- cross-posted to:
- hackernews@lemmy.bestiver.se
- cross-posted to:
- hackernews@lemmy.bestiver.se
The IT company Mullvad’s founder Daniel Berntsson is behind a giant donation to the populist Örebro Party, which advocates “comprehensive re-immigration” from Sweden. “It’s sad that it’s needed,” he told Flamman.
~ https://www.flamman.se/techprofil-ger-miljoner-till-orebropartiet/
also thought mullvad was legit. also want to know if there’s any alternative
Proton VPN have had one of their chefs praising donald trump, but that’s the worst I have heard about them. Swiss based (they have among the most protective privacy laws out there), email servers are deep down in the mountains (I don’t know about the VON ones), no logs (for what I remember, maybe short lived ones?), made by the dudes at CERN.
So compared to others quite flawless IMO.
Only technical problem I have had is the VPN switches port from time to time and you have to rebind the network interface of your favourite torrent if you’re running a tight ship. I have found no simple way of detecting when it happens.
If you’re using qbt and gluetun https://gitlab.com/jopiermeier/gluetun-qbittorrent-port-manager
Interesting!
So it pings some entity and they send back your external port? I speed read the code (but I’m on mobile) and that’s what it looks like. Any information greatly appreciated.
Gluetun itself already knows the forwarded port via NAT-PMP, this program just gets it from gluetun and assigns it in qbt via the qbt api and if it returns a 200 response it considers it confirmed, here’s an example log:
waiting for qBittorrent WebUI…
qBittorrent WebUI is ready (authenticated).
port file did not contain an integer: /tmp/gluetun/forwarded_port
port file did not contain an integer: /tmp/gluetun/forwarded_port
gluetun provided forwarded port: 36884
syncing port 36884 to qBittorrent…
successfully updated qBittorrent to port 36884 (confirmed)
port file did not contain an integer: /tmp/gluetun/forwarded_port
port file did not contain an integer: /tmp/gluetun/forwarded_port
gluetun provided forwarded port: 39293
syncing port 39293 to qBittorrent…
successfully updated qBittorrent to port 39293 (confirmed)
Where is the Gluetun server running? I mean if you run it yourself you have to like forward all ports to it?
Thanks for the writeup!
So gluetun is for docker networks and lets you isolate traffic to/from other docker containers into a VPN, you run it and qbt inside docker containers with gluetun configured to your vpn, then qbt configured to route all its traffic through it.
Edit: I didn’t have to port forward at all on my network for this to access it locally (I run it on a separate computer), because all the “outside” traffic in qbt is going through the vpn that has a forwarded port seeders/leachers can connect (which is dynamically updated as it changes with the aforementioned qbt port manager)
For example (truncated docker compose just the part related to above): services: qbittorrent-vpn: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent-vpn depends_on: gluetun: condition: service_started restart: true restart: unless-stopped network_mode: “service:gluetun”
Then gluetun: services: gluetun: image: qmcgaw/gluetun container_name: gluetun restart: unless-stopped networks: - default cap_add: - NET_ADMIN devices: - /dev/net/tun - 8888:8888/tcp # HTTP proxy volumes: - /appdata/gluetun:/gluetun - /appdata/gluetun/tmp:/tmp/gluetun environment: TZ: $TZ VPN_SERVICE_PROVIDER: $GLUETUN_VPN_SERVICE_PROVIDER VPN_TYPE: $GLUETUN_VPN_TYPE # wireguard / openvpn WIREGUARD_PRIVATE_KEY: $GLUETUN_WIREGUARD_PRIVATE_KEY WIREGUARD_ADDRESSES: $GLUETUN_WIREGUARD_ADDRESSES VPN_PORT_FORWARDING: on VPN_PORT_FORWARDING_PROVIDER: protonvpn # or your provider VPN_PORT_FORWARDING_STATUS_FILE: /tmp/gluetun/forwarded_port # OPENVPN_USER: $GLUETUN_OPENVPN_USERNAME # OPENVPN_PASSWORD: $GLUETUN_OPENVPN_PASSWORD healthcheck: test: [“CMD”, “/gluetun-entrypoint”, “healthcheck”] interval: 5s timeout: 5s retries: 1 start_period: 10s
gluetun-qbittorrent-port-manager: image: jopiermeier/gluetun-qbittorrent-port-manager:latest network_mode: “service:gluetun” container_name: gluetun-port-manager depends_on: gluetun: condition: service_started restart: true qbittorrent-vpn: condition: service_started restart: true environment: - QBITTORRENT_USER= - QBITTORRENT_PASS= - QBITTORRENT_PORT=$QBITTORRENTVPN_PORT volumes: - /appdata/gluetun/tmp:/tmp/gluetun
I’ve semi-seriously been thinking about bootstrapping a VPN service just to have one “not an asshole” service (and that’s setting the bar low - I’m definitely an asshole, just not that kind of asshole). But I’m also a US citizen living in the US, so not the best choice for the job either.
JAVS - just another VPN service, let’s fucking go.
If you build it, they will come
I’ve been using IVPN.
I originally stopped using IVPN because of slow speeds. Has that improved?
Hey,
No.
Are you able to get through geo-restrictions on streaming services with IVPN? They have fewer servers than Mullvad it seems. Like for Singapore, they have 2, Mullvad has 5. In Japan, they have 1, while Mullvad has 9.
Number of servers is less relevant than users per server.
Mullvad is a much bigger company so I’d expect them to need more servers.
It is, when you want to evade geo-restrictions. More servers spread over different IP blocks means there’s more chances the streaming services aren’t aware of some of those IPs yet, so they aren’t blocking them yet.
I’ll preface this by saying I used to work in the industry.
The restriction evading isn’t really related to the number of servers. VPN companies for streaming block evasions buy IP addresses that aren’t data centre specific. Those ranges are well known and easily blocked. So for example when you browse you’ll generally use a “standard” IP but while connected to the same endpoint if you fire up a netflix session it’ll route that traffic out the “streaming” IP. This is also partly to try to prevent steaming companies from getting easy access to a list of those IPs
It’s quite expensive to get IPs that aren’t blocked by steaming services so that is a cheaper cost per user for larger companies. Where I was that cost was way more than the cost of any individual server per month (and some of those servers were hefty). That is one way that Mullvad would have an edge but it’s minor.
For what it’s worth I did have a call with the iVPN lads (twice I think) and found them lovely. Never interacted with Mullvad but I will never give them money after reading this. Weirdly I’m in the market for a new subscription and they would have been my go to. Their fiver a month thing is really very smart.
Edit: for geo blocks on standard browsing it would generally present to us as a support ticket. We’d raise it with engineering and they’d assign a new outgoing IP with whoever our provider was. We used M247 a lot and they were very responsive when that happened. Usually a few hours and it was sorted.
Thanks for the info, I learned something new. So if for example I run my tv through my VPN and I’m watching youtube. When I switch to the netflix app, the VPN service determines that I’m trying to hit a netflix IP, so it routes it out to an outgoing IP specifically for netflix geo-blocking evasion that is separate from what youtube was using?
Yeah that’s exactly it. That’s how we did it anyway. I guess other providers may have their own secret sauce but I have to assume it’s some variation of that. We paid for a pool of, I think, 1000 non-contiguous residential / business IPs and if any of them got blocked we just immediately rotated.
Honestly we never had much trouble with it after the initial engineering work was done. I don’t think the providers really give a shit beyond best initial effort to make the rights holders happy.
Its been a couple of years but I didn’t have much luck with IVPN and mlb.tv but that was really the only one I tried at the time.
safing