What are /r/safing's favorite Products & Services?

From 3.5 billion Reddit comments

I use Mullvad. Using the instructions on that page (setting Mullvad's DNS to 127.0.0.1) doesn't fix OpenVPN but it fixes WireGuard. I can live without OpenVPN so it's not a big deal. Thanks for the help

I use both together without problems. You need to change in the Mullvad Programm the DNS to a specific one for Portmaster and also the same for the network adapter. You find a long thread for this topic on GitHub

Hello,

​

When I try to pay for the SPN, it requires me to sign in to continue, therefore an email is required. Are there any plans to change this and maybe make it more like Mullvad, as u/major_nerd asked?

​

Also, from my understanding you can put a VPN on a router, and then all devices connected to the router will be on a VPN. Is this, or will this be an option through Safing?

​

Thanks!

Does you DNS leak when you only use ProtonVPN?

Does you DNS leak when you only use the Portmaster?

Since you are using Windows I had thoughts about transparent DNS proxies, but that's probably not the cause for leaks as Portmaster integrates into the kernel. I will confirm and get back to you.

Ah, that's a shame! I don't even have an OpenWrt supported router so I couldn't try that potential workaround even if I wanted to. Is there anything of a timeline available for when Mullvad might become compatible with Portmaster? I'm a user who this is important for.

hey there, thanks for giving the PM a go!

sadly PM is not compatible with Mullvad on Linux at the moment:

there might be a workaround, but it does not seem beginner friendly:

Regarding 3.)

Mullvad's leak test only works if you are using Mullvad.
As long as you are not seeing an IP address of yours or from your ISP, all is good.
The Mullvad test just says good/bad by checking if it's one of _their_ IPs.

Currently, the SPN does not kill existing connections when activated, so you will need to restart your browser in order to ensure that all connections go through the SPN immediately. We are working on improving this.

Okay so seems to be Wireguard. Works fine with OpenVPN Port UDP 2049 & TCP 449

Not sure if Portmaster is blocking Wireguard or visa versa but would be surprised if Wireguard is block because ProtonVPN started using Wireguard and I've had no issues.

/ For ref I'm on Fedora 35

Hi, any reason you did not use the .deb file installer? Mint is based on Ubuntu/debian and you should be able to use those packages as well. Ju can find the download link here https://safing.io/portmaster/#downloads

Hey there,

you already did most of the research - good job! What we found is that lencr.org is owned by Let's Encrypt. They have a docs page about it, it says:

> Why is my computer fetching this data? Is it malicious? > > No, the data on lencr.org is never malicious. When a device connects to lencr.org, it’s because client software on that device (like a web browser or an app) connected to another site, saw a Let’s Encrypt certificate, and is trying to verify that it’s valid. This is routine for many clients. > > We can’t speak to whether the other site being connected to is malicious. If you’re investigating network activity that seems unusual, then you may want to focus on the connection that started just before the connection to lencr.org. > > The pattern of clients' connections to lencr.org might look unusual or intermittent. Clients might never retrieve this data; only retrieve subsets of it; or “cache” some data for efficiency, so they’ll only access it sometimes (the first time they need it, and when the data may have expired).

It further specifies that the c.lenccr.org is used to provide CRL checks.

> What exactly is this data for? > > Under c.lencr.org, we provide Certificate Revocation Lists (CRLs) listing all the unexpired certificates that we issued and later revoked. (This is only for our intermediate certificates, which we’ve issued from one of our root certificates; not for certificates that we’ve issued to subscribers.) A client may use this data to verify that our intermediate certificate, which issued the end-entity certificate it’s verifying, has not been revoked.

The domain is registered on cloudflare, and it seems that the service is hosted on akamai, both is nothing which I would not deem worrying.

Hope this brings some clarification, thanks for your patience, we've been busy with the SPN Alpha release. Hope you did not sweat too long ;) Have a good one!

ProtonVPN has been reported to be compatible, if your experience is different you might want to help Safing out and report about your incompatibilities. Maybe describe your exact issue's?

As for the start up i currently have no idea, i'll check when i get time but i can't promise when that will be. Probably this weekend though.

RemindMe! Next Saturday

I signed up to support Safing as I believe in the mission, but my experience so far has seen my speeds drop by like 90%. Still need to use it more and I understand its an alpha - but with ProtonVPN I get like 100mbps and with SPN I am getting around 10mbps.

oh I think I understand now, you're referring to the animation on the portmaster page? https://safing.io/portmaster/

What I understood as the "demo video" was the update video where we first showed the PM in action

But yeah, if that's the case I understand your sentiment

Not sure about verified dots for nordvpn but for nord dns. I was getting bad dns leaks with NordVPN and Portmaster (no leaks with PM turned off) but I fixed them. In global setting, secure DNS section. Added two lines dns:// 103.86.96.100 nordvpn second add line dns:// 103.86.99.100 nordvpn. Then must X out the other two non-nordvpn dns or dot. Then closed portmaster from lower right system tray portmaster notifier icon not upper right x. Reopen portmaster check to see if it saved both nord dns. Then do an extended test on . Zero leaks!

Hey there, we tried to set this up on our machines but as it turns out NordVPN does not offer DNS over TLS. Their verification servers are "" and "" - but neither of them listen to port 853, meaning they do not support DoT.

I hope you find another provider that works for you!

As a comparison, Mullvad, the only recommended VPN of costs 5€ a month. I feel that's totally fair.

So even though we have to cover 3x the bandwidth, I know it still feels pricey. But be aware that you're not only paying for the SPN. You're supporting a brighter future. Our concept is unique and I truly believe it has the potential to give back real privacy to the masses, easy and for free, with a premium upgrade for those who can afford it. And I hope you also agree how we handle our money, being transparent about it and supporting others chasing this future as well, which we'll get better at on both ends. So to those who support us in our early stages, we really are thankful.

And a short response to the unknowns:

• Unknown - being worked on, happy that more and more are flowing in
• Untested - we've lab tested it, but in the end true, not tested in the real world
• Unaudited - an audit is already scheduled, more info next on the 17th
• Unverified - true