Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


What is the best Protocol for VPN?
New on LowEndTalk? Please Register and read our Community Rules.

What is the best Protocol for VPN?

FritzFritz Member

What is your fav protocol?

Recently I just heard TrojanVPN, not so fast compared to Wireguard but it can pass my company firewall easily.

The best Network Protocol for VPN
  1. The best Network Protocol for VPN193 votes
    1. OpenVPN
        9.33%
    2. Basic SSH forwarding
        3.11%
    3. ShadowsocksR / Shadowsocks with Obsf
        3.11%
    4. Wireguard
      73.58%
    5. L2TP/IPsec
        0.52%
    6. SSTP
        0.52%
    7. V2RAY / XRAY / VMESS
        7.77%
    8. TrojanVPN / TrojanGo
        1.04%
    9. SoftetherVPN
        1.04%
«1

Comments

  • VLESS+XTLS

  • Daniel15Daniel15 Member
    edited January 4

    You should clarify what you want :) Are you trying to have a "traditional" VPN where you join a network remotely, for example to access your home network away from home? Or do you just need internet access through an intermediary node, like what the larger "VPN" products like NordVPN, Mullvad, etc. are?

    SSH forwarding isn't really a VPN; it's a proxy. It doesn't give you a virtual network adapter, you can't adjust routing tables (eg to automatically route all traffic via the tunnel, or to only route a particular subnet, or to route everything except particular subnets), and you don't get any inbound connectivity from other nodes on the same network other than forwarding individual ports (which has its own pitfalls, for example the source IPs will be wrong). I guess it kinda falls into the second category above, which means that HTTPS and SOCKS proxies would also be in that group.

    For the tunnel itself, you should prefer UDP or other stateless network protocols if it works in your client environment. Try to avoid anything TCP-based, as TCP over TCP adds a lot of unnecessary overhead, and UDP over TCP is pointless since packets are going to be retransmitted via the VPN connection anyways, defeating the purpose of using UDP.

  • Ed_ChdEd_Chd Member
    edited January 4

    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

  • totototototo Member

    My favorite protocol for VPN is WireGuard.
    But for relaying web-browsing, i.e. using it as a proxy server, I prefer VLESS protocol.

  • LoganoLogano Member
    edited January 4

    I like Wireguard and Outline (not sure if the latter is a real VPN).

    EDIT:
    Both are super easy to install without a third party script and speed seems to be snappy.

  • Ed_ChdEd_Chd Member

    @Logano said:
    I like Wireguard and Outline (not sure if the latter is a real VPN).

    @Logano said:
    I like Wireguard and Outline (not sure if the latter is a real VPN).

    Outline is just a fork of Shadowsocks.

    Thanked by 1Logano
  • WireGuard is easily the best. It's included in the kernel (Windows, too, via WireGuardNT), has a smaller code-base, is the easiest to setup and offers a significant speed improvement to OpenVPN.

  • darkimmortaldarkimmortal Member
    edited January 4

    @Daniel15 said:
    SSH forwarding isn't really a VPN; it's a proxy. It doesn't give you a virtual network adapter, you can't adjust routing tables (eg to automatically route all traffic via the tunnel, or to only route a particular subnet, or to route everything except particular subnets), and you don't get any inbound connectivity from other nodes on the same network other than forwarding individual ports (which has its own pitfalls, for example the source IPs will be wrong). I guess it kinda falls into the second category above, which means that HTTPS and SOCKS proxies would also be in that group.

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    SSH can be used to create a proper layer 2/3 vpn, see: https://wiki.archlinux.org/title/VPN_over_SSH#OpenSSH's_built_in_tunneling

  • cochoncochon Member

    If your environment uses a lot of transitory hosts (e.g. cloud instances), Tinc is worth considering, and not on the list.

    It has a mesh protocol that allows all nodes to 'learn' new additions from a central key store without the need to update configuration files. It's a proper VPN protocol, but still userland like OpenVPN, so can't beat kernel mode Wireguard for performance.

    Thanked by 1agonyzt
  • @darkimmortal said:

    @Daniel15 said:
    SSH forwarding isn't really a VPN; it's a proxy. It doesn't give you a virtual network adapter, you can't adjust routing tables (eg to automatically route all traffic via the tunnel, or to only route a particular subnet, or to route everything except particular subnets), and you don't get any inbound connectivity from other nodes on the same network other than forwarding individual ports (which has its own pitfalls, for example the source IPs will be wrong). I guess it kinda falls into the second category above, which means that HTTPS and SOCKS proxies would also be in that group.

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    SSH can be used to create a proper layer 2/3 vpn, see: https://wiki.archlinux.org/title/VPN_over_SSH#OpenSSH's_built_in_tunneling

    Wow! TIL. I wasn't aware of this... I wonder when it was added? I didn't know that PPP over SSH was supported either.

  • Daniel15Daniel15 Member
    edited January 4

    @cochon said:
    If your environment uses a lot of transitory hosts (e.g. cloud instances), Tinc is worth considering, and not on the list.

