269
submitted 6 days ago* (last edited 6 days ago) by user224@lemmy.sdf.org to c/privacy@lemmy.ml

Support will be removed on both client and server side.

The process of removing OpenVPN from our app starts today and may be completed much earlier.

top 50 comments
sorted by: hot top controversial new old
[-] MentalEdge@sopuli.xyz 160 points 6 days ago

TL;DR They are moving to wireguard only.

I'm ok with that.

[-] user224@lemmy.sdf.org 74 points 6 days ago

Except the 5 device limit. With OVPN it means 5 connected devices, with WG it means 5 registered public keys.

Say you use the official Mullvad app and also setup some 3rd party WG client on your phone. That's now taking up 2 devices. Or perhaps you do have 6 devices, but you never have more than 2 of them running at once. With WG, that's still 6 devices regardless of them being connected or not, while with OVPN it will indeed be just 2 devices.

[-] gaylord_fartmaster@lemmy.world 27 points 6 days ago

Can you not use the same keys for multiple devices like you'd normally be able to?

[-] JoeKrogan@lemmy.world 16 points 6 days ago

Not at the same time as they would conflict.

[-] gaylord_fartmaster@lemmy.world 31 points 5 days ago

Well sure, but you effectively still have the same 5-connection limit as long as you manage your keys correctly.

[-] lemming741@lemmy.world 4 points 6 days ago

That's always borked both connections for me

[-] communism@lemmy.ml 4 points 4 days ago

That's true. I use user profiles on GrapheneOS and have to have each profile count as its own device in Mullvad, when obviously I'm not going to be using them simultaneously.

[-] PunkiBas@lemmy.world 14 points 5 days ago

This is a great point, if they're gonna make this change, they should allow unlimited keys (or at least more than 5) and just limit the number of simultaneous devices on wireguard too. If that's feasable

[-] nekusoul@lemmy.nekusoul.de 12 points 5 days ago

It might be feasible, but it's a bit awkward to implement because Wireguard is stateless and doesn't know if a client is offline or just hasn't sent any traffic for some time.

[-] MentalEdge@sopuli.xyz 8 points 6 days ago* (last edited 6 days ago)

That's a pity.

Is there something preventing you from having the same key ready for use on more than one device? So that two devices that are never connected at the same time can take turns using the same key?

[-] bdonvr@thelemmy.club 2 points 5 days ago
[-] RecallMadness@lemmy.nz 1 points 5 days ago

One of my devices uses three keys because out of the two local servers I have, they seem to go down every other month, so I need a failover.

[-] user224@lemmy.sdf.org 1 points 5 days ago

Unless they're simultaneously connected you could share the same private key in all of the configs.

load more comments (5 replies)
[-] AllNewTypeFace@leminal.space 26 points 6 days ago

Wireguard is more elegant and performant, and has a smaller attack surface. OpenVPN, meanwhile, is a legacy protocol, and retiring it should be a good thing.

[-] dhtseany@lemmy.ml 10 points 6 days ago

And when exactly did we declare openvpn a legacy protocol?

[-] Rogue@feddit.uk 19 points 6 days ago* (last edited 6 days ago)

About the same time VPN platforms started migrating away from it

[-] EveryMuffinIsNowEncrypted@lemmy.blahaj.zone 14 points 5 days ago* (last edited 5 days ago)

I feel like that's kind of a case of circular reasoning though: we move away from it because it's legacy, and it's legacy because we're moving away from it... Mind you, I'm no expert on VPNs; this is just something I thought I'd bring to attention here.

[-] verdigris@lemmy.ml 2 points 4 days ago

That's what makes software legacy; it falls out of popularity. Plenty of terminal applications have barely changed since the 80s, but they're not "legacy" because they're actively used and maintained.

[-] akilou@sh.itjust.works 11 points 5 days ago

Can someone explain why this is good or bad?

[-] superglue@lemmy.dbzer0.com 8 points 6 days ago

Not great if you use the transmission-openvpn docker container. Guess I need to come up with a new plan.

[-] shaserlark@sh.itjust.works 10 points 5 days ago

Why not use a qbittorrent WireGuard one?

[-] superglue@lemmy.dbzer0.com 4 points 5 days ago

Wasn't aware of this. I'll check it out! One annoying thing with Mullvad though is the wireguard keys count against your device limit and I already have problems with that. Using OpenVPN didn't count against the limit. The again I'm also considering switch to Surfshark since its cheaper.

