this post was submitted on 09 Nov 2024
254 points (100.0% liked)

Privacy

32120 readers
544 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Support will be removed on both client and server side.

The process of removing OpenVPN from our app starts today and may be completed much earlier.

you are viewing a single comment's thread
view the rest of the comments
[–] MentalEdge@sopuli.xyz 157 points 2 weeks ago (5 children)

TL;DR They are moving to wireguard only.

I'm ok with that.

[–] user224@lemmy.sdf.org 73 points 2 weeks ago (7 children)

Except the 5 device limit. With OVPN it means 5 connected devices, with WG it means 5 registered public keys.

Say you use the official Mullvad app and also setup some 3rd party WG client on your phone. That's now taking up 2 devices. Or perhaps you do have 6 devices, but you never have more than 2 of them running at once. With WG, that's still 6 devices regardless of them being connected or not, while with OVPN it will indeed be just 2 devices.

[–] gaylord_fartmaster@lemmy.world 29 points 2 weeks ago (2 children)

Can you not use the same keys for multiple devices like you'd normally be able to?

[–] JoeKrogan@lemmy.world 14 points 2 weeks ago (1 children)

Not at the same time as they would conflict.

[–] gaylord_fartmaster@lemmy.world 30 points 2 weeks ago

Well sure, but you effectively still have the same 5-connection limit as long as you manage your keys correctly.

[–] lemming741@lemmy.world 4 points 2 weeks ago

That's always borked both connections for me

[–] PunkiBas@lemmy.world 14 points 1 week ago (1 children)

This is a great point, if they're gonna make this change, they should allow unlimited keys (or at least more than 5) and just limit the number of simultaneous devices on wireguard too. If that's feasable

[–] nekusoul@lemmy.nekusoul.de 12 points 1 week ago

It might be feasible, but it's a bit awkward to implement because Wireguard is stateless and doesn't know if a client is offline or just hasn't sent any traffic for some time.

[–] MentalEdge@sopuli.xyz 8 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

That's a pity.

Is there something preventing you from having the same key ready for use on more than one device? So that two devices that are never connected at the same time can take turns using the same key?

[–] bdonvr@thelemmy.club 2 points 1 week ago
[–] communism@lemmy.ml 3 points 1 week ago

That's true. I use user profiles on GrapheneOS and have to have each profile count as its own device in Mullvad, when obviously I'm not going to be using them simultaneously.

[–] RecallMadness 1 points 1 week ago (1 children)

One of my devices uses three keys because out of the two local servers I have, they seem to go down every other month, so I need a failover.

[–] user224@lemmy.sdf.org 1 points 1 week ago

Unless they're simultaneously connected you could share the same private key in all of the configs.

[–] devfuuu@lemmy.world 1 points 1 week ago

It just sounds easier to think about it with wireguard then. No surprises.

[–] Creat@discuss.tchncs.de 1 points 2 weeks ago (1 children)

I can only assume that is the main reason for this change. Pitty.

[–] MentalEdge@sopuli.xyz 13 points 2 weeks ago (1 children)

I already commented on this, but do they actually block you from setting up multiple devices with the same key?

I've had my own server node for a while, there's nothing stopping me from using the same key and config on multiple client devices, as long as I don't connect them at the same time.

I'm not limited to five keys, obviously, but the keys aren't device specific. I could set up just one on the server, and then use it everywhere.

Does Mullwad stop this in some way?

[–] ReversalHatchery@beehaw.org 5 points 2 weeks ago (1 children)

I already commented on this, but do they actually block you from setting up multiple devices with the same key?

I don't think that's possible to block, but it could lead to problems (responses not arriving) when both devices try to use the same key.

[–] MentalEdge@sopuli.xyz 8 points 2 weeks ago

Well yeah, you'd still have the limitation that you can't connect multiple devices at the same time. But the idea is that just like before, nothing is actually stopping you from having as many devices as you like ready to go, all able to be used one at a time.

[–] AllNewTypeFace@leminal.space 25 points 2 weeks ago (1 children)

Wireguard is more elegant and performant, and has a smaller attack surface. OpenVPN, meanwhile, is a legacy protocol, and retiring it should be a good thing.

[–] dhtseany@lemmy.ml 9 points 2 weeks ago (1 children)

And when exactly did we declare openvpn a legacy protocol?

[–] Rogue@feddit.uk 18 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

About the same time VPN platforms started migrating away from it

[–] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 14 points 1 week ago* (last edited 1 week ago) (1 children)

I feel like that's kind of a case of circular reasoning though: we move away from it because it's legacy, and it's legacy because we're moving away from it... Mind you, I'm no expert on VPNs; this is just something I thought I'd bring to attention here.

[–] verdigris@lemmy.ml 2 points 1 week ago

That's what makes software legacy; it falls out of popularity. Plenty of terminal applications have barely changed since the 80s, but they're not "legacy" because they're actively used and maintained.

[–] akilou@sh.itjust.works 10 points 1 week ago

Can someone explain why this is good or bad?

[–] superglue@lemmy.dbzer0.com 8 points 2 weeks ago (3 children)

Not great if you use the transmission-openvpn docker container. Guess I need to come up with a new plan.

[–] shaserlark@sh.itjust.works 10 points 2 weeks ago (1 children)

Why not use a qbittorrent WireGuard one?

[–] superglue@lemmy.dbzer0.com 4 points 1 week ago (1 children)

Wasn't aware of this. I'll check it out! One annoying thing with Mullvad though is the wireguard keys count against your device limit and I already have problems with that. Using OpenVPN didn't count against the limit. The again I'm also considering switch to Surfshark since its cheaper.

[–] shaserlark@sh.itjust.works 2 points 1 week ago* (last edited 1 week ago)

Yeah the device limit is annoying. I switched to AirVPN when Mullvad stopped doing port forwarding and it’s been fine so far. But you’d run into the same issue with the device limit.

I’m not a network expert so I honestly don’t know the difference between the two protocols enough to say that they’re any benefit of one over the other, but there might be a reason that WireGuard is becoming the default? Idk honestly.

Anyway, AirVPN still suports port forwarding and supports OpenVPN so might be an alternative for you. They don’t do security audits which is imo sketchy and makes me question if they are honest about their no logs policy, but otoh they have been around for a long time and there hasn’t been any incidence, which makes me think they’re probably good enough for torrenting.

[–] Nurgus@lemmy.world 3 points 1 week ago

There's also Transmission-Wireguard by the same guy.

[–] ReversalHatchery@beehaw.org 2 points 2 weeks ago (1 children)

sometimes people keep a container for the vpn/proxy, and set up the other one to use the network of the other container

[–] superglue@lemmy.dbzer0.com 2 points 2 weeks ago

Yes I will probably switch to deluge now

[–] Akip@discuss.tchncs.de 5 points 2 weeks ago

It was good to have it as a backup. I primarily use wireguard but now its a single point of failure.