Port forwarding is a big deal. Mullvad is very well respected, and so is their advocacy of privacy, but once the setup ports expire I'll be forced to pick another provider, not as safe and certainly not as cheap either—I think many others are on the same boat too. Up until now if you needed a VPN with this feature there weren't any better alternatives. Another day cursing at networking, I guess.
I had to stop using Mullvad because so many of their IP ranges were blocked or throttled by various services, it was borderline unusable as a daily driver. Unfortunately there isn't a good way for them to protect the reputation of their IPs when they don't collect any information that could be used to identify abusive customers, by design.<p>Maybe retiring port forwarding will help, but their IP ranges aren't going to be removed from every shitlist out there overnight.
Dam, really liked these guys but this makes it about useless for torrent seeding. I wish they would have considered alternatives like only allowing port forwarding for some of their IPs. I don't care about IP reputation.
Really a shame, especially for torrent users. The other good alternatives are double the monthly price at 10$/month in the case of IVPN (if you want port forwarding that is) and ProtonVPN. Unless you want to commit for a year or two and pay all in advance, which is meh but the discount may be worth it.
Pity. I never used them, but I know the pain of not having an externally reachable IP. My Lte provider (the only one in my area with "unlimited" plans) has basically all of its tens of thousands of users on a single IP. So I've been using a vpn terminated in Aws to access for example Ip cameras and other stuff at home while I'm away. I can't wait until we finally get ubiquitous ipv6. Probably not in my lifetime(because security). I've been waiting for it for last 20 years.
Probably this was the reason for the warrant they received earlier this month [1].<p>[1] <a href="https://news.ycombinator.com/item?id=35638917" rel="nofollow">https://news.ycombinator.com/item?id=35638917</a>
> Unfortunately port forwarding also allows avenues for abuse, which in some cases can result in a far worse experience for the majority of our users.<p>Let me rephrase that.<p>> Unfortunately port forwarding also allows people to get the value for the money they pay us, which in some cases can result in our service not functioning like a gym membership, where we aren't used for much but many users continue to pay for us (sadly many services block traffic coming from us which makes a lot of simpler uses of a VPN fail as well). We'll aggressively defend against chargebacks.
Mullvad used to have a "how to" guide for torrenting on VPN. But now it 404s: <a href="https://mullvad.net/en/help/bittorrent/" rel="nofollow">https://mullvad.net/en/help/bittorrent/</a><p>According to wayback machine, they deleted the page sometime mid 2021. Here's an archived version of the page: <a href="https://web.archive.org/web/20210513051214/https://mullvad.net/en/help/bittorrent/" rel="nofollow">https://web.archive.org/web/20210513051214/https://mullvad.n...</a>
So basically, Mullvad is saying that you can use its VPN aeevice as a client to reach services but not host a service yourself (especially in a home network behind NAT or CGNAT) and have others connect to it via the VPN.<p>The most commonly used scenario for port forwarding would be torrenting, where users forward ports so that they can be “connectable” (i.e., accept incoming connections from the Internet).
This seems like a signal that it’s the beginning of the end. We all knew popularity would be their demise.<p>Hopefully a competitor will start up and attract less attention for a while until we have to do it all over again.
Horrible news but I can't blame them<p>> This has led to law enforcement contacting us, our IPs getting blacklisted, and hosting providers cancelling us.
Unfortunately was only a matter of time, this happens to every VPN provider who offers port forwarding eventually - widespread abuse by script kiddies and such to host RAT C&C servers.
Fyi there are plenty of commercial/foss solutions in this sort of "port forwarding service" space <a href="https://github.com/anderspitman/awesome-tunneling">https://github.com/anderspitman/awesome-tunneling</a>
Shame, I'd been greatly enjoying Mullvad and their stance on privacy, but port forwarding is a must for some of the services I run. Anyone have a good suggested alternative?
I'm curious: if you have a forwarded port on your vpn that anyone can send traffic to, assuming that someone can observe the encrypted traffic going out of the vpn provider, couldn't they send various traffic "shape" to the port and try to find the same pattern in the encrypted traffic to figure out who you are?
I port forward via ec2. Had to learn iptables (which apparently are now deprecated) and set up openvpn (these days I’d probably do wiregaurd). Works fine for my personal website, and paying in advance the cost is maybe $3/mo, didn’t realize it was remotely controversial.
Ohhhh too bad. It was useful for torrents.<p>That said, I never actually got incoming connections over UDP working properly anyway through these ports, even though they were supposed to be supported.<p>But I can understand the reasoning yeah.
fyi AirVPN still support port forwarding <a href="https://airvpn.org/faq/port_forwarding/" rel="nofollow">https://airvpn.org/faq/port_forwarding/</a>
I wrote something tangentially related, but for single user.<p>"gofwd" is a cross-platform TCP port forwarder with Duo 2FA and Geographic IP integration. Its use case is to help protect services when using a VPN is not possible. Before a connection is forwarded, the remote IP address is geographically checked against city, region (state), and/or country. Distance (in miles) can also be used. If this condition is satisfied, a Duo 2FA request can then be sent to a mobile device. The connection is only forwarded after Duo has verified the user.<p><a href="https://github.com/jftuga/gofwd">https://github.com/jftuga/gofwd</a>
Also, does this mean they just aren’t going to allow fully routable ipv6 because of “abuse” or whatever (one of the promises of ipv6 whenever it’s realized probably shortly before the heat death of the universe is preciously what mullvad claims to be the cause of trouble)
This is off topic but how can Mullvad be a no log vpn and still operate without impunity? What about Uber illegal stuff like csam or terrorist stuff etc?