Originally posted by aksdb
View Post
The result is laughable. Say, DPIs can block openvpn in no time - and trying to patch protocol to avoid it would prove a bitch, as you have to grind these stockpiles of code. Still there're plenty of VPN services that did it - so you can have openvpn-like something that isn't openvpn and/or runs some custom "configuration manager" app/script on top of that. So, uh, sorry, but openvpn is weakling when it comes to defending itself from hostility yet very complicated. It also slow, it matters on small devices. SOHO router is very logical place for vpn gateway, securing ALL devices behind it - but it tends to be slow with openvpn. Unfortunate crypto choices + plenty of context switches make it rather unappealing for solution like this.
IPSec ... would be pretty much a snake oil that is also very difficult to setup and often doesn't survives traversing "imperfect" network setups. Wireguard also somewhat shares this problem being UDP - sometimes TCP could be the only option (e.g. corporate firewalls have little reasons to allow UDP).
Leave a comment: