this post was submitted on 18 Aug 2025
36 points (100.0% liked)

Privacy

2725 readers
266 users here now

Icon base by Lorc under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
Ategon@programming.dev
danielintempesta@programming.dev
36
Mullvad: Reminder that OpenVPN is being removed January 15th 2026 (mullvad.net)
submitted 1 month ago by cm0002@piefed.world to c/privacy@programming.dev
12 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] cellardoor@lemmy.world 4 points 1 month ago (1 children)
  • It is inefficient in both tunnel and transport mode, sacrificing 20-30% of available bandwidth.
  • It is cryptographically expensive, making your clients work harder and costing the VPN provider more money to host nodes.
  • It is complex to setup and deploy.
  • Uses outdated crypto.
  • Operates in Userspace.
  • WireGuard is essentially better in every one of these regards.
[–] Scoopta@programming.dev 2 points 1 month ago* (last edited 1 month ago) (1 children)

OpenVPN operates in kernel space as of 6.16. Well specifically for the data channel. Control channel is still managed in userspace so you don't have to do asymmetric TLS in the kernel. This also reduces the overhead and increases performance substantially. It is slightly more complicated to setup but barely tbh (I'm speaking from the server side). Is the crypto outdated? Not as far as I'm aware.

[–] ISO@lemmy.zip 2 points 1 month ago (1 children)

And user-space implementations of WireGuard are used a lot anyway, especially on mobile. Every VPN provider app ships with one, at least as a backup (It's wireguard-go usually since boringtun is not well maintained).

[–] Scoopta@programming.dev 1 points 1 month ago

Yeah, I'm just pointing out that OpenVPN has a kernel implementation since it does seem to make quite a large performance difference when available.