Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> OpenVPN is horribly difficult to set up.

OpenVPN is dead easy to setup with a shared secret, and it can work over TCP in pretty much the same way.



While I don't think setting up openvpn is "difficult", in the sense that it's a hard problem to solve, I would definitely not go as far as to say that it is "dead easy".

Setting up openvpn is definitely involved[0]. And I think being concerned that you've configured something incorrectly is a real issue, especially when it comes to security.

[0] https://wiki.archlinux.org/index.php/OpenVPN


That document describes a more complex configuration, including things like MTU configuration, DNS tunneling and firewalling your traffic.

A shared secret point to point link really is dead simple with OpenVPN. The first half of this mini-howto is basically it:

https://openvpn.net/community-resources/static-key-mini-howt...

(Note that it uses the default settings of UDP 1194. To use TCP 443 as discussed above, also set "proto tcp-server" and "port 443").


But you would trust this toy project in terms of security? The point of something like OpenVPN is that all security cases and bugs are worked out already, and there is tons of information for all use cases, and everything is already polished.

Sure you might need to learn some new configuration options, but you won't just use them in this project, they will serve you for the rest of your life for all possible VPN usage cases.


The more complex the project, the less secure it is.


> all security cases and bugs are worked out already

This is likely not the case. While it's true that there hasn't been a severe/highly exploitable published vulnerability in OpenVPN for the last decade or so, that doesn't mean that there aren't vulnerabilities.


I've found the server to be unreliable, when I used OpenVPN, I had to restart it regularly in order to make it possible to connect again (it would begin to connect, but then just stall open).


Plus the project lacks in features, you can't compare it to OpenVPN, it basically has done one sinlge usecase, for one OS, etc.

So basically the author thought it was simple enough for him to write a new software, but not simple enough to setup OpenVPN? (which anyone can do, especially in the shared secret case?) This project smells.

I would not recommend anyone to use this project, it seems like something the author have simply enjoyed writing, not something that is created for using.

Also how is "using ports 80 and 443" is a new "feature" when every other VPN can do exactly that?


> Plus the project lacks in features, you can't compare it to OpenVPN, it basically has done one sinlge usecase, for one OS, etc.

Looks like mainly just Windows is missing? I didn't check it carefully, but seems to be fine on macOS and Linux. Not sure if the server would run on macOS, but I don't think that would be a common use case.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: