Comment by 0x_rs
3 years ago
Port forwarding is a big deal. Mullvad is very well respected, and so is their advocacy of privacy, but once the setup ports expire I'll be forced to pick another provider, not as safe and certainly not as cheap either—I think many others are on the same boat too. Up until now if you needed a VPN with this feature there weren't any better alternatives. Another day cursing at networking, I guess.
Presumably whichever provider you pick will be experiencing the same abuse problems and will eventually discontinue offering this feature as well.
You should probably rethink how you expose your service. If your service is a web service, maybe consider running it as a Tor hidden service, and pointing your non-Tor-using users to a Tor web gateway?
Yes, again the extreme abusers of a service ruin it for the rest.
windscribe is a no-log VPN that still provides port forwarding features, if you're looking for an alternative
(full disclosure this is my place of work)
A no-log vpn that refuses to publish their no-log audit and got caught lying about encrypting traffic after a seizure of servers in Ukraine.
Yes, I will trust you with my traffic and money /s
How do you guys deal with abuse? Just wondering because it seems like it has been a massive headache for mullvad so I wonder if they are targeted by abusers more than other services.
I think it’s more of a headache for Mullvad because they allow truly anonymous VPN
does it accept cash in an envelope?
No, but I do.
You reckon you'll be seeing the abuse Mullvad used to see on their service on yours instead now?
What's the usecase that makes it so important for you out of interest?
Not OP, but it's the only way I can host a webserver off my home connection, as my ISP blocks ports upstream.
After this was announced, I discussed using tailscale with my friends who use the server; some are technical enough to be able to install the client, others have devices that tailscale can't be installed on, so a tailscale subnet router would have to be set up for those devices. If it's what I have to do, I'll do it, but it's so much simpler just being able to have a publicly addressable IP with an open port.
Couldn't you use a dynamic DNS service and port forwarding on your home router?
Or I guess you're using the VPN to provide the encryption? If so, you could use SSL with let's encrypt.
Or is it access control? I guess maybe it's this one as i don't have a ready answer for you.
4 replies →
Assuming torrenting and seeding.
Tailscale has a beta feature called "funnel". As of now, it only supports 80 and 443, and does not support custom domains - though you could presumably add your own cname.
Tailscalar here: your own CNAME won't work because of how the routing logic in funnel works. When tailscaled sets up a funnel with the control plane, it uses the derived DNS name from your tailnet (eg: pneuma.shark-harmonic.ts.net for the machine pneuma on the tailnet shark-harmonic.ts.net). As far as I understand there's no issue currently tracking this work.
Tailscale Funnel does allow you to use any TLS-wrapped protocol (IE: one where the client does TLS and the server can optionally listen over plain TCP), but I'm not sure it would really meet the same goal as port forwarding in Mullvad does (for one you could use any non-TLS or UDP protocol with Mullvad port forwards, IE: Minecraft server hosting, Minecraft doesn't use TLS afaik). It's great for HTTPS though. I'm not sure how the bandwidth limits would add up over time for something more interactive like Minecraft.
Either way, Funnel does do some things well, but it's not a generic replacement for Mullvad port forwards.
aww, I really hope CNAME/generic host support comes one day. Thanks for making an awesome product!
2 replies →
Funnel has come in handy for me a number of times. Though I now wonder if the abuse experienced by Mullvad will be realized by Tailscale as well. Perhaps compounded by an exodus of Mullvad (ab)users seeking alternatives.
This feature alone is what kept me using IPredator for years.
You can try Cloudflare for that. They support tunnel to let you initiate connection to their cloud. It should not require any port forwarding to make it work.