Since I often travel between two countries, I’ve been using VPNs for quite some time. I also have a remote server set up in the Netherlands for various reasons. The problem I usually face though is access to local services while staying in another country and using a VPN. That is because shared IPs are often blacklisted and require many tries to get it to work.
I tested out the new Meshnet feature in the NordVPN app, which recently became free (you need a free account though), and thought I’d share my experience. When it first launched, I didn’t take much use of it as from the first look it seemed to be quite complicated, however, it has since got an update and seems to be much clearer and more convenient to use now. It essentially creates a virtual network of devices you connect through, allows you to share files between the devices, and also route your traffic through one of the connected devices (you get the IP address that the selected device uses). The connection is also said to be protected with Nord’s version of Wireguard protocol, NordLynx.
With traffic routing, it was possible to use the IP address assigned by ISP in another country and access these services without hassle while abroad. Addressing my main issue with VPNs, I mostly tried accessing local streaming services and I’ve made some tests by setting it up on my machines, as well as the remote VM.
Main takeaways:
- It does work on both - physical and virtual devices. Having a virtual one is definitely more convenient since the device has to be on if you want to connect to it. But if you make sure your home PC is on 24/7 (and don’t mind the electricity bills), you can access your home PC while abroad at any time, almost like you would with your personal remote server;
- Never once has any of the services (Mostly NL ones - Pathe, NPO, Ziggogo) questioned my location or whether I was using a VPN (with a clean, cache-free browser, of course);
- The speeds could be better. While the connection speed through my remote server without Meshnet was around 400 MBps, through meshnet I got around 100 MBps. Quite a significant difference, however, still enough to stream in HD and browse;
- Device compatibility is limited - while I could stream on my phone by routing the traffic through Windows PC at home as well as a Windows VM, I wasn’t able to route it through a mobile device - only desktop devices are currently able to route the traffic or act as hosts (but you can connect and route the traffic through them from any device supporting the feature);
The file-sharing feature is cool, but it’s nothing groundbreaking yet. Although it doesn’t use any third-party cloud solution, is peer-to-peer and it could be very useful for those who care deeply about privacy and often share sensitive files, I’m still leaning towards the popular solutions we’re all so used to.
Overall, I was quite happy with it and think it is a very useful piece of software for frequent travelers like me with lots of potential to be used in various more complicated network setups. Has anyone already explored the feature, adapted it for their needs and could share their experience?
So sounds exactly like Tailscale?
Yeah I’d just stick to Tailscale. Same features, more trust in the provider.
Hi NordVPN marketing team!
Hang on, if you have a remote server set up in the Netherlands already, wouldn’t it be easier to install your own proxy on that server and use it? There are technically easy solutions that are still secure (well, as secure as the server is in the first place anyway)
Is it something that I’m missing?
I would likely go with ZeroTier instead because you can specify your own IP addressing scheme.
Purely curious, any reason you’re not a fan of NordVPN? I’ve been using their services here and there for the last few years, and they have been solid thus far. Would appreciate some insight, I may have missed something.
They were breached a while back and slow to report. Not the end of the world and not unique to Nord though it kinda highlights the “consolidated target” flaw of any successful online service - theoretically they can hire good security folks but even if they’re careful they might get breached because it’s a big fat high value target worth exceptional effort. On the flip side a $5 VPS running OpenVPN or Wireguard per best practices might be lacking in advanced security and monitoring but it likely will only face brainless bot attacks.
If you have the skill to roll your own and the ability to follow some basic security best practices your data is probably safer on a self managed server instead of in a big pot with everyone else.
Though complicating it further - your traffic can hide more in that big pot, and stands out more on a self hosted setup.
A lot of services don’t work if you are using anything other than a residential IP. It is quite frustrating.
a $5 VPS running OpenVPN or Wireguard
Would still link you to one IP and eventually everyone would know it’s you, just like your home IP. Most people use a VPN to blend in and change IPs to stop tracking and get around DRM and censorship.
I used a free AWS server with squid proxy and it used to work, as far as I could tell. Maybe things have changed.
Can you list some of the services?
Sure, but that’s just the regular VPN, many options available there. Tailscale covers all of the extra meshnet features. Tailscale + any VPN of your choice offers all of this.
Not saying the Nord offering is no good, but it’s available already if you’d rather not use Nord.
All the streaming services are in a constant battle to block any workarounds due to contractual obligations with the media providers, and blocking the ASNs of hosting providers is a real easy way to do so.
If you had success from AWS it was likely from an IP block that was relatively new and the streaming companies hadn’t seen much before. It will be blocked eventually.
Why use tailscale then? Your end point would be the same without it. Just use the VPN.
Did you read the whole review up there? For the device to device connections. Tailscale let’s you VPN between all of your devices, connecting to the devices plus letting the devices pass traffic to local subnets or the Internet. That’s what most VPNs don’t do and what he was saying Nord does, and why we’re all saying, use Tailscale.
Yes, I read your main post. I know what tailscale does. You recommend setup wireguard or openvpn on a VPS. It would hide your traffic from ISP but your VPS IP would go out to everyone.
I’m on mobile at the moment so replies are short.
I said you could do the Nord mesh features with Tailscale, and if you want to use it like a classic VPN you can add a VPS to your tailnet. You said, what if you want the anonymity- well in that case go use a regular VPN. And you can use Tailscale too for the peer to peer stuff. Or you can use this Nord stuff. Whatever - I’m really not seeing why this is starting to resemble a debate.
On the flip side a $5 VPS running OpenVPN or Wireguard per best practices might be lacking in advanced security and monitoring but it likely will only face brainless bot attacks.
If you have the skill to roll your own and the ability to follow some basic security best practices your data is probably safer on a self managed server instead of in a big pot with everyone else.
This is what you said in your original post. The statement is NOT true. As I mentioned before, all of your data would originate from the same IP, tying it back to you.
Tailscale + any VPN of your choice offers all of this.
Then you proceed to give an alternate suggestion of adding Tailscale to the mix. This would not help, because again, the endpoint IP would still be the same for everything you do, connecting it back to you.
Then when I asked why use Tailscale at all in this situation since you would have the same endpoint IP and you proceed to explain what Tailscale is without addressing what I actually said.
I’m really not seeing why this is starting to resemble a debate.
It’s not a debate, I’m simply stating why you’re wrong. If you don’t want to learn from your mistakes, we can end this discussion. Have a good day.
On the flip side a $5 VPS running OpenVPN or Wireguard per best practices might be lacking in advanced security and monitoring but it likely will only face brainless bot attacks.
If you have the skill to roll your own and the ability to follow some basic security best practices your data is probably safer on a self managed server instead of in a big pot with everyone else.
This is what you said in your original post. The statement is NOT true. As I mentioned before, all of your data would originate from the same IP, tying it back to you.
What, exactly, isn’t true here? Using a big VPN give anonymity but potentially puts you at risk by joining the big target. Rolling your own likely makes you safer by removing the big target, though your traffic isn’t anonymized in the herd. Which is better depends on your goals so I’m not making a judgement call of one over the other, just describing two of the choices.
Tailscale + any VPN of your choice offers all of this.
Then you proceed to give an alternate suggestion of adding Tailscale to the mix. This would not help, because again, the endpoint IP would still be the same for everything you do, connecting it back to you.
No, you’re missing the point. OP says, Nord added all these new features - and proceeded to describe what mostly what Tailscale does. So I and others say, you can use Tailscale for that (the peer to peer stuff). You seemed to take that as routing all traffic through Tailscale instead of using the VPN for anonymity and Tailscale for remote access and accessing the internet from a particular endpoint of your control.
Then when I asked why use Tailscale at all in this situation since you would have the same endpoint IP and you proceed to explain what Tailscale is without addressing what I actually said.
And the confusion continues as you try to lump them together. Again, Tailscale + a VPN of your choice are an alternative to using Nord plus their mesh like stuff. Not better or worst, an alternative. Use Tailscale for the peer to peer mesh and the VPN of your choice for anonymity or whatever your want that VPN for.
I’m really not seeing why this is starting to resemble a debate.
It’s not a debate, I’m simply stating why you’re wrong. If you don’t want to learn from your mistakes, we can end this discussion. Have a good day.
And ultimately it comes down to you continuing to misunderstand my point, not me being wrong.