5
yabbat
4y

Fuck you strongswan! Just fuck you

Comments
  • 3
    Yes. Very much so.

    I moved to openvpn/tcp and never looked back.
  • 1
    VPN itself is mindfuck.
  • 1
    @IntrusionCM I find it a very useful hack but the implementations generally suck. I hope wireguard will change that.

    People generally think vpn is just for ip hiding. It's the one thing wireguard is not suited for out of the box yet people want the hype...
  • 2
    Ohh yeah... I tried so many configurations but never issued the "strongswan rereadsecrets" command.. Yeah now its working....

    Successfully wasted a few hours. :D
  • 0
    @magicMirror openvpn... Welcome to 2010!

    (Ive used it extensively though. But performance was never as solid as with wireguard)
  • 0
    @jkommeren Openvpn is still king. Wireguard is still a promise of something that is not here yet.
  • 0
    @magicMirror Avoid TCP for any VPN implementation. You are just setting yourself up for double TCP retransmissions.
  • 0
    @datablitz7 eeeeh....

    Don't think so.

    And Wireguard is there, but Wireguard is not VPN - for several reasons, as VPN is a protocol and implementation cluster fuck.
  • 0
    @IntrusionCM Feel free to use wireguard in prod. I'll be sticking with ovpn thankyouverymuch
  • 0
    @datablitz7

    Would be great to hear more of the TCP retransmissions... Cause that sounds like a connection / configuration issue.

    And yes, you can stick to OpenVPN. :-P

    My comment is: Don't compare (existing) VPN (solutions) to Wireguard.

    Wireguard is a VPN tunnel, but it is not an e.g. OpenVPN alternative..... I cringe reading most comparisons as e.g. OpenVPN supports an seemingly endless cesspool of protocol combinations.

    Which is exactly the reason OpenVPN and other VPN solutions can be an enormous pain in the ass.
  • 0
    @IntrusionCM I was not the one comparing the two. Read the thread again. TCP retransmissions are a thing when you move around or go over the air. Using TCP traffic encapsulated in TCP is going to hurt then.
  • 0
    @datablitz7 yes and no.

    Yes there is an overhead, but nowadays with common 1 G nics, even 10 G networking, it is... less of a hassle to have an overhead.

    TCP is far less of a hassle imho.

    Especially since some OSes are quite nitpicky when it comes to UDP - and some routers get very pissed when being bombed by UDP packets.

    The never ending ballad of "UDP fast, UDP good" is something I cannot match in reality.

    When you use VPN, you're crippling performance as you are encrypting and tunneling, which is the anti definition of low latency and performance.

    In my experience VPN plus UDP plus many different OSes = lots of pain.

    ;)
  • 0
    @IntrusionCM It just feels you are responding to someone else. I never said any of the things you are commenting about. No mention of overhead, no praise on UDP being fast and good, no mention of performance being the end goal of a VPN. I just don't know what you are on about. All I said is Openvpn is something tangible and the de facto standard for VPN, which wireguard is not, and to avoid TCP to encapsulate other TCP. I hope I don't get tagged to read you commenting more about things I did not say. Goodnight.
  • 0
    @datablitz7
    Very true. TCP/ovpn is not a good combination. UDP has much better throughput.
    But.... UDP is not good for my use case. Too many broken connections. TCP is much slower, but it gets there.

    We also tested wireguard. It was ok, but not good enough. not sure why though. I should talk to sone ppl.
  • 0
    @datablitz7 it wasn't meant personal.

    More a stream of consciousness half asleep m

    Sorry if that offended ya
Add Comment