Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

What is the best Protocol for VPN? - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

What is the best Protocol for VPN?

2»

Comments

  • HarambeHarambe Member, Host Rep

    Wireguard for most things. OpenVPN when other people are involved since it's way easier than configuring wg on their side.

    Also SOCKS proxy over SSH often for access to certain websites/tools that are IP locked. I use Core Tunnel on my Macs to manage these, and then have a copy of Firefox that's configured with the socks proxy port and I can just connect/disconnect from my various configs as needed.

  • NyrNyr Community Contributor, Veteran

    @stefeman said: What kind of third party softwares other than Pritunl? Can you list some useful ones?

    • Viscosity, at least for macOS is the best VPN client I have ever used. Also available for Windows.
    • Tunnelblick is less polished, but free. macOS only.
    • Eddie has quite a bunch of features, even if it is not very polished.
    Thanked by 1malikshi
  • VoidVoid Member

    @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    Sounds like one of those fake quora reviews and telegram spam messages.

    P.S No, didn't mean to hit thanks

    Thanked by 1Logano
  • GhtGht Member

    IPSec/IKEv2
    OpenVPN

  • Master_BoMaster_Bo Member

    From the listed: Wireguard. I use SSH forwarding, but it's not a VPN.
    From the unlisted: tinc, which is under active development and behaves quite well in all my setups.

  • stingeostingeo Member

    Xray
    vless+ws+tcp

  • time4vpstime4vps Member, Host Rep

    @skorupion said:

    @time4vps said:

    @skorupion said:

    @VayVayKa said:

    @Protea said:
    It's not a surprise that VPN services are so popular nowadays. However, some are shitty and don't do any work. Since I work in the media industry, I need to stay informed about all the trends around the world, and the easiest way to change the regions is the VPN. I've tried quite a few of them, but none of them leveled up to my expectations. A friend of mine has recently recommended me Linux VPS, and I started using it since. It's been over three months, and it's the easiest and most comfortable way I've ever tried that saves me loads of time and allows me to do my work very well.

    It looks like some kind of explicit advertisement, especially considering the date of registration of the author of the message.

    Honesly idk cuz it's time4vps @time4vps tf?

    Yes?

    It looks like you are doing explicit advertisement on LET.

    I can officially say that we are not. Unfortunately, we have no control over what other person posts, so I can see how you might think that.

  • shyaminayeshshyaminayesh Member

    @Daniel15 said: SSH forwarding isn't really a VPN; it's a proxy. It doesn't give you a virtual network adapter, you can't adjust routing tables (eg to automatically route all traffic via the tunnel, or to only route a particular subnet, or to route everything except particular subnets), and you don't get any inbound connectivity from other nodes on the same network other than forwarding individual ports (which has its own pitfalls, for example the source IPs will be wrong). I guess it kinda falls into the second category above, which means that HTTPS and SOCKS proxies would also be in that group.

    developed dead simple tun interface to SOCKS5 forwarding unit to achieve exactly this. I'll drop the link below for anyone need it.

    https://github.com/shyaminayesh/ttos

  • sandropncsandropnc Member

    wireguard <3

  • Ed_ChdEd_Chd Member
    edited February 2022

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    Continuing on my previous answer for people with different needs.
    First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
    Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
    For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
    PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.

    • VMess + mKCP (with obfuscation or masking) and VLESS + QUIC (with TLS, direct encryption or masking): Uses UDP.
    • VLESS + WebSocket + TLS and VLESS + gRPC + TLS: Can be easily relayed by normal web servers, and even supported CDN networks. Bypass most firewalls. Mostly used in suppressive regimes.
    • VLESS + raw HTTP/2 + TLS: Can be easily relayed by normal web servers. Bypasses most firewalls. Usually slower than WSS (roughly the same with gRPC + TLS), but since having often lower latency, they're mostly used by gamers in suppressive regimes.
    • VLESS + raw TCP + TLS: Fastest among all TCP-based methods, but least resistant to fingerprinting.

    I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).

    Thanked by 3_MS_ lanefu that_guy
  • xetsysxetsys Member

    @Ed_Chd said:

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    Continuing on my previous answer for people with different needs.
    First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
    Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
    For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
    PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.

    • VMess + mKCP (with obfuscation or masking) and VLESS + QUIC (with TLS, direct encryption or masking): Uses UDP.
    • VLESS + WebSocket + TLS and VLESS + gRPC + TLS: Can be easily relayed by normal web servers, and even supported CDN networks. Bypass most firewalls. Mostly used in suppressive regimes.
    • VLESS + raw HTTP/2 + TLS: Can be easily relayed by normal web servers. Bypasses most firewalls. Usually slower than WSS (roughly the same with gRPC + TLS), but since having often lower latency, they're mostly used by gamers in suppressive regimes.
    • VLESS + raw TCP + TLS: Fastest among all TCP-based methods, but least resistant to fingerprinting.

    I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).

    Is there any VPN service for users in suppressive regimes?

  • Ed_ChdEd_Chd Member

    @xetsys said:

    @Ed_Chd said:

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    Continuing on my previous answer for people with different needs.
    First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
    Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
    For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
    PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.

    • VMess + mKCP (with obfuscation or masking) and VLESS + QUIC (with TLS, direct encryption or masking): Uses UDP.
    • VLESS + WebSocket + TLS and VLESS + gRPC + TLS: Can be easily relayed by normal web servers, and even supported CDN networks. Bypass most firewalls. Mostly used in suppressive regimes.
    • VLESS + raw HTTP/2 + TLS: Can be easily relayed by normal web servers. Bypasses most firewalls. Usually slower than WSS (roughly the same with gRPC + TLS), but since having often lower latency, they're mostly used by gamers in suppressive regimes.
    • VLESS + raw TCP + TLS: Fastest among all TCP-based methods, but least resistant to fingerprinting.

    I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).

    Is there any VPN service for users in suppressive regimes?

    Afaik for VPN no, but for encrypted proxies there is a lot. If they choose to purchase a service rather than self host, more often than not they are paying for a service actively spying on them.

  • xetsysxetsys Member
    edited February 2022

    @Ed_Chd said:

    @xetsys said:

    @Ed_Chd said:

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    Continuing on my previous answer for people with different needs.
    First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
    Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
    For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
    PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.

    • VMess + mKCP (with obfuscation or masking) and VLESS + QUIC (with TLS, direct encryption or masking): Uses UDP.
    • VLESS + WebSocket + TLS and VLESS + gRPC + TLS: Can be easily relayed by normal web servers, and even supported CDN networks. Bypass most firewalls. Mostly used in suppressive regimes.
    • VLESS + raw HTTP/2 + TLS: Can be easily relayed by normal web servers. Bypasses most firewalls. Usually slower than WSS (roughly the same with gRPC + TLS), but since having often lower latency, they're mostly used by gamers in suppressive regimes.
    • VLESS + raw TCP + TLS: Fastest among all TCP-based methods, but least resistant to fingerprinting.

    I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).

    Is there any VPN service for users in suppressive regimes?

    Afaik for VPN no, but for encrypted proxies there is a lot. If they choose to purchase a service rather than self host, more often than not they are paying for a service actively spying on them.

    Well, IIRC, stunnel used to be an OpenVPN protocol behind SSL. I really wonder about other similar projects, especially ones which involve wireguard. The idea is to encrypt VPN traffic so as to avoid detection.

  • CloudStackoCloudStacko Member

    +1 WireGuard

  • MeAtExampleDotComMeAtExampleDotCom Member

    @Nyr said:
    Unpopular opinion, but OpenVPN is pretty good.

    OpenVPN isn't unpopular amongst people which know what they are talking about (start a religious protocol war?, me?, never!). It has been around ages so people are familiar with managing it and there there is good 3rd party support, performance is generally good (or at leats acceptable), and it is stable.

    OpenVPN is relatively convoluted though, and heavier on CPU than other options. For new installs where you don't need to support clients on OSs without a stable client, and don't need one of the myriad OpenVPN options it doesn't support, WireGuard may be a better choice (lighter, arguable easier to setup if only due to having far fewer options, better performance in many benchmarks).

    Thanked by 1VayVayKa
  • LosPollosHermanosLosPollosHermanos Member
    edited February 2022

    Wireguard seems to be the new hotness. A lot less overhead and more reliable network connection than OpenVPN.

  • Ed_ChdEd_Chd Member
    edited February 2022

    @xetsys said:

    @Ed_Chd said:

    @xetsys said:

    @Ed_Chd said:

    @Ed_Chd said:
    Let's be clear: SSH forwarding, Shadowsocks and its derivatives, V2Ray, Xray, Trojan(Trojan-GFW) and Trojan-Go are NOT VPNs. They are proxies, they run on layer 7, and they cannot proxy any traffic other than TCP and UDP. I'm genuinely surprised few pointed this out yet.
    VMess itself isn't even a proxy, but a protocol for V2Ray and Xray. V2Ray and Xray are "platforms" rather than simple proxying tools, containing lots of building blocks for its users to choose from, and thus is great for people who wants to take full control over their network.
    Encrypted proxies (like Shadowsocks, ShadowsocksR, V2Ray, Xray, Trojan and Trojan-Go, which you mentioned) should perform better and stay out-of-sight longer than VPNs in terms of traffic forwarding and fingerprintability, since they are especially designed for efficiently bypassing state-backed censorship infrastructure. SSH forwarding does not fall into this category.
    So to answer your question, the best VPN is WireGuard, being both simple and cryptographically secure (but is not fingerprinting resistant), and it uses UDP rather than TCP.

