Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.
No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.
Like I’m not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.
Port forwarding removed because hosting threatened to kick mullvad out. Lot of shit hosted through that. No hosting, no vpn, so needed to remove to continue operate.
Port forwarding means torrents. People using a VPN to torrent likely have much more traffic, especially those that seed (which is why they want port forwarding). Not enabling port forwarding means mullvlad can operate at a higher profit to cost ratio, and less risk.
No. https://mullvad.net/en/blog/removing-the-support-for-forwarded-ports
That’s what mullvlad say. It’s not necessarily the reason why they don’t offer port forwarding.
It was always possible for them to continue allowing port forwarding. They could use separate servers for those that want port forwarding, stopping any impact port forwarding had on those customers.
Hum… this was one of the original reasons I signed up with them. I totally missed them dropping support. I’m not mad about it because I don’t torrent much anymore, but it’s still a pretty lame excuse.
I want all my services supporting maximum fuckery at all times as a matter of general principle.
Any alternatives that you know of?
Torrenting works fine with Mullvad in my personal experience, and will pretty much up to my current ISP speed limits (which is 200Mbps download).
Can’t really guarantee you that it will be as good if you’re hosting your own seedbox over their VPN (then again if you’re doing that you should probably pay for a proper seedbox hosted elsewhere) but if you’ve downloade something and the just leave it seeding, it seems fine.
I can’t honestly say I’ve ever had much trouble with it either. No trouble receiving files at least… there wasn’t much outbound traffic, but that could just have been a lack of interest :-)
I’m happy with Mulvad’s service and now that the initial shock and indignation is wearing off I’ll probably stick with them.
Besides I read about their new traffic obfuscation and I’ve got to give that a try. We need proactive innovation like that, now more than ever.
I personally like AirVPN. Pretty good speeds depending on the server. You can port forward and have up to 5 devices connected simultaneously. Make sure you’re using the Wireguard protocol.
Only issue is that Eddie (their GUI) kinda sucks. Works okay on Linux, and probably same on Windows. The Android one just really sucks.
I personally just download the wireguard configs to use.
Thanks for the tip, I’ll check them out.
ProtonVPN has it, and Wireguard support.
Thank you. It’s good to know I have a few options.
You should be using a seedbox to torrent in this age. Let the company run their business, if they don’t want to be a part of the group that allows torrents, so be it.
If so easy to fix issue, why not make company and fix it?
There are plenty of other options in the market, including ones with port forwarding. It’s a very saturated market.
That sounds strange given that Mullvad works fine for torrenting in my personal experience and even up to quite a good speed (it can use the full 200Mbps download speed from my ISP)
Also modern NAT will do deep packet inspection on common well known protocols to automatically adjust the port of your machine listed on any “here I am” protocol messages being sent out from your side to be an actual port on the VPN Router and to have an internal association of that port in the Router with the actual port in your machine so that connections of that port can be sent to your own machine and the actual port in it that are used.
It’s only the pure listenner services (such as webservers and e-mail servers) were the port is pre-defined by convention and not a variable one sent out on any “here I am message” that require explicitly configured port-forwarding on the VPN Router side, plus because the port is fixed by convention for each type of service (such as port 25 for SMTP and port 80 for HTTP), off all the clients connected by VPN to that VPN Router at any one time, only 1 will be able to get that specific port.
You need port forwarding to connect on torrents. Your able to torrent because everyone you torrent from has port forwarding enabled. If you want to access more seeders, and more commonly leechers you need port forwarding. This is useful for people using private trackers that want to maintain a ratio.
I can download at the maximum rate my ISP supports and I can seed after downloading (probably only to those clients which my own client has connected to).
However I cannot seed in a brand new session during which I did not download that specific torrent (as I just tested).
I expect this is because, as I explained, the NAT implementation actually tracks which IP addresses your client connected to and through which VPN Router port that went so that subsequent connections from those IPs to that port get sent to the right port in your own machine, but it doesn’t support uPNP/NAT-PMP port forwarding so the bitttorrent client cannot configure on that VPN Router a static port-forwarding so that it can listen for connections from any random client.
So if I understand it correctly it totally screws self-hosted seedboxes and if you want to give back to the community you have leave it seeding immediatelly after downloading and it’s not going to be seeding anywhere as fast since its limited to peers connected to during the dowload stage.
ProtonVPN has it though, which is what I’m using now.
How does port forwarding help with videogames?
Opens up your NAT for matchmaking
I host a server, I forward the port, my friends can connect to the open port on the VPN side.
My ISP does not offer port forwarding.
Someone else pointed out Tailscale; I’ve had luck with free tier VPS+WireGuard.
I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn’t enough to keep it “active”). But I stay below the free allowance, so it doesn’t cost.
That said: as far as anonymity goes, it’s not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data…and relying on Oracle to do so. But you can get a static IP and VPS for free, so that’s something.
You can use Tailscale for this
Zerotier could also work for you
Alternative maybe i2p or tor network. Or make vpn to anon vps and host from there.