- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
You must log in or register to comment.
Thanks for sharing
that sucks, surely some people needed it
Why must everyone be removing OVPN 🙁
Because wireguard is vastly better.
It isn’t in a lot of ways
How so? EDIT: I see you’ve already elaborated in other comments.
- It is inefficient in both tunnel and transport mode, sacrificing 20-30% of available bandwidth.
- It is cryptographically expensive, making your clients work harder and costing the VPN provider more money to host nodes.
- It is complex to setup and deploy.
- Uses outdated crypto.
- Operates in Userspace.
- WireGuard is essentially better in every one of these regards.
OpenVPN operates in kernel space as of 6.16. Well specifically for the data channel. Control channel is still managed in userspace so you don’t have to do asymmetric TLS in the kernel. This also reduces the overhead and increases performance substantially. It is slightly more complicated to setup but barely tbh (I’m speaking from the server side). Is the crypto outdated? Not as far as I’m aware.
And user-space implementations of WireGuard are used a lot anyway, especially on mobile. Every VPN provider app ships with one, at least as a backup (It’s
wireguard-gousually sinceboringtunis not well maintained).
May I ask why its needed?
The big thing for public VPNs is the server can push the configuration to the client rather than having it be static. Config push, specifically for addressing is basically the only viable way to do a NATless VPN. Additionally while unrelated to public VPN providers wg does not have the ability to bind to individual IPs which is a headache for my internal VPN use case.