    Continuing on my previous answer for people with different needs.
    First, I'd like addressing the layer 4 and layer 7 "problem", which should not be a problem. On *nix systems, if a proxy is exposed on layer 7 (for example SOCKS5), you can actually either use SOCKS5 to TUN, or if the proxy supports, use IPTables transparent proxy with either cproxy or cgproxy for granular control per-process. On Windows, you can find some tools for relaying SOCKS5 to TAP. The techniques are pretty common for users who either needs to game, or to tighten control with encrypted proxies. Note that you still loses some of the features real VPN lacks (though mostly never used).
    Then, these are where encrypted proxies truly shines above VPNs: detection bypass and (sometimes) speed optimizations. WireGuard is good (way better than ANY other VPN protocols, I must say!), but it is not fingerprinting resistant, thus useless to bypass detection and restriction of any sort. Encrypted proxies however, are often made to defeat fingerprinting by masking themselves as other types of traffic (by giving the firewall no fingerprints, a randomized fingerprint or a whitelisted fingerprint) or directly utilizing other types of traffic. You'll see some exceptions shortly.
    For people prefer UDP over TCP, I'd recommend Hysteria. It uses a custom version of QUIC optimized for bad networks, often being fast enough to rival most of other solutions, but it is sadly not fingerprinting resistant. For other people I'd like to recommend V2Ray once more, with some recommended configurations listed.
    PS: VLESS can be substituted with VMess if you're not living in a suppressive regime, or your network connection is enforcing MITM. TLS can be substituted with XTLS for higher performance and lower resistance to fingerprinting.

    • VMess + mKCP (with obfuscation or masking) and VLESS + QUIC (with TLS, direct encryption or masking): Uses UDP.
    • VLESS + WebSocket + TLS and VLESS + gRPC + TLS: Can be easily relayed by normal web servers, and even supported CDN networks. Bypass most firewalls. Mostly used in suppressive regimes.
    • VLESS + raw HTTP/2 + TLS: Can be easily relayed by normal web servers. Bypasses most firewalls. Usually slower than WSS (roughly the same with gRPC + TLS), but since having often lower latency, they're mostly used by gamers in suppressive regimes.
    • VLESS + raw TCP + TLS: Fastest among all TCP-based methods, but least resistant to fingerprinting.

    I have to point out once again that encrypted proxies are NOT VPNs. They just can proxy your traffic to the server you ordered them to, like how a casual VPN user would use them for, and since VPNs are better known ("thanks" to the VPN companies terrorizing people to earn their dirty money (and no, don't expect me to change this opinion in any foreseeable time)), people often mistakes them as VPNs (or their providers (very few, often made to track users' activities) advertises them as one).

    Is there any VPN service for users in suppressive regimes?

    Afaik for VPN no, but for encrypted proxies there is a lot. If they choose to purchase a service rather than self host, more often than not they are paying for a service actively spying on them.

    Well, IIRC, stunnel used to be an OpenVPN protocol behind SSL. I really wonder about other similar projects, especially ones which involve wireguard. The idea is to encrypt VPN traffic so as to avoid detection.

    Encryption over encryption over another layer of encryption sure may do its work, but what about the performance tax comes with it?
    One of the points of using encrypted proxies with optimal setup is to speeding up your connection while compromises with none of potential security flaws. VLESS over TLS only encrypts your traffic once, and if used with XTLS, VLESS can even reuse the encryption of an already TLS-encrypted connection, greatly lessens computational load.
    As of said before, since encrypted proxies can be configured with normal web servers, you can just blend it with the normal web traffic on your server (one of the ideas behind DNS-over-HTTPS). Or, you can simplify a lot of configuration workflow compared to other solutions, like configuring randomly-chosen or predefined multi-hop connections based on set conditions with little to no performance compromise: heck, if you know how to configure OpenLiteSpeed, NGINX or Caddy, a routed mesh network isn't far fetched at all. None of these can be achieved by any of the traditional VPNs (though if a VPN tries to implement, I'm more than welcome).

  • ServerCityASServerCityAS Member

    Mikrotik eoip tunnel is missing for the list, i now it's encrypt data but it's fast and low cpu use.

Sign In or Register to comment.