[-] shaserlark@sh.itjust.works 2 points 5 days ago* (last edited 5 days ago)

Yeah the device limit is annoying. I switched to AirVPN when Mullvad stopped doing port forwarding and it’s been fine so far. But you’d run into the same issue with the device limit.

I’m not a network expert so I honestly don’t know the difference between the two protocols enough to say that they’re any benefit of one over the other, but there might be a reason that WireGuard is becoming the default? Idk honestly.

Anyway, AirVPN still suports port forwarding and supports OpenVPN so might be an alternative for you. They don’t do security audits which is imo sketchy and makes me question if they are honest about their no logs policy, but otoh they have been around for a long time and there hasn’t been any incidence, which makes me think they’re probably good enough for torrenting.

[-] Nurgus@lemmy.world 3 points 5 days ago

There's also Transmission-Wireguard by the same guy.

[-] ReversalHatchery@beehaw.org 2 points 6 days ago

sometimes people keep a container for the vpn/proxy, and set up the other one to use the network of the other container

[-] superglue@lemmy.dbzer0.com 2 points 6 days ago

Yes I will probably switch to deluge now

[-] Akip@discuss.tchncs.de 5 points 6 days ago

It was good to have it as a backup. I primarily use wireguard but now its a single point of failure.

[-] pineapple@lemmy.ml 27 points 5 days ago

If wire guard is just bettr then I don't see any reason to suport OpenVPN anyway.

[-] lnxtx@feddit.nl 36 points 5 days ago

Legacy devices with OpenVPN support only.

[-] TheReturnOfPEB@reddthat.com 16 points 5 days ago* (last edited 4 days ago)

i can't get wire guard to work on my home network so it is not better for me

edit: to be fair my internet connection is being tapped and recorded by law enforcement so i am assuming that is the problem.

[-] communism@lemmy.ml 2 points 4 days ago

How are you trying to using WG? I had issues with wg quick up or whatever it is, not bothered to check, but adding wireguard connections as NetworkManager interfaces works flawlessly for me.

[-] pineapple@lemmy.ml 7 points 5 days ago

Is that with any vpn provider? or hosting your own? And that is kind of a shame I guess you just won't be able to use Mullvad vpn, good thing there are heaps of other options.

[-] far_university190@feddit.org 4 points 4 days ago

only hear about protonvpn

heap?

[-] jagged_circle@feddit.nl 7 points 5 days ago

I can't get WG to work in Qubes. OpenVPN just works

[-] nekusoul@lemmy.nekusoul.de 3 points 5 days ago* (last edited 5 days ago)

That's kind of weird, because the reason why I never bothered with (selfhosted) VPNs before Wireguard was because it was the first one that just worked. Granted, due to its nature, you don't get a lot of feedback when things don't work, but it's so simple in principle that there's not a lot that can go wrong. For external VPNs like this, it should just be: Load config, double-check, done.

[-] jagged_circle@feddit.nl 4 points 5 days ago

Now do it on an obscure router firmware

[-] far_university190@feddit.org 3 points 4 days ago

any good wireguard documenation? only found few random company blog, some stackoverflow and reddit.

[-] JustMarkov@lemmy.ml 12 points 5 days ago
[-] sunzu2@thebrainbin.org 21 points 5 days ago

Wireguard is the gold standard?

load more comments (2 replies)
[-] Darkassassin07@lemmy.ca 9 points 5 days ago* (last edited 5 days ago)
[-] sunzu2@thebrainbin.org 6 points 6 days ago

Are they going to fix their client so it can work on linux with software like portmaster that controls DNS?

https://github.com/safing/portmaster/issues/445

https://wiki.safing.io/en/Portmaster/App/Compatibility/Software/MullvadVPN

[-] Telorand@reddthat.com 11 points 6 days ago

I doubt it. Portmaster has a relatively small share of users, and I bet it would be a waste of their resources to try to pin down a bug that is outside the scope of their client's normal functionality.

Best option is to try to fix it yourself and submit a pull request or hope somebody else does it.

[-] sunzu2@thebrainbin.org 4 points 6 days ago

Thank you for the tip. It is not necessarily a bug is my understating is that mullvad controls DNS for pirvacy/security issue. So it makes sense from mass market perspective. So this would be more of a feature request.

Never thought of trying to do myseld. I am not an IT guy but FAFO always been my MO lol

load more comments
view more: next ›
this post was submitted on 09 Nov 2024
269 points (100.0% liked)

Privacy

31971 readers
219 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS