Probably avoid Tailscale with Mullvad
from bl4kers@lemmy.ml to piracy@lemmy.ml on 16 Dec 11:19
https://lemmy.ml/post/40398329

Order of events…

  1. Looked up IP
  2. Connected to Tailscale, set exit node through Mullvad
  3. Looked up IP again, was different
  4. Started seeding in the background while working on other stuff
  5. At one point I saw Tailscale icon flicker
  6. Later I got an angry email from my ISP with a timestamp that lined up

Been seeding for years, and this was my first leak. Was for a recent popular film (Linux ISO) that I’ve been seeding for a year. I contacted Tailscale support to express my concern. This is what they said…

Though we have an open feature request for this (link), I don’t believe there are current plans to add a killswitch to the client for Mullvad.

If this is something that is important to you, the quickest solution to this would be to purchase a Mullvad subscription directly from them, since their client has a number of features more geared towards tightening users online privacy – including a killswitch.

So I suggest not using Tailscale with Mullvad for such purposes. I don’t think this is a priority for them. For other uses it’s been fine.

I imagine this could have been avoided with a restrictive torrent client configuration, as is typically recommended online. I’ve tried and failed to get that working in the past. I’ll try again once I change out my VPN. If you’ve been putting that off, learn from my mistake and look into it!

#piracy

threaded - newest

moistracoon@lemmy.zip on 16 Dec 15:13 next collapse

I think this happened to me too. Seems like it’s me forgetting to turn on mullvad but once or twice it may have been this.

[deleted] on 16 Dec 15:55 next collapse

.

kibiz0r@midwest.social on 16 Dec 17:40 next collapse

You should have a “fake” network interface for your VPN connection. Your client should allow you to declare that it can only use a specific network interface (probably by binding to its specific IP instead of 0.0.0.0). So it’ll never even be aware of a world outside the VPN.

[deleted] on 16 Dec 17:44 next collapse

.

bl4kers@lemmy.ml on 17 Dec 05:35 collapse

To clarify, you can purchase Mullvad access from Tailscale directly. They built an integration together. More details here: tailscale.com/mullvad

I’m not privy enough to know where in the chain the issue occurred. But Tailscale’s response seems to indicate they aren’t too concerned about temporary disconnections

apt_install_coffee@lemmy.ml on 17 Dec 02:35 collapse

What are your route & dns settings? I don’t remember if tailscale forces all DNS queries to go via it’s tunnel, but I know that the mullvad client uses DNS hijacking to make sure the device uses the wireguard tunnel.

bl4kers@lemmy.ml on 17 Dec 05:43 collapse

I have “Use Tailscale DNS settings” and “Use Tailscale subnets” enabled. I just took the defaults, no special setup

To be clear though I’m not asking for technical advice. Just wanted to warn others this offering isn’t plug-and-play. I suppose that isn’t too surprising given its lack of killswitch functionality

apt_install_coffee@lemmy.ml on 17 Dec 10:31 collapse

Fair enough, I also would have expected tailscale to set itself as the default route when those options are enabled.