New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Wireguard for most things. OpenVPN when other people are involved since it's way easier than configuring wg on their side.
Also SOCKS proxy over SSH often for access to certain websites/tools that are IP locked. I use Core Tunnel on my Macs to manage these, and then have a copy of Firefox that's configured with the socks proxy port and I can just connect/disconnect from my various configs as needed.
Sounds like one of those fake quora reviews and telegram spam messages.
P.S No, didn't mean to hit thanks
IPSec/IKEv2
OpenVPN
From the listed: Wireguard. I use SSH forwarding, but it's not a VPN.
From the unlisted: tinc, which is under active development and behaves quite well in all my setups.
Xray
vless+ws+tcp
I can officially say that we are not. Unfortunately, we have no control over what other person posts, so I can see how you might think that.
developed dead simple tun interface to SOCKS5 forwarding unit to achieve exactly this. I'll drop the link below for anyone need it.
https://github.com/shyaminayesh/ttos
wireguard
Continuing on my previous answer for people with different needs.
First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.
I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).
Is there any VPN service for users in suppressive regimes?
Afaik for VPN no, but for encrypted proxies there is a lot. If they choose to purchase a service rather than self host, more often than not they are paying for a service actively spying on them.
Well, IIRC, stunnel used to be an OpenVPN protocol behind SSL. I really wonder about other similar projects, especially ones which involve wireguard. The idea is to encrypt VPN traffic so as to avoid detection.
+1 WireGuard
OpenVPN isn't unpopular amongst people which know what they are talking about (start a religious protocol war?, me?, never!). It has been around ages so people are familiar with managing it and there there is good 3rd party support, performance is generally good (or at leats acceptable), and it is stable.
OpenVPN is relatively convoluted though, and heavier on CPU than other options. For new installs where you don't need to support clients on OSs without a stable client, and don't need one of the myriad OpenVPN options it doesn't support, WireGuard may be a better choice (lighter, arguable easier to setup if only due to having far fewer options, better performance in many benchmarks).
Wireguard seems to be the new hotness. A lot less overhead and more reliable network connection than OpenVPN.
Encryption over encryption over another layer of encryption sure may do its work, but what about the performance tax comes with it?
One of the points of using encrypted proxies with optimal setup is to speeding up your connection while compromises with none of potential security flaws. VLESS over TLS only encrypts your traffic once, and if used with XTLS, VLESS can even reuse the encryption of an already TLS-encrypted connection, greatly lessens computational load.
As of said before, since encrypted proxies can be configured with normal web servers, you can just blend it with the normal web traffic on your server (one of the ideas behind DNS-over-HTTPS). Or, you can simplify a lot of configuration workflow compared to other solutions, like configuring randomly-chosen or predefined multi-hop connections based on set conditions with little to no performance compromise: heck, if you know how to configure OpenLiteSpeed, NGINX or Caddy, a routed mesh network isn't far fetched at all. None of these can be achieved by any of the traditional VPNs (though if a VPN tries to implement, I'm more than welcome).
Mikrotik eoip tunnel is missing for the list, i now it's encrypt data but it's fast and low cpu use.