Hello everyone, hope you are doing great.
I am not sure if my question goes here, but this was my best guess. Apologies if I am wrong.
So, I have been using the mesh network offered by NordVPN alongside with their VPN subscription to sync some folders between my phone (Android) and my laptop (Linux Mint). This was great because I remember not being able to use Tailscale and VPN at the same time in the past, at least not on my phone.
Now they are dropping Meshnet support in December, so I am trying to figure out if there’s any way I can still run NordVPN and a Meshnet, or if I have to discard one.
If you know of any alternative, please let me know!
I’m not familiar with NordVPN Meshnet but I wanted to chime in that you can use Tailscale with a VPN, but you’ll have to do some routing work between the Tailscale network interface and the VPN one. I do this on a VPS.
This is a decent idea. You can configure the VPS to be an exit node on the Tailnet, and configure the clients to use it as their exit node. Then you’d just need to configure some nftables rules to masquerade (source NAT) to the VPN network interface.
Having said that… At that point, why do you need the other VPN? You can just use the VPS as your exit node.
I do some pretty crazy stuff honestly because I’m really into privacy. Since I’m stuck using a VPS I usually put it in the same country that I’m currently in so that for my end devices it appears I’m just accessing some corporate VPN.
On the VPN I actually have two in-country double hop VPN tunnels. I then have two more double hop VPN tunnels that first go into some random country, then finally to Switzerland (because I love their privacy laws). Those two tunnels are set as two equal cost multipath hops for my Tailscale clients, then they get stuffed into the first set of in-country tunnels.
Iinject random delays to protect against timing attacks too, and on top of all that I run Blocky with an insane amount of blocklists and that traffic also spread between all the tunnels over DoT.
It’s a lot of overkill but I absolutely love having no ads, strong data protection and a higher level of freedom of speech.
Don’t do this as it defeats the point of Tailscale
Not really. I use the exit node to forward my “default” traffic through the VPN but I still use tunnels between my end devices too. My wife uses it to print documents from work and hell, I even shut off a lot of services on my LAN and made them Tailscale-only just as a way to force encryption (unnecessarily).
The problem is that it likely will break NAT traversal which means no direct connections.
Tailscale already has VPN integrations. I would recommend that you use that instead.
Tailscale only supports Mullvad VPN and when you do use it you’re stuck with its DNS server. It’s a super basic option and doesn’t allow for much customization.
On the exit node you should be able to setup routing so that traffic goes though a VPN route.
In the end though I honestly don’t see much of a use case for VPNs
So you’re just chiming in that people shouldn’t use it because you don’t see the use case for VPNs?