WireGuard multihop available in the Mullvad app

Shameless plug, for my undergraduate senior thesis in 2014 I coauthored a paper related to this called “A TorPath to TorCoin” [0]. The main premise was proof-of-bandwidth cryptocurrency, but its resistance to Sybil attacks was partially dependent on assignment of publicly verifiable but privately addressable circuits. So the “TorPath” part was about circuit assignment, and in retrospect perhaps more interesting than the cryptocurrency aspect of it. The tl;dr is a Neff shuffle with a matrix of relays and assignment servers.

We never developed it further beyond the initial research (it was senior spring, not a lot getting done, I even forgot to buy Bitcoin). I remained (and remain) interested in decentralized VPN networks, and played around with implementing something around it, but ultimately I didn’t have the experience to build what I wanted.

Personally, I like what Orchid, Tailscale and ZeroTier are doing. I also like Fly.io and Cloudflare Workers and generally any product that iterates toward a Network Function Virtualization (NFV) platform. The root obstacle is incumbent compute-based clouds oversubscribing compute by gouging on bandwidth. This makes the cloud environment inhospitable for any cost-effective, transit-intensive business like a CDN/VPN, increasing the barrier to entry by requiring self-hosting a distributed network.

[0] https://dedis.cs.yale.edu/dissent/papers/hotpets14-torpath.p...

Splitting hairs no? I mean you're comparing multi-hop with onion routing.

I'm just speaking as a layman end user. When I see multi-hop it's self-explanatory, it's literally in the name.

Onion routing is another type of multi-hop with the onion routing algorithm.

For what its worth I have used the open source Tinc VPN [1] for mesh multihop routing for ages. It is nowhere near as fast as Wireguard but I could envision Tinc incorporating support for Wireguard if the author were so inclined. Like you mentioned Tinc does not mesh directly with other VPN's AFAIK. I've had to use route statements to join it with Strongswan and other VPN networks.

[1] - https://tinc-vpn.org/

I think what people want in this case, is quick access to a different exit IP to appear on the internet with.

I've found their apps to be (subjectively) higher quality than most OpenVPN clients on platforms I care about (macOS, iOS, Windows). It's nice to have a consistent UI, and not have to think or care about specific profiles — it's easy for me to jump between servers much more easily (I typically connect relatively locally, but occasionally find that certain out IP addresses have been blacklisted from specific sites; it's trivial to "refresh" the connection to hop over to a different server and not have to think about it).

And, of course, easier (for me) to set up and configure. Maybe no _huge_ incentive to switch over to it if your setup works, but might be worth trying out if you're curious.

If you don't want to switch to the Mullvad app, it's still worthwhile to switch to their wireguard profiles. Connections seem more stable and wireguard is far easier to configure.

I don't use OpenVPN but wireguard, but I do use split tunneling and my setup is a bit complex but not hard to achieve.

I wanted to have a VPN up 24/7 but certain sites apps don't really like VPNs. I basically have steam and privoxy set as my split tunneling apps. Steam because it seems their website's CDN breaks half the time and privoxy so I can access specific websites without a VPN.

For privoxy to work properly I use a browser extension called SmartProxy[1] which lets me setup a proxy and then I can quickly add/delete sites from using that proxy, I just add 127.0.0.1:8118 and I can basically have any site either use the VPN (default) or whitelist it so it goes through my home connection.

[1] https://chrome.google.com/webstore/detail/smartproxy/jogcnpl...

I've been using the app for a couple of years now and I have mostly enjoyed the experience relative to the few other VPN solutions I've tried (OpenVPN, Nord (old version), ProtonVPN).

Things I mostly like:

- The relative simplicity of the app interface (though 'advanced' settings should just be a sub-section of 'preferences')

- How quickly/easily I can get connected (download, paste in account #, click connect - or change location.

- Relatively easy split-tunneling

- Easy switch between OpenVPN and Wireguard protocols

- Easy local network sharing (preference toggle)

- Tracker and ad block options (have not tested efficacy, appears to be DNS-based)

- Internet kill switch (will not fall back to non-vpn connections if set)

Things I don't like:

- Can cause issues on boot/reboot if kill switch is enabled (Windows - disable kill switch, restart app, re-enable kill switch)

- Limited options for mobile apps (and some unexpected disconnections on android)

- No configuration of app layout or color scheme

- Somewhat annoying upgrade (not bad, just no in-place upgrade solution)

The app is great in my opinion, giving less-technical users a simple interface to toggle their VPN connection and see at a glance where their chosen server is on a map.

