npub18fwvl8c7emfg7w35mvtkq4830c87y4yj5v7hxj6vqjp2px38tm9qsysz6n (npub18fw…sz6n)
It's not exactly that cut and dry. If you live in an oppressive country that blocks VPNs, OpenVPN via TCP is likely the way to go.
If you find your VPN getting blocked often, like Mullvad, switching to a quality VPN like Proton using OpenVPN via TCP is likely the way to go.
Personally, I find OpenVPN with UDP is a good balance between reliability and compatibility.
Check this out. I am not endorsing OctoVPN, but it's a good breakdown.
https://help.octovpn.com/en/article/openvpn-vs-wireguard-a-comparison-with-tcp-and-udp-cmh43j/
Then re-read this bit (edited) for more context.
"Wireguard is faster and leaner and definitely the way to go for most people and in most usecases, but it has a significant limitation as far as privacy and obfuscation goes...it's only UDP."
This is why Mullvad VPN is well known for getting blocked by many sites as well as not being a good option for streaming, or circumventing geographical-blocking and censorship by oppressive governments.
---
Wireguard also forces you to use ChaCha20 encryption and Poly1305 which is definitely more modern, but not as battle tested as other algorithms.
OpenVPN while being code heavy and slower can also use ChaCha20 in addition to other well established encryption protocols.
They also have a complete zero logs policy and do not store user IP addresses on the VPN server, whereas WireGuard requires the user’s IP address of the user to be stored on the server until the server reboots.
Good on Mullvad for making their servers RAM only!
---
**WireGuard uses UDP and doesn't support use over TCP, it can't use TCP port 443, which makes the fact you are using a VPN trivial to detect and block.**
**The creator of WireGuard has emphasized that the protocol does't focus on obfuscation and that deep packet inspection is a known limitation.**
---
In contrast, OpenVPN is better out of the box at evading censorship and deep packet inspection since it can use both UDP and TCP, and also supports traffic packet obfuscation through features like Scramble.
---
If you're going to run Mullvad/Wireguard, check out ProxyGuard. It's a good balance between simplicity and level of obfuscation.
"Proxy UDP connections over HTTP(s). The main use case is to proxy WireGuard packets.
It does this by doing a HTTP upgrade request similar to how websockets work.
This means we can tunnel the protocol behind a reverse proxy."
https://www.eduvpn.org/running-wireguard-over-tcp-a-solution-for-udp-blocking-issues/
https://codeberg.org/eduVPN/proxyguard
quotingI recommend and use Mullvad as well. Paying with non KYC coin from a private wallet using a private server set up with good opsec is the way to go.
nevent1q…lq9s
But again, it depends on your threat model and usecase. If you are using your identity associated paid Proton account, using the Proton VPN included with your subscription is fine. It's great for giving you privacy from your ISP, circumventing geographical limitations, and even torrenting, optiinally using another provider's VPN like Mullvad or IVPN or a Proton VPN plan not associated with your identity.
"Support for paying with Bitcoin when you first sign up is coming soon. Until then, you can sign up for a Free plan and then upgrade using Bitcoin"
Where you need more privacy, sign up and use a free nym Proton email account (not associated with your identity) optionally using another VPN provider like IVPN or Mullvad or a Proton VPN plan not associated with your identity.
Where you need as close to anonynity as possible, sign up and use a free nym Proton email account (not associated with your identity) over Tor only.