Using the Helsinki, Finland Mullvad Exit Node Shows as Coming From New York

tailscale / tailscale

The easiest, most secure way to use WireGuard and 2FA.

https://tailscale.com

BSD 3-Clause "New" or "Revised" License

18.49k stars 1.42k forks source link

Using the Helsinki, Finland Mullvad Exit Node Shows as Coming From New York #11460

Closed jimmybrancaccio closed 5 months ago

jimmybrancaccio commented 5 months ago

What is the issue?

When selecting the Helsinki, Finland Mullvad exit node and then visiting an IP to location site like ipaddress.com or ifconfig.co they both show the location as New York. The customer who originally reported the issue (33915) says they noticed this just started yesterday.

IMG_62EA1CFC093F-1 IMG_F5D8E8415CED-1 IMG_2EB47B0B1376-1

Steps to reproduce

This was reproduced using an iPhone with iOS 17. Customer advises they first noticed this on macOS 14.4 and reproduced it on their iOS device as well.

Connect to your tailnet.
Tap on the exit node drop down menu on the main screen of the Tailscale app.
Tap on the Mullvad option.
Select Finland from the choices.
Visit https://ipaddress.com. Observe the location as New York.
Visit https://ifconfig.co. Observe the location as New York.

Are there any recent changes that introduced the issue?

No response

OS

macOS, iOS

OS version

iOS 17.4

Tailscale version

1.62.0

Other software

No response

Bug report

BUG-81bc98fea1574d8aac020992d7b30380675e6fbb2f49c4e8c728518ca8b10bac-20240318175725Z-f7bce4ff90509995

raggi commented 5 months ago

There is nothing we can do about this. The address 185.77.218.14 is clearly assigned to a Helsinki organization in RIPE, and whois returns correct results.

These third party websites have out of date or buggy ip geolocation databases, which isn't something we have any ability to influence directly.

It appears that MaxMind, one of the more popular providers of IP geolocation data has this issue, per https://www.maxmind.com/en/geoip-web-services-demo

Of more interest however is that this particular address is not one of Mullvads servers. Is Apple private browsing enabled or a similar function?

jimmybrancaccio commented 5 months ago

@raggi You're totally right. In hindsight I likely shouldn't have even filed this and noted we have no control over these 3rd party IP address geolocation databases. WHOIS clearly does show this IP as being owned by an entity in Helsinki, Finland.

For what it's worth Apple private browsing wasn't enabled. It's just an issue with these 3rd party IP geolocation databases not being kept up to date. I'm going to go ahead and close this one out.

abdullahdevrel commented 3 months ago

I work for IPinfo, and the IP address is "185.77.218.14" and is clearly located in Helsinki, Uusimaa, Finland, according to our data.

https://ipinfo.io/185.77.218.14

So, why do we think it is located in Helsinki?

Tracehint data. If you run traceroute, you will find the last known hop 184.104.192.106 is based in Helsinki.

Ping data. The IP address itself is not pingable. But we can lookup a couple of pingable IP addresses within the parent range of 185.77.218.0/23. Then ping them from a multiple server ping service like ping.sx. From there you can see that servers closest to Finland has the lowest RTT.

185.77.218.50
185.77.218.69

And of course as @raggi mentioned the WHOIS data clearly shows the IP address is based in Finland.

There is nothing we can do about this.

Well, if you want you can support https://github.com/tailscale/tailscale/issues/12294 to bring our free data to Tailscale.