Mullvad VPN support

[devmattrick]

Currently, the Mullvad VPN options show as an individual node in the Trayscale node list. While this is technically correct, it does make using Trayscale a bit more difficult for users who use the Mullvad integration:

It'd be nice to have Trayscale recognize the Mullvad nodes and group them in a similar way to how the iOS Tailscale client does it (apologies in advance for the giant image):

[DeedleFake]

Interesting. I don't use Mullvad, so I was unaware of how this worked.

The documentation doesn't seem to mention it, but it looks like all of the Mullvad servers have a mullvad.ts.net domain. Is there any way you could take a look at the metadata for the nodes and see if there's a better way to identify them? Maybe in the capabilities list for the nodes?

[devmattrick]

I don't think Tailscale treats Mullvad exit nodes as actual devices on the tailnet, even though they appear that way to the user. For example, they don't appear in the Admin Console nor do they appear when you run tailscale status or curl https://api.tailscale.com/api/v2/tailnet/{name}/devices. The only way to list them via the CLI is by running tailscale exit-nodes list which will give the following:

I was hoping to poke through the source code of one of the GUI clients to see how it's implemented, but it seems like only macOS and iOS support the enhanced display at the moment. It might be worth holding off until we get an official open source implementation to see if there's anything special other than hostname matching they do. Though, I think it's safe to assume it's related to this PR that added the exit-node subcommand in the first place, which will only display nodes with an associated location.

[DeedleFake]

If they're showing up in the Trayscale peer list, they must be treated as normal nodes by the API. My guess is that they're filtered out by ipnstate.PeerStatus.ShareeNode being true, as the docs for that say

ShareeNode indicates this node exists in the netmap because
it's owned by a shared-to user and that node might connect
to us. These nodes should be hidden by "tailscale status"
etc by default.

I threw together a little program to get info about the capabilities and tags of the nodes in a Tailnet. I'm curious in particular if there are any tags set for the Mullvad nodes.

[devmattrick]

Oh sweet, it looks like there is a special tag on Mullvad nodes:

[DeedleFake]

Oh nice. That simplifies things. Thanks. Now I just need to figure out the best way to handle this on the UI side. Maybe generate a special page for selecting a Mullvad node if at least two such nodes are found or something. Not quite sure what that should look like, though. I also won't really be able to test it very easily, unfortunately. Maybe I can rig something up to provide fake node data while I get the UI in place.

[devmattrick]

I'm happy to provide any help you need with information/ testing. I could also look into adding you to my tailnet if that's something that'd be helpful; I still have a couple of extra devices I can add to the Mullvad config.

[jordan-bravo]

+1 for this feature request.

I'm not sure if you're already planning to implement this but it would be handy to have dropdown to select the exit node and then a toggle to click to turn the mullvad exit node on or off, which could issue these commands under the hood:

For example, if the user chooses a Detroit (det) exit node, then turning it on would issue the command: tailscale up --operator=$USER --exit-node=us-det-wg-001.mullvad.ts.net --exit-node-allow-lan-access=true

Then to turn off the exit node (but still keep tailscale activated), the following command could be used: tailscale up --operator=$USER --exit-node= --exit-node-allow-lan-access=false.

I'm not an expert on GTK but I am a software developer; please let me know if there's anything I can do to help with this.

[DeedleFake]

Just wanted to update and note that I have recently, as in just today, purchased the Mullvad integration, so this should now be a lot simpler for me to test as I work on it.