- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
Not particularly pleased about the decision when OpenVPN is the most supported protocol.
Meanwhile their competitor IVPN even does IPsec.
You must log in or register to comment.
IVPN is a little pricey but it’s a decent service. You get what you pay for.
AirVPN also really good. Plus they have static port forwarding. And very easy flipping of OpenVPN to wireguard
Only downside is it’s based in Italy, the government of which has been somewhat hostile to privacy as of late. Still, AirVPN itself has been a longtime supporter of privacy and projects like Tor.
First port-forward and now this I mean I get it but being versatile is more important in a VPN for me so no more Mullvad for me. I’ll be moving to either windscribe or AirVPN
I switched to Air, its the slowest VPN I’ve ever used and I’m considering switching back once my subscription is up
Is that so. I also think that windscribe is better
Hide.me is decent. Last i read Azire is solid too.
windscribe goes on sale a few time in the year. You can get it for 29$ a year which is a great price and for 20$ more you have static IP and permanent port-forwarding. It’s a great deal for a trustworthy and feature rich VPN in my opinion
I find when using Mullvad a lot of sites are blocked vs other VPNs. Are all their IPs on a blacklist somewhere?
I find frequently switching works well. It’s a bit of effort, but I have a small list of countries that work best with certain websites.
I assume this is because, in addition to the missing ciphers as referenced in the linked article, OpenVPN, even though it uses TLS, it initially uses a very identifiable handshake before initiating TLS, which is not hard to block. I have personally had problems specifically with OpenVPN being targeted/blocked in this way.
Wireguard is not difficult to block either, it’s not designed to be hidden. China, Russia, etc have learned long ago how to detect and block it. The only semi-reliable way to bypass sophisticated VPN blocking techniques is to use protocols that mask as regular https traffic (and self-host it since well know public VPNs will of course be dealt with by simply blocking packets to their ip addresses).
But why disable it for the people who can use it? Unless there’s a security implication to the handshake?
And I specifically had luck with OpenVPN TCP on port 443 on network which DPI-blocked Wireguard.
Wireguard is not Sensorship and DPI resilient at all, it relies solely on UDP. They state it on their official website that it’s not their priority at all
Yeah OpenVPN is often used for business reasons (e.g. by remote workers), so it’s usually not blocked wholesale, only throttled (and known public VPNs providers and blocked via blacklisting their endpoints’ ip addresses). Wireguard meanwhile is used much more rarely so there is less fallout from blocking it completely.
Why this change?
Mullvad has stated years ago that “WireGuard is the future” because it supports different cryptographic primitives that they prefer to what OpenVPN supports, it uses less lines of code which makes implementations less prone to errors, and it has a different architecture that reduces the risk from certain kinds of cryptographic attacks.
At least, that’s what they claimed back in 2017. It seems they still believe that WireGuard is better than OpenVPN now, but I don’t know if they have any more reasoning beyond what they wrote about in 2017 as to why.
Can you run multiple wire guard connections simultaneously? The reason I stick with OpenVPN is because my work uses wire guard and I can run two connections at the same time.
Yes.
It would depend on whatever the client-side software you use to manage it supports.
You could theoretically have an implementation that sends packets across 1 VPN connection, 5 connections, or 1,000,000, just like how you can make a program that just sends a ping request to one web server, or make one that sends ping requests to 1,000. But if the VPN software your work uses doesn’t support it, then you’d be out of luck.
It’s probably more likely that any legacy software would support multiple connections with OpenVPN, but not necessarily WireGuard, since OpenVPN’s just been around longer, but since WireGuard’s codebase is much simpler, it could be something they’ve put a little time into implementing.
Though since I have no clue what your work uses, there’s no way for me to know if it’d support multiple or not without you testing it yourself.
My work uses tailscale to get to work things. and I just want a VPN to get into my network at home. Maybe every once in a while connect to something like Mulvad. All 3 distinct programs that have virtually no idea about each other.
With OpenVPN just add as many taps as you need. With wire guard it doesnt way to play nicely with any other Wireguard VPNs running.
Thank you for the reply!
did you read the article?
Well that’s annoying. When using it with Gluetun, I’m not sure I can even use Wireguard there.
I used Mullvad wire gluetun for about a year without issues. I’m pretty sure it’s just a simple config difference
Maybe, but I’m using Gluetun’s API too (which is very badly documented), and it seems to me some of the endpoints only work for OpenVPN. But I’ll have to look into it properly.
Ah, no idea about that then
