npub18fwvl8c7emfg7w35mvtkq4830c87y4yj5v7hxj6vqjp2px38tm9qsysz6n (npub18fw…sz6n)
It's not exactly that cut and dry. If you live in an oppressive country that blocks VPNs, OpenVPN via TCP is likely the way to go.
If you find your VPN getting blocked often, like Mullvad, switching to a quality VPN like Proton using OpenVPN via TCP is likely the way to go.
Personally, I find OpenVPN with UDP is a good balance between reliability and compatibility.
Check this out. I am not endorsing OctoVPN, but it's a good breakdown.
https://help.octovpn.com/en/article/openvpn-vs-wireguard-a-comparison-with-tcp-and-udp-cmh43j/
Then re-read this bit (edited) for more context.
"Wireguard is faster and leaner and definitely the way to go for most people and in most usecases, but it has a significant limitation as far as privacy and obfuscation goes...it's only UDP."
This is why Mullvad VPN is well known for getting blocked by many sites as well as not being a good option for streaming, or circumventing geographical-blocking and censorship by oppressive governments.
---
Wireguard also forces you to use ChaCha20 encryption and Poly1305 which is definitely more modern, but not as battle tested as other algorithms.
OpenVPN while being code heavy and slower can also use ChaCha20 in addition to other well established encryption protocols.
They also have a complete zero logs policy and do not store user IP addresses on the VPN server, whereas WireGuard requires the user’s IP address of the user to be stored on the server until the server reboots.
Good on Mullvad for making their servers RAM only!
---
**WireGuard uses UDP and doesn't support use over TCP, it can't use TCP port 443, which makes the fact you are using a VPN trivial to detect and block.**
**The creator of WireGuard has emphasized that the protocol does't focus on obfuscation and that deep packet inspection is a known limitation.**
---
In contrast, OpenVPN is better out of the box at evading censorship and deep packet inspection since it can use both UDP and TCP, and also supports traffic packet obfuscation through features like Scramble.
---
If you're going to run Mullvad/Wireguard, check out ProxyGuard. It's a good balance between simplicity and level of obfuscation.
"Proxy UDP connections over HTTP(s). The main use case is to proxy WireGuard packets.
It does this by doing a HTTP upgrade request similar to how websockets work.
This means we can tunnel the protocol behind a reverse proxy."
https://www.eduvpn.org/running-wireguard-over-tcp-a-solution-for-udp-blocking-issues/
https://codeberg.org/eduVPN/proxyguard
ava
npub1f6u…zcka
2024-06-17 21:21:23
in reply to nevent1q…vpq9
Author Public Key
npub1f6ugxyxkknket3kkdgu4k0fu74vmshawermkj8d06sz6jts9t4kslazckaSeen on
wss://relay.noswhere.comPublished at
2024-06-17 21:21:23Event JSON
{
"id": "1299497f93e7e9e97fabbb551bd5e5ca9b96f7c555a95ce1b45d9e6f7a355d6d",
"pubkey": "4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d",
"created_at": 1718652083,
"kind": 1,
"tags": [
[
"e",
"ffe8fc4f3763f7660d65d9b1dbc7dd6e9271dcc353784e9ca407ad48d875ffb8",
"",
"root"
],
[
"e",
"0013709b6254e2f7832c033a01e42679444457c7cf88b25d9bbf67726ac824d0"
],
[
"e",
"938b65f7163538a2f8da8352a2437de7b77bb0388e1d19448682623622ac5729",
"",
"reply"
],
[
"p",
"4eb88310d6b4ed95c6d66a395b3d3cf559b85faec8f7691dafd405a92e055d6d"
],
[
"p",
"3b7fc823611f1aeaea63ee3bf69b25b8aa16ec6e81d1afc39026808fe194354f"
],
[
"p",
"3a5ccf9f1eced28f3a34db176054f17e0fe25492a33d734b4c0482a09a275eca",
"",
"mention"
],
[
"r",
"https://help.octovpn.com/en/article/openvpn-vs-wireguard-a-comparison-with-tcp-and-udp-cmh43j/"
],
[
"r",
"https://www.eduvpn.org/running-wireguard-over-tcp-a-solution-for-udp-blocking-issues/"
],
[
"r",
"https://codeberg.org/eduVPN/proxyguard"
]
],
"content": "nostr:npub18fwvl8c7emfg7w35mvtkq4830c87y4yj5v7hxj6vqjp2px38tm9qsysz6n\n\nIt's not exactly that cut and dry. If you live in an oppressive country that blocks VPNs, OpenVPN via TCP is likely the way to go. \n\nIf you find your VPN getting blocked often, like Mullvad, switching to a quality VPN like Proton using OpenVPN via TCP is likely the way to go.\n\nPersonally, I find OpenVPN with UDP is a good balance between reliability and compatibility.\n\nCheck this out. I am not endorsing OctoVPN, but it's a good breakdown.\n\nhttps://help.octovpn.com/en/article/openvpn-vs-wireguard-a-comparison-with-tcp-and-udp-cmh43j/\n\nThen re-read this bit (edited) for more context.\n\n\"Wireguard is faster and leaner and definitely the way to go for most people and in most usecases, but it has a significant limitation as far as privacy and obfuscation goes...it's only UDP.\"\n\nThis is why Mullvad VPN is well known for getting blocked by many sites as well as not being a good option for streaming, or circumventing geographical-blocking and censorship by oppressive governments.\n\n---\n\nWireguard also forces you to use ChaCha20 encryption and Poly1305 which is definitely more modern, but not as battle tested as other algorithms. \n\nOpenVPN while being code heavy and slower can also use ChaCha20 in addition to other well established encryption protocols. \n\nThey also have a complete zero logs policy and do not store user IP addresses on the VPN server, whereas WireGuard requires the user’s IP address of the user to be stored on the server until the server reboots. \n\nGood on Mullvad for making their servers RAM only!\n\n---\n\n**WireGuard uses UDP and doesn't support use over TCP, it can't use TCP port 443, which makes the fact you are using a VPN trivial to detect and block.** \n\n**The creator of WireGuard has emphasized that the protocol does't focus on obfuscation and that deep packet inspection is a known limitation.**\n\n---\n\nIn contrast, OpenVPN is better out of the box at evading censorship and deep packet inspection since it can use both UDP and TCP, and also supports traffic packet obfuscation through features like Scramble.\n\n---\n\nIf you're going to run Mullvad/Wireguard, check out ProxyGuard. It's a good balance between simplicity and level of obfuscation.\n\n\"Proxy UDP connections over HTTP(s). The main use case is to proxy WireGuard packets.\n\nIt does this by doing a HTTP upgrade request similar to how websockets work.\n\nThis means we can tunnel the protocol behind a reverse proxy.\"\n\nhttps://www.eduvpn.org/running-wireguard-over-tcp-a-solution-for-udp-blocking-issues/\n\nhttps://codeberg.org/eduVPN/proxyguard",
"sig": "05519f354e1362420e64881c3ecc4f7b4ba3fd8672f41ed6e42e33e9c23d0fd147f5f1246df8a45d28d09aa1640e6ae0122d88ff55da74e47de36e50839f1874"
}