[Feature Request] Ability to denylist servers

[kah0922]

It would be nice to have the ability to forbid the Mullvad app from connecting to certain servers when using a more general connection profile. For example, if a website I frequently use is blocked by a specific VPN server, I don't want the Mullvad app to connect to it, but I still want the ability for the app to pick from a list of servers.

[Stecors]

This would also be very useful for users that are limited to a few servers because of their providers peering policy (like DTAG).

[pointydev]

Seeing as this issue has been inactive for nearly two years, I also support this being implemented. I have increasing been seeing servers in the region I use being blocked by ASN (via cloudflare, etc.), requiring me to "reroll" my connection until I land on a server that is under a different AS, or change region entirely.

[faern]

We are working on a feature to allow users to set up custom server lists. Think of it almost as a favorite servers feature. This should kind of solve your use case. There is no plan currently on a separate feature for actually denylisting/blacklisting anything.

[pointydev]

So for a few weeks I've been using mullvad relay set provider to limit myself to a single provider (which I think is relevant to this issue?), however I've come to want to be able to set a preferred provider then fallback to any (for example, when wanting to quickly switch regions). I tried running mullvad relay set provider firstprovider any and it didn't throw any errors, however when switching to a region that doesn't have that first provider, the connection fails.

[faern]

The command you ran will treat any as a literal provider name and allow servers hosted by any, which is not a real hosting provider.

The way the filter algorithm works there are no fallbacks like this. Thanks for the feedback, but I don't think we'll implement this since it seems a bit niche.

If you are switching between regions and you want providerA in region A and any provider in region B then you'll have to set that up with a script or something.

However, on the topic of "blacklists" and your current problem. We are looking at adding custom location lists. That way you can set up a number of custom lists where you can set up basically what you want here, albeit a bit more manually. No ETA yet, it's not in the immediate backlog, but it has been discussed.

[xanoni]

I closed my ticket given that the overlap was too big. Here is what I wrote. Please see especially the final paragraph. @faern THANK YOU!

Now that Mullvad publishes server link speeds on its website, it would be very nice if we could define favorite (whitelisted) servers and have Mullvad connect only to those. This would be great for people with fast link speeds.

Besides, I also found people who suggested a blacklist filtering instead. There is a similar (unresolved) ticket from Q1 2019, which mentioned that this would allow us to exclude servers that are blacklisted or cause too many captchas.

Ideally, the Mullvad GUI would have both a whitelist and a blacklist feature and allow users to toggle between the two.

IN THE MEANTIME: It would be great if someone from the dev team could point me at the source files that I would have to patch to manually curate a server list. I'm very much OK with an ugly hack and compiling my own binaries until there's an official feature.

[xanoni]

However, on the topic of "blacklists" and your current problem. We are looking at adding custom location lists. That way you can set up a number of custom lists where you can set up basically what you want here, albeit a bit more manually. No ETA yet, it's not in the immediate backlog, but it has been discussed.

Maybe this could be combined with #2623 :)

[faern]

@xanoni Here is the line of code that filters relays depending on if they match the location and provider constraints. You can probably modify around here to make it check multiple location constraints etc:

mullvadvpn-app/mullvad-daemon/src/relays.rs

Line 541 in dd500ec

.filter_map(|relay| Self::matching_relay(relay, constraints))

[pointydev]

Now it's easier to prevent specific providers from being used in the app as of 2021.5-beta1 (tysm for this!), which mostly resolves my issue, I've found myself running into another one.

I'm wanting to set up multihop, however my provider constraints prevent me from connecting to my chosen entry location as there is only one provider in said location (which is the one I have chosen to exclude). The reason I'm choosing to exclude this specific provider isn't because I don't trust them, just that it prevents me from accessing quite a few sites when used as an exit.

Some possible solutions:

1. An option to override provider constraints for entry locations (i.e. --entry-providers, akin to the current option for bridges)
2. Some logic to ignore the normal constraints if a selected region only has 1 provider
   • (probably not a good idea if multihop regions/providers were ever exposed in UI)
3. Integrate WG multihop into bridge settings ...somehow

Thanks,
Elliott

[mikamidd]

Tossing my vote in for a proper favorite/custom server list, maybe it will be bumped up a notch in the backlog :)
Having a provider filter is great but it's still different from having a favorite list. For now I use standalone Wireguard configs in addition to the native app but it makes rotating keys a pain (constantly redownloading/tweaking configs manually) and not ideal since I'd like to have a couple of OpenVPN servers on the list too.

[brazenvoid]

In my country a DPI based system is implemented to stop grey traffic so majority of the servers are blocked immediately after connection. Still there are few that work after no activity of a minute or so. That makes some 2-3 per 10 servers. Please add this function, its frustrating to cycle servers manually.

[faern]

@brazenvoid It sounds like your use case would be equally well or better solved by the custom lists of servers? Then you can add the working servers to a list and modify that when you notice a change in the blocking happens. #3180

[fsqonbdk]

Adding my vote to this request for a list of favorite servers.

[pointydev]

Thank you for implementing custom lists in 2023.6-beta1, however I don't think that fully closes this issue.

While we are able to add servers individually to lists in order to avoid servers we find problematic, we can't e.g. add a favourite country (or city) and blacklist certain cities (or servers). Personally I would like to filter to all UK servers, but blacklist certain providers (M247 and xtom) and a specific server (gb-lon-wg-001). This would allow for new servers to automatically be added to the pool while still keeping blacklisted cities/servers.

Thanks,
Elliott

[Spl0itable]

Any further movement on this?