root@qbittorrent:/home/r # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 52:eb:f6:5b:ca:e6
hwaddr 02:cd:16:8d:f4:0b
inet 10.0.1.39 netmask 0xffffff00 broadcast 10.0.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=1<PERFORMNUD>
root@qbittorrent:/home/r # ipfw list
00001 allow ip from any to any via lo0
00010 allow ip from any to any via wg0
00101 allow ip from me to 10.0.0.0/16 uid qbittorrent
65535 allow ip from any to any
root@qbittorrent:/home/r # netstat -rn
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 10.0.1.39.22 10.0.1.31.58020 ESTABLISHED
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp46 0 0 *.8080 *.* LISTEN
tcp6 0 0 fe80::1%lo0.17689 *.* LISTEN
tcp6 0 0 ::1.17689 *.* LISTEN
tcp4 0 0 172.20.201.134.17689 *.* LISTEN
tcp4 0 0 10.0.1.39.17689 *.* LISTEN
tcp4 0 0 127.0.0.1.17689 *.* LISTEN
udp4 0 0 10.0.1.39.29877 *.*
udp6 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp6 0 0 fe80::1%lo0.17689 *.*
udp6 0 0 ::1.17689 *.*
udp4 0 0 172.20.201.134.17689 *.*
udp4 0 0 10.0.1.39.17689 *.*
udp4 0 0 127.0.0.1.17689 *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
fffff8012af79100 stream 0 0 0 fffff8004509d100 0 0
fffff8004509d100 stream 0 0 0 fffff8012af79100 0 0
fffff8003e37ed00 stream 0 0 0 0 0 0
fffff8004576d600 stream 0 0 fffff804cd943d58 0 0 0 /var/db/qbittorrent/conf/qBittorrent/config/.ntDcmQ/s
fffff800450a3000 stream 0 0 0 fffff8014eb05d00 0 0
fffff8014eb05d00 stream 0 0 0 fffff800450a3000 0 0
fffff8004576f500 dgram 0 0 0 fffff8003ef8fb00 0 fffff8012a8a6900
fffff8012a8a6900 dgram 0 0 0 fffff8003ef8fb00 0 fffff8012a8a7900
fffff8012a8a7900 dgram 0 0 0 fffff8003ef8fb00 0 fffff800450c5200
fffff800450c5200 dgram 0 0 0 fffff8003ef8fb00 0 0
fffff8003ef8fb00 dgram 0 0 fffff8041440b3d0 0 fffff8004576f500 0 /var/run/logpriv
fffff80045094c00 dgram 0 0 fffff806d0f4c988 0 0 0 /var/run/log
root@qbittorrent:/home/r # ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=0<> metric 0 mtu 33160
groups: pflog
epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 52:eb:f6:5b:ca:e6
hwaddr 02:cd:16:8d:f4:0b
inet 10.0.1.39 netmask 0xffffff00 broadcast 10.0.1.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=1<PERFORMNUD>
wg0: flags=80c1<UP,RUNNING,NOARP,MULTICAST> metric 0 mtu 1420
options=80000<LINKSTATE>
inet 172.20.201.134 netmask 0xffffffff
groups: wg
nd6 options=109<PERFORMNUD,IFDISABLED,NO_DAD>
root@qbittorrent:/home/r # ipfw list
00001 allow ip from any to any via lo0
00010 allow ip from any to any via wg0
00101 allow ip from me to 10.0.0.0/16 uid qbittorrent
65535 allow ip from any to any
root@qbittorrent:/home/r # netstat -rn
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp4 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
tcp46 0 0 *.8080 *.* LISTEN
tcp6 0 0 fe80::1%lo0.17689 *.* LISTEN
tcp6 0 0 ::1.17689 *.* LISTEN
tcp4 0 0 172.20.201.134.17689 *.* LISTEN
tcp4 0 0 10.0.1.39.17689 *.* LISTEN
tcp4 0 0 127.0.0.1.17689 *.* LISTEN
udp6 0 0 *.53981 *.*
udp4 0 0 *.53981 *.*
udp4 0 0 10.0.1.39.29877 *.*
udp6 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp4 0 0 *.6771 *.*
udp6 0 0 fe80::1%lo0.17689 *.*
udp6 0 0 ::1.17689 *.*
udp4 0 0 172.20.201.134.17689 *.*
udp4 0 0 10.0.1.39.17689 *.*
udp4 0 0 127.0.0.1.17689 *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
fffff8004576d600 stream 0 0 fffff804cd943d58 0 0 0 /var/db/qbittorrent/conf/qBittorrent/config/.ntDcmQ/s
fffff800450a3000 stream 0 0 0 fffff8014eb05d00 0 0
fffff8014eb05d00 stream 0 0 0 fffff800450a3000 0 0
fffff8004576f500 dgram 0 0 0 fffff8003ef8fb00 0 fffff8012a8a6900
fffff8012a8a6900 dgram 0 0 0 fffff8003ef8fb00 0 fffff8012a8a7900
fffff8012a8a7900 dgram 0 0 0 fffff8003ef8fb00 0 fffff800450c5200
fffff800450c5200 dgram 0 0 0 fffff8003ef8fb00 0 0
fffff8003ef8fb00 dgram 0 0 fffff8041440b3d0 0 fffff8004576f500 0 /var/run/logpriv
fffff80045094c00 dgram 0 0 fffff806d0f4c988 0 0 0 /var/run/log
root@qbittorrent:/home/r # drill truenas.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61441
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; truenas.com. IN A
;; ANSWER SECTION:
truenas.com. 271 IN A 38.109.202.235
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 0 msec
;; SERVER: 10.0.1.1
;; WHEN: Sun Mar 12 11:54:11 2023
;; MSG SIZE rcvd: 45
root@qbittorrent:/home/r # drill truenas.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 16840
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; truenas.com. IN A
;; ANSWER SECTION:
truenas.com. 236 IN A 38.109.202.235
;; AUTHORITY SECTION:
;; ADDITIONAL SECTION:
;; Query time: 12 msec
;; SERVER: 172.16.0.1
;; WHEN: Sun Mar 12 11:54:26 2023
;; MSG SIZE rcvd: 45
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 10.0.1.1 UGS epair0b
10.0.1.0/24 link#3 U epair0b
10.0.1.39 link#3 UHS lo0
127.0.0.1 link#1 UH lo0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#1 UHS lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::1%lo0 link#1 UHS lo0
ff02::/16 ::1 UGRS lo0
root@qbittorrent:/home/r # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
0.0.0.0/1 link#4 US wg0
default 10.0.1.1 UGS epair0b
10.0.0.0/16 link#4 US wg0
10.0.1.0/24 link#3 U epair0b
10.0.1.39 link#3 UHS lo0
127.0.0.1 link#1 UH lo0
128.0.0.0/1 link#4 US wg0
172.20.201.134 link#4 UH lo0
198.44.131.4 10.0.1.1 UGHS epair0b
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0
::1 link#1 UHS lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
fe80::/10 ::1 UGRS lo0
fe80::%lo0/64 link#1 U lo0
fe80::1%lo0 link#1 UHS lo0
ff02::/16 ::1 UGRS lo0
ipfw: hostname ``%'' unknown
Firewall rules loaded.
Firewall logging enabled.
ipfw list:
root@qbittorrent:/home/r # ipfw list
00001 allow ip from any to any via lo0
00010 allow ip from any to any via wg0
00101 allow ip from me to 10.0.0.0/16 uid qbittorrent
00103 deny ip from any to any uid qbittorrent
65535 allow ip from any to any
I had to comment out the last deny rule
${cmd} 00103 deny all from any to any uid ${user}
00001 allow ip from any to any via lo0 00010 allow ip from any to any via wg0 00105 allow ip from me to 10.0.0.0/16 uid qbittorrent 00106 allow ip from 10.0.0.0/16 to me uid qbittorrent 00204 deny ip from any to any uid qbittorrent 65535 allow ip from any to any
May 24 08:33:00 Downloads transmission-daemon[22945]: UDP Failed to set receive buffer: requested 4194304, got 42080 (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-3.00/libtransmission/tr-udp.c:97)
So much for Mullvad. Shame really, but there were signs that as company they were changing.
There's also "ProtonVPN", but they've displayed some questionable behavior recently.
This same reasoning can be applied to the Tor network.Mullvad's reasons for dropping port forwarding seem clear.
AzireVPN seems promising. (Very "Mullvad'ish".)Re: Port Forwarding. I dunno, Windscribe? People like them, at least.
Mullvad VPN | AzireVPN | |
---|---|---|
Monthly cost ($ USD) | 5.50 (flat rate) | 10.00 / 7.00 / 5.00 ¹ |
Port Forwarding | No | Yes |
WireGuard connections | 5 | 5 |
Privacy | No logging, anonymous,etc | No logging, anonymous, etc |
Registration | No name, email, or personal info required | No name, email, or personal info required |
Linux and FreeBSD support | GUI app, CLI tool, and generator script | CLI tool and generator script, but no GUI ² |
Jurisdiction | Sweden | Sweden |
[AzireVPN allows port-forwarding in a way] that is unfriendly to permanent hosts by simply making the [forwarded port] expire after a maximum of 30 days. That's not very useful to the XXXXXX crowd who want to host a server. But other than having to change the port number in qBittorrent once a month, it's friendly enough to torrenting to make it extremely useful.
This is something Mullvad should have done, rather than cancel the feature. I'm lucky - I had just switched to Mullvad when this came down, and had only signed up for 3 months. So I'm only out 15€. Still - it's annoying and makes me shake my head at why they would drop the feature entirely without at least trying less drastic remedies.