
- cross-posted to:
- selfhost@lemmy.ml
- privacy@lemmy.ml
cross-posted from: https://lemmy.blahaj.zone/post/2728889
From the article:
Since Tailscale was founded in 2019, customers have been forced to choose between either Tailscale or Mullvad without the ability for them to co-exist.
Today we announce a partnership with Tailscale that allows you to use both in conjunction through the Tailscale app. This functionality is not available through the Mullvad VPN app. This partnership allows customers of Tailscale to make use of our WireGuard VPN servers as “exit nodes”. This means that whilst connected to Tailscale, you can access your devices across Tailscale’s mesh network, whilst still connecting outbound through Mullvad VPN WireGuard servers in any location.Announcement also on Tailscale blog.
I have the utmost respect and appreciation for mullvad but I don’t need a vpn without port forwarding so I cancelled my sub. They are still objectively the vest vpn, this is the only sticking point.
What does port forwarding gain you on a VPN? Sorry if the question is ignorant
You need it for file sharing apps like BitTorrent or Soulseek, if you don’t want to be seen as a leech, and/or you want to use private trackers where you need to maintain a good ratio. :)
Then you can just use a seed box on top of your downloading
Why would you use a seedbox if you have a home server? The home server can be the seedbox. A lot of homelabbers would have a good enough connection for it.
Edit: Using a VPN with port forwarding, of course.
Most private trackers don’t allow a shared VPN like Mullvad anyway. Some do but most don’t.
Most private trackers don’t allow you to browse the tracker site from a shared VPN, but I’ve never seen one that doesn’t allow your torrent client to connect over one. That would make no sense.
I haven’t personally seen a private tracker that blocks your actual bittorrent announces to the tracker with a VPN, though I know a couple prevent you from browsing the site itself with one.
From what I’ve read you need it for Bittorrent or at least the chance of failed downloads is higher without it.
Another use case (in addition to the BitTorrent use case) is if you want to host a site but hide your IP. You can run Nginx and configure it to listen on a port the VPN service has allocated to you. Good VPN services like AirVPN let you choose ports, and those ports are always allocated to you.
although people hosting illegal content using port forwarding is likely one of the reasons they removed it, so its a tricky problem
One of the main reasons people use VPNs is for illegal content… Port forwarding doesn’t change that.
sure illegal content can be accessed over a vpn without port forwarding, but when someone is hosting a child porn site over a mullvad ip, that is clearly a larger problem
Yeah, I assume the kind of people that runs a VPN doesn’t mind copyright infringement that much, but any sane person wouldn’t like to contribute to the distribution of CSAM even if they are legally not doing anything wrong.
Did they change something? I’ve been port forwarding for a couple of years now.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters CSAM Child Sexual Abuse Material DNS Domain Name Service/System IP Internet Protocol NAS Network-Attached Storage Plex Brand of media server package SSH Secure Shell for remote terminal access VPN Virtual Private Network VPS Virtual Private Server (opposed to shared hosting)
8 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #116 for this sub, first seen 7th Sep 2023, 21:05] [FAQ] [Full list] [Contact] [Source code]
Good bot
Well that’s awesome news.
Wow this is great. I’ve been having trouble getting exit nodes working properly with these two. Sad that mullvad dropped port forwarding though so I’m not sure if I’ll stay with them.
Yeah, sorry, still turning elsewhere since port forwarding a no go.
Do people use Tailscale to be able to access local things on their network like Plex media servers when they’re not home? Tailscale looks interesting but I haven’t found a usecase where it would benefit me
Not Plex, but yes. I use it with Microsoft Remote Desktop if I need to access a work-related computer that I keep at home while traveling.
I also use it for the more typical use case of a cloud server that I can ssh into even though it exposes zero ports publicly.
I don’t really use it for this, but here are some things I do use it for:
- metrics scraping on servers without needing to open ports or worry about ssl encryption. Works great for federating Prometheus instances or scraping exporters
- secure access to machines not directly exposed to the internet. I.e. ssh access to my home box while I’m traveling
- being an exit node for web traffic while traveling. I.e. maybe you are traveling and have a bank who is giving you grief about logging in – masquerade that connection from your home IP
I mostly just use it for metrics scraping though
Plex probably isn’t the best example, but yes, you can use Tailscale to create a sort of mesh network to access devices within private networks. Essentially any device that’s connected to tailscale can be contacted by other clients connected to tailscale. There are extra routing things you can do to use a tailscale device as a sort of “exit node”, but that’s the basic gist.
If anyone wants to achieve something similar without using Tailscale or with alternative VPN providers, the setup outlined in this LSIO guide is pretty neat: https://www.linuxserver.io/blog/advanced-wireguard-container-routing
Edit: Don’t be intimidated by the word “advanced”. I struggled with this a bit at first (was also adapting it to use at home instead of on a VPS that’s tunneling to home) but I got it working eventually and learned a lot in the process. Willing to assist folks who want to set it up.
As an aside, I wish technical documents like this would stop saying “Wireguard client” and “Wireguard server”. Wireguard doesn’t have clients and servers - everyone is a peer, and whether you can route through the peer or not is just based on the routing table and nftables/iptables rules.
You can also achieve this with any VPN by using two Docker containers:
- Gluetun: https://github.com/qdm12/gluetun
- Tailscale: https://tailscale.com/kb/1282/docker/
Set Gluetun up to connect to your VPN (they support a huge number of providers) and then set the Tailscale container to use the Gluetun’s network. Then, use that Tailscale container as your exit node.
You can also combine this with a self-hosted Headscale (https://github.com/juanfont/headscale) instance.
Could somebody help me out? I setup Tailscale on my media server box, trying to use it alongside Windscribe has basically bricked ssh on the box. With this news, am I to understand that Tailscale will not work with any vpn other than mullvad?
In Tailscale you can set up an exit node which lets you access the entire internet via its internet connection.
You could set up an exit node that would let you access the internet via some (anonymizing) VPN providers like Mullvad or any other.
This sounds like Tailscale is simply setting up this exit node for Mullvad on their side and providing it as a service. So it’s not like using another VPN anonymizers is impossible, it’s just convenient to use Mullvad.
Well hot damn this is pretty awesome
I’m glad these two great companies found their way together, love to see it!