    It has a mesh protocol that allows all nodes to 'learn' new additions from a central key store without the need to update configuration files. It's a proper VPN protocol, but still userland like OpenVPN, so can't beat kernel mode Wireguard for performance.

    Mesh networking is on the todo list for Wireguard (see https://www.wireguard.com/todo/) but AFAIK nobody has volunteered to implement it yet. wg-dynamic would be the basis of this, but it's not in active development at the moment.

    I used to use Tinc but migrated to Wireguard. I don't have transitory hosts though, so I just built a config file with every system as a peer, and deploy that config to every system using Ansible.

    Thanked by 1cochon
  • XRAY-V2RAY <3

  • miaumiau Member
    edited January 4

    Depends on your purpose. For me I just need alternative route or foreign IP so pptp or gre is pefect.

    When I need to bypass a Nazi firewall, I would use Softether over 443. Good balance on performance, stealth and easy secure setup.

  • @cochon said:
    If your environment uses a lot of transitory hosts (e.g. cloud instances), Tinc is worth considering, and not on the list.

    It has a mesh protocol that allows all nodes to 'learn' new additions from a central key store without the need to update configuration files. It's a proper VPN protocol, but still userland like OpenVPN, so can't beat kernel mode Wireguard for performance.

    Same for Nebula and with some additional NAT transversal functionality.

  • barkbark Member
    edited January 4

    We've been using both Wireguard and OpenConnect for a long time. Wireguard is easier to install, but the superbly mature 'OpenConnect' (not listed) seems to stream US media better for some reason, especially with ocserv 1.1.5.

    Everything else you have listed is either legacy, uncovered, or basically not an actual 'VPN'.

    Shadowsocks-libev with cloak plugin used to be absolutely great for almost all of China, Myanmar, Russia & Turkey, but since covid, not sure if SS even holds water in those countries anymore. ShadowsocksR is something to try when SS fails.

    Just for fun, check out ## kcptun. Interesting stuff.

  • FritzFritz Member

    @Daniel15 @Ed_Chd

    I guess I get more new knowledge every day. :smile:

  • TeoMTeoM Member

    Wireguard is the best I swear. For this I put my hand in the fire

  • FritzFritz Member

    Wireguard is clearly the winner here.

  • mcgreemcgree Member

    What I think about VPN is that I can set up an intranet and let my friends play intranet games together.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @mcgree said:
    What I think about VPN is that I can set up an intranet and let my friends play intranet games together.

    Give each of your friends a shovel and a long Ethernet cord.
    No VPN (Virtual Private Network) necessary, it's a PPN (Physical Private Network).

    For extra credit, build a Token Ring network instead of Ethernet.
    Latency up high, throughout down low.

    Thanked by 2mcgree webcraft
  • My favorite protocol, which wasn't in the polls, is IKEv2.
    This is because the VPN I was using uses IKEv2 by default.

  • It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work

  • CiprianoOscarCiprianoOscar Member, Provider

    i used some protocols for vpn like OpenVPN, L2tp / ipsec, WireGuard and PPTP.

    The fastest and lightest one is L2TP / IPsec but Wireguard is also very good (I use this at the moment as there is no need for an established connection)

    Very heavy OpenVPN and very slow PPTP download (it may be that I configured it wrong).

    My advice? WireGuard

    Thanked by 1_MS_
  • It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    Thanked by 2time4vps jmaxwell
  • @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    It looks like some kind of explicit advertisement, especially considering the date of registration of the author of the message.

  • @VayVayKa said:

    @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    It looks like some kind of explicit advertisement, especially considering the date of registration of the author of the message.

    Honesly idk cuz it's time4vps @time4vps tf?

  • time4vpstime4vps Member, Provider

    @skorupion said:

    @VayVayKa said:

    @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    It looks like some kind of explicit advertisement, especially considering the date of registration of the author of the message.

    Honesly idk cuz it's time4vps @time4vps tf?

    Yes?

  • @time4vps said:

    @skorupion said:

    @VayVayKa said:

    @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    It looks like some kind of explicit advertisement, especially considering the date of registration of the author of the message.

    Honesly idk cuz it's time4vps @time4vps tf?

    Yes?

    It looks like you are doing explicit advertisement on LET.

  • NyrNyr Member

    Unpopular opinion, but OpenVPN is pretty good.

    Sure there are faster and simpler options, but OpenVPN has lots of useful features, a healthy third party software ecosystem and its performance is very reasonable.

    WireGuard is also great depending on the use case.

    Thanked by 1Ympker
  • @Nyr said:
    Unpopular opinion, but OpenVPN is pretty good.

    Sure there are faster and simpler options, but OpenVPN has lots of useful features, a healthy third party software ecosystem and its performance is very reasonable.

    WireGuard is also great depending on the use case.

    What kind of third party softwares other than Pritunl? Can you list some useful ones?

Sign In or Register to comment.