23
Probably avoid Tailscale with Mullvad (lemmy.ml)
submitted 3 days ago by bl4kers@lemmy.ml to c/piracy@lemmy.ml
8 comments fedilink hide all child comments

Order of events...

  1. Looked up IP
  2. Connected to Tailscale, set exit node through Mullvad
  3. Looked up IP again, was different
  4. Started seeding in the background while working on other stuff
  5. At one point I saw Tailscale icon flicker
  6. Later I got an angry email from my ISP with a timestamp that lined up

Been seeding for years, and this was my first leak. Was for a recent popular film (Linux ISO) that I've been seeding for a year. I contacted Tailscale support to express my concern. This is what they said...

Though we have an open feature request for this (link), I don’t believe there are current plans to add a killswitch to the client for Mullvad.

If this is something that is important to you, the quickest solution to this would be to purchase a Mullvad subscription directly from them, since their client has a number of features more geared towards tightening users online privacy – including a killswitch.

So I suggest not using Tailscale with Mullvad for such purposes. I don't think this is a priority for them. For other uses it's been fine.

I imagine this could have been avoided with a restrictive torrent client configuration, as is typically recommended online. I've tried and failed to get that working in the past. I'll try again once I change out my VPN. If you've been putting that off, learn from my mistake and look into it!

all 9 comments
sorted by: hot top controversial new old
[-] ultimate_worrier@lemmy.dbzer0.com 9 points 2 days ago

I wrote a systemd service using Nix that won’t even let me start my torrent client unless the vpn is enabled. If I disable it, torrents immediately stop.

[-] Turtle@aussie.zone 2 points 2 days ago

The way I do this is to bind the torrent client to the mullvad network interface. In qbittorrent for example, in the advanced options, I set mine to only use wg-mullvad. If the wg-mullvad iface goes down, the torrent client simply has no connection.

[-] apt_install_coffee@lemmy.ml 1 points 2 days ago* (last edited 2 days ago)

What are your route & dns settings? I don't remember if tailscale forces all DNS queries to go via it's tunnel, but I remember that the mullvad client uses DNS hijacking to make sure the device uses the wireguard tunnel.

[-] bl4kers@lemmy.ml 2 points 2 days ago

I have "Use Tailscale DNS settings" and "Use Tailscale subnets" enabled. I just took the defaults, no special setup

To be clear though I'm not asking for technical advice. Just wanted to warn others this offering isn't plug-and-play. I suppose that isn't too surprising given its lack of killswitch functionality

[-] apt_install_coffee@lemmy.ml 1 points 2 days ago

Fair enough, I also would have expected tailscale to set itself as the default route when those options are enabled.

[-] kibiz0r@midwest.social 2 points 2 days ago* (last edited 2 days ago)

You should have a “fake” network interface for your VPN connection. Your client should allow you to declare that it can only use a specific network interface (probably by binding to its specific IP instead of 0.0.0.0). So it’ll never even be aware of a world outside the VPN.

[-] moistracoon@lemmy.zip 2 points 3 days ago

I think this happened to me too. Seems like it’s me forgetting to turn on mullvad but once or twice it may have been this.

this post was submitted on 16 Dec 2025
23 points (96.0% liked)

Piracy

25061 readers
1 users here now

Welcome to /c/piracy

No netflix or streaming services landlubbers allowed, this is pirates territory.

founded 6 years ago
MODERATORS
dessalines@lemmy.ml
db0@lemmy.ml
db0@lemmy.dbzer0.com