If you're comfortable setting up OpenVPN profiles, the Mullvad app doesn't have much to offer you as far as I can tell. I don't recall seeing split tunneling options, though that would be cool to see

Split tunneling an app to NOT GO THROUGH the tunnel is easy

Setting split tunneling to ONLY TUNNEL A SPECIFIC APP is hard

My main application is to get passed region block to keep up with news/TV in other places I've lived previously. The app makes changing your exit node very straight forward and I've not encountered any bugs, so it does what it should.

Why not use a wireguard client instead? Connection is instant (unlike openvpn which can take a few seconds to connect) and drains less battery as well. Their app uses wireguard as well, and you can use other wireguard client too.

"I'm wondering how this compares to Apple’s iCloud Private Relay."

Simple answer: Apple doesn't get your info. Mullvad is one of the non-logging VPN providers so unless you're compromised in some other way (like logging into Google, Facebook, etc) then running a make on your is far more difficult than just serving a warrant to Apple.

I believe that with iCloud Private Relay, the second hop is a different company (Cloudflare/Akamai/Fastly). Whereas multihop offered by Mullvad and other VPN companies they own both hops which would make correlation easy for them.

Then the user would just go find a second VPN provider.

I suspect that "Russian" will be the new pejorative that Big Tech is able to throw at anything they feel like banning. Want to ban a user for using a VPN because it's harder to track them? Accuse them of being "Russian linked" and bam, no further justification needed.

I use Mullvad and I constantly run into things like ASN bans etc. For example, cloudflare often bans whole ASN making many websites not accessible through Mullvad.

Seems like mullvad is being used by a lot of bad actors and they're not really doing anything about it.

I like their software and monetization but their IPs are probably the lowest quality IPs in the VPN market.

I've noticed the IPs on their relatively newer servers using "xTom" as a provider are being incorrectly identified as Russian by some IP based geolocation services... it's a bit hit or miss.

I'm guessing xTom acquired an IP block from someone in Russia a while ago and IP geolation databases are just very slow to update.

The ease with which you can pay anonymously makes me feel that its more likely a genuine privacy provider rather than a CIA run honeypot like Crypto AG.

How does it matter that your payment is anonymous when all your traffic is going through them?

+1 for Mulvad, it Just Works and they are a great service provider.

(also no affiliation, just a happy customer)

Which exit point are you using? How close is it to you? I only get about 5MBps no matter which node I use and have suspected ISP throttling, but haven't tested too much since 5MBps is enough to get by with; this might make a good way to gather more info.

How are Mullvad apps across multiple platforms? I've been with PIA for quite a while, and I got it to work they way I want it, on macOS, windows and android, and I liked even more some of their recent exit points marked "for streaming", as I watch sports online, and there is a significant improvement when using those, with some countries local free broadcasting, but performance in the rest , sometimes, is really atrocious. I am just concerned about trading performance gain for tweaks/options/stability on multiple platforms (never found OpenVPN to be better, at least when it comes to PIA apps).

That's strange. I've had the opposite experience. I was with Cyberghost and, after 3 yrs of good speeds, almost overnight it basically became so slow that it was unusable. I then tried out Surfshark and have been very happy with the speeds that I've gotten for the past year+.

Mullvad is fantastic. I get full bandwidth when torrenting 24/7 from my NAS, and I don't get blocked when I need to stream something unavailable in my country, and they have port forwarding support. They also have an Android TV client so I can watch on my couch.

All for €5 a month? Such a great company.

You probably missed

> It’s a WireGuard tunnel being sent inside another WireGuard tunnel

Edit: replaced with a better diagram (and again, now based on example in [0]):

                   ▼    ▼                    ▼    ▼
                  YOU->NL1 tunnel           SE4->NL1 tunnel           PLAIN/TLS

            YOU ────────────────────► SE4 ───────────────────► NL1 ───────────────► CATPICS.COM

    On the wire:  YOU->SE4 traffic          SE4->NL1 traffic       NL1->CATPICS.COM traffic
                 ┌────────────────┐        ┌────────────────┐            ┌──────┐
    Inside:      │YOU->NL1 traffic│        │YOU->NL1 traffic│            │ DATA │
                 └────────────────┘        └────────────────┘            └──────┘

[0] https://mullvad.net/en/help/wireguard-and-mullvad-vpn/

I see you like wireguard, so i put a wireguard connection in your wireguard connection. jokes aside, huge fan of wireguard and mullvad