Friday, March 31, 2023

Re: L2TP vs Wireguard for tunneling (not for VPN)

Hi Polarian,

hmm... looks like you've got a difficult problem. If the option of VPN
was open, then sure pick any type you like.... OpenVPN (though clunky
and many people hate it but I use it and find that it's fine), IPsec
with GRE if you're going to be routing etc...

How about SSH? I know for a fact you can do reverse tunneling through
it, I'm not sure if it can tunnel all types of traffic though. Might
be something to think about at least ;-)

But I'm actually doing something very similar to what you are with my
cellular devices though I'm using a VPN. Problem now of course is that
I find Vodafone rate limiting traffic so things like iHeart Radio and
even Waze stop working which totally sucks as I need them while
driving :-S

Kaya


On Thu, Mar 30, 2023 at 11:02 PM Polarian <polarian@polarian.dev> wrote:
>
> Hello,
>
> So whenever you do research into the topic of what protocol to use for
> tunneling the idea of VPN will always come up. L2TP is considered
> obsolete and insecure, however I see a lot of ISPs still use it to pass
> traffic from one source to another.
>
> The background behind this is that my cellular provider censors the
> majority of media, which is incredibly annoying, most people would just
> say to use a VPN, but I do not wish to.
>
> My server network uses an ISP which does not filter any content, so my
> plan is to tunnel all traffic from my laptop when I am working away from
> my server (most of the time), so that I can have uncensored traffic
> wherever I go.
>
> Now the two questions come up, privacy or speed. Being OpenBSD privacy
> is the number one priority, and as far as the benchmarks and studies
> show, wireguard has the fastest encryption and also security.
>
> On the other hand, it appears L2TP, although insecure as a VPN, is still
> a very fast method of passing traffic around.
>
> What protocol (and software) do you guys recommend me to deploy? and
> should I prioritise the speed in which I can push packets through my
> server router (OpenBSD), or the security of those packets (bare in mind
> the content of the packets will still be TLS encrypted, so the packet
> payload is still secure regardless of the choice I make).
>
> Thank you,
> --
> Polarian
> GPG signature: 0770E5312238C760
> Website: https://polarian.dev
> JID/XMPP: polarian@polarian.dev

No comments:

Post a Comment