mullvadvpn-app icon indicating copy to clipboard operation
mullvadvpn-app copied to clipboard

Published 20 hours ago verified publisher icon mullvad

[Feature Request] WireGuard Multihop from App

Open bradynpoulsen opened this issue 4 years ago • 14 comments

I would like to be able to take advantage of the Mullvad WireGuard Multihop support from the desktop/mobile apps UI.

The functionality workflow that I have in mind is:

  1. Enable multihop
  2. Select an entry location (In most cases, I'm using the closest location)
  3. Select an exit location (Varies by need, but I usually try to select locations through the same data center providers)
  4. Connect

A couple of secondary nice features that would fulfill my most common locations:

  • Quickly swap exit locations using the existing "Switch location" UI
  • Auto-select entry location based on latency
  • Auto-select exit location based on lowest latency in the exit region I have selected

bradynpoulsen avatar Feb 13 '20 02:02 bradynpoulsen

Adding WireGuard multihop to the app is for sure on the roadmap. I can't give any estimates for when, but it will eventually be there.

Do you know you can already basically mulithop with Shadowsocks + OpenVPN in the app? By using a bridge. Check out https://mullvad.net/en/help/how-use-bridge-mode/.

Quickly swap exit locations using the existing "Switch location" UI

That's likely how it will work, yes. Just like when using a bridge today.

Auto-select entry location based on latency Auto-select exit location based on lowest latency in the exit region I have selected

We currently don't do anything based on latency in the app. We know a lot of other clients do, but our reason for avoiding it so far includes at least:

  1. We want the app to be relatively quiet and hard to fingerprint. After all, censorship circumvention and user security is our main goal. Sending out pings to a large set of servers now and then is not exactly quiet.
  2. Latency is not a very good measurement for speed or the quality of the tunnel said server will provide. Sure, it might work well for some situations, but there are definitely cases where it provides a very wrong metric.

faern avatar Feb 13 '20 07:02 faern

Adding WireGuard multihop to the app is for sure on the roadmap

I figured it was -- I just wanted to open an issue that I could subscribe to so I can get updates on its progress 😄

Latency is not a very good measurement for speed or the quality of the tunnel

Yeah, suggesting a latency-based check was me getting too technical. Primarily, because I travel a lot, it would be nice if it was using any server that was relatively close geographically.

I'm not too concerned about the latency itself as much as trying to enter the Mullvad servers ASAP (which is where latency came to mind) and then from there redirecting the traffic to my desired destination. The calculations wouldn't really need to be very accurate (withing ~100 miles) to give a decent location to attempt a connection to.

bradynpoulsen avatar Feb 13 '20 17:02 bradynpoulsen

Just wondering if there was an update of this and rough roadmap date specifically for WireGuard Multihop in the Android app. I love this feature in the configurator but that is a pain due to the static keys in the WireGuard app. You guys are one of my two favourite VPN services and I used WireGuard in its very first Go implementation on my Mac and it has come a long way!

Also, off topic, but do you guys have any clue when wg-dynamic is likely to be out and included in the core wireguard packages and ultimately branded apps? Just wondered if you had better sight of that then the public!

FinalFulcrum avatar Feb 08 '21 05:02 FinalFulcrum

Multihop on Android is currently not being worked on. Probably still pretty far in the future. Sorry about that. We want it as well.

I have not heard anything on wg-dynamic in a long time. I suspect it's also still pretty far in the future.

faern avatar Feb 09 '21 15:02 faern

Our latest desktop beta now supports WireGuard multi hop via the CLI. If you install 2021.4-beta1 you can enable an "entry location" via the CLI like this:

mullvad relay set tunnel wireguard any --entry-location <location>

Where <location> is specified in the same way you specify the normal relay location constraints: <country> [<city> [<hostname>]]. For exampel --entry-location se will use any server in Sweden as your first hop. The second hop (your exit location) will be picked from your normal location selection in the app.

Please mind that this is only a beta, and so far only supported in the CLI. If you are interested in native WireGuard multi hop, please try this out and report any issues you find.

EDIT: You can still use the GUI while having this feature active. But the GUI won't be aware of the entry location and will not in any way show you that a multi hop setup is in place.

faern avatar Jun 11 '21 09:06 faern

Is there a command to disable multihop (barring a factory reset)? I couldn't find any on the mullvad website.

acrostich avatar Jun 18 '21 00:06 acrostich

mullvad relay set tunnel wireguard any --entry-location none will disable multihop.

pinkisemils avatar Jun 18 '21 11:06 pinkisemils

I was following the SOCKS5 proxy guide and tried to do multihop as pointed out here, but apparently this doesn't work on Android yet.

For instance, if you are connected to se1-wireguard.mullvad.net and then want to exit via us177-wireguard.mullvad.net, you would configure your browser/program to use us177-wg.socks5.mullvad.net on port 1080 as your exit node.

Is it happening because of a different port on the entry node for doing multihop?

miquecg avatar Jul 10 '21 18:07 miquecg

@miquecg SOCKS based multihop is unrelated to the feature discussed in this issue. Sorry for dismissing you, but please send these not-directly-app-related questions to [email protected]. They will be way better at helping you with this.

faern avatar Jul 13 '21 08:07 faern

I know this is possible from CLI. Any chance this gets implemented into the UI?

lordcyb3r avatar Sep 02 '21 20:09 lordcyb3r

Yes. Of course it will be in the UI :) But no ETA. We are working on the design.

faern avatar Sep 03 '21 08:09 faern

I just tested via cli, seems to work well :)

lordcyb3r avatar Sep 09 '21 19:09 lordcyb3r

Hello, any update in the implementation to the Android app? Thank you.

kalekad avatar Apr 07 '22 15:04 kalekad

Since 2022.1 WireGuard multihop is available in the desktop GUI. See this blog post: https://mullvad.net/en/blog/2022/3/10/wireguard-multihop-now-easy-available-app/

We have not yet started the Android implementation. But it should be relatively simple given that the Rust backend is already implemented. It's mostly a UI change. However, we currently have other pretty large Android tasks in progress, so it will likely still take quite a while.

faern avatar Apr 08 '22 11:04 faern

Please allow me to check if there's any update after half a year the the desktop GUI implemented this feature, any luck we'll have it on mobile soon? Cheers!

PeterDaveHello avatar Oct 11 '22 13:10 PeterDaveHello

I cannot give any ETA for when this will land on mobile. We currently work on more high priority features on both mobile platforms.

faern avatar Oct 11 '22 13:10 faern

Is multi-hop on mobile apps still pretty far out in the future?

PatrickVogelius avatar Jul 16 '23 10:07 PatrickVogelius

It's not on the immediate roadmap, no. The current focus is more on anti-censorship features. But it will arrive eventually :)

faern avatar Jul 16 '23 10:07 faern

Any news on multihop in android app?

kalekad avatar Mar 01 '24 15:03 kalekad