Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55872 readers

625 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others

Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):

💰 Please help cover server costs.


Ko-fi	Liberapay

founded 2 years ago

MODERATORS

[email protected]

Two quick questions (lemmy.ml)

submitted 1 day ago by [email protected] to c/[email protected]

5 comments fedilink hide all child comments

I use Surfshark, and the protocol options I have are: Open VPN TCP Open VPN UDP WireGuard

Which should I be using?

Also I have QbitTorrent (Win11), and was curious if the version mattered at all

top 5 comments

sorted by: hot top controversial new old

[–] CountVon 10 points 1 day ago (2 children)

I use WireGuard personally. OpenVPN has been around a long time, and is very configurable. That can be a benefit if you need some specific configuration, but it can also mean more opportunities to configure your connection in a less-secure way (e.g. selecting on older, less strong encryption algorithm). WireGuard is much newer and supports fewer options. For example it only does one encryption algorithm, but it's one of the latest and most secure. WireGuard also tends to have faster transfer speeds, I believe because many of OpenVPN's design choices were made long ago. Those design choices made sense for the processors available at the time, but simply aren't as performant on modern multi core CPUs. WireGuard's more recent design does a better job of taking advantage of modern processors so it tends to win speed benchmarks by a significant margin. That's the primary reason I went with WireGuard.

In terms of vulnerabilities, it's tough to say which is better. OpenVPN has the longer track record of course, but its code base is an order of magnitude larger than WireGuard's. More eyes have been looking at OpenVPN's code for more time, but there's more than 10x more OpenVPN code to look at. My personal feeling is that a leaner codebase is generally better for security, simply because there's fewer lines of code in which vulnerabilities can lurk.

If you do opt for OpenVPN, I believe UDP is generally better for performance. TCP support is mainly there for scenarios where UDP is blocked, or on dodgy connections where TCP's more proactive handling of dropped packets can reduce the time before a lost packet gets retransmitted.

[–] [email protected] 4 points 1 day ago

Thank you, I changed my options in QB over to that, and set it as my default connection type in Surfshark as well

[–] [email protected] 2 points 1 day ago (1 children)

If you do opt for OpenVPN, I believe UDP is generally better for performance. TCP support is mainly there for scenarios where UDP is blocked, or on dodgy connections where TCP's more proactive handling of dropped packets can reduce the time before a lost packet gets retransmitted.

It's great that you brought up TCP vs UDP. And you are totally right about TCP being a bit slower, higher overhead, but it's there for situations where UDP is blocked.

I've used my VPN at all sorts of hotels, coffeeshops, etc. I'd say 1 in 10 places block UDP (or more likely don't properly route UDP). If you're using a SIM card, you won't have any issues.

However, it's worth mentioning that WireGuard is UDP only. There are some hacks/workarounds to have it work over TCP, but then you're going to need to find WireGuard clients that also supports these hacks (which is possible on computers, but harder on cellphones/tablets).

If you want something that "just works" under all conditions, then you're looking at OpenVPN. Bonus, if you want to marginally improve the chance that everything just works, even in the most restrictive places (like hotel wifi), have your VPN used port 443 for TCP and 53 for UDP. These are the most heavily used ports for web and DNS. Meaning you VPN traffic will just "blend in" with normal internet noise (disclaimer: yes, deep packet inspection exists, but rustic hotel wifi's aren't going to be using it ;)

[–] CountVon 2 points 17 hours ago

However, it’s worth mentioning that WireGuard is UDP only.

That's a very good point, which I completely overlooked.

If you want something that “just works” under all conditions, then you’re looking at OpenVPN. Bonus, if you want to marginally improve the chance that everything just works, even in the most restrictive places (like hotel wifi), have your VPN used port 443 for TCP and 53 for UDP. These are the most heavily used ports for web and DNS. Meaning you VPN traffic will just “blend in” with normal internet noise (disclaimer: yes, deep packet inspection exists, but rustic hotel wifi’s aren’t going to be using it ;)

Also good advice. In my case the VPN runs on my home server, there are no UDP restrictions of any kind on my home network and WireGuard is great in that scenario. For a mobile VPN solution where the network is not under your control and could be locked down in any number of ways, you're definitely right that OpenVPN will be much more reliable when configured as you suggest.

[–] [email protected] 2 points 1 day ago

psst just letting you know that surfshark doesn't have ip forwarding, so you can't seed while torrenting with it