Privacy

42512 readers

819 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

176

Mullvad: Reminder that OpenVPN is being removed January 15th 2026 (mullvad.net)

submitted 1 month ago by user224@lemmy.sdf.org to c/privacy@lemmy.ml

35 comments fedilink hide all child comments

Not particularly pleased about the decision when OpenVPN is the most supported protocol.

Meanwhile their competitor IVPN even does IPsec.

you are viewing a single comment's thread
view the rest of the comments

[–] refalo@programming.dev 33 points 1 month ago (3 children)

I assume this is because, in addition to the missing ciphers as referenced in the linked article, OpenVPN, even though it uses TLS, it initially uses a very identifiable handshake before initiating TLS, which is not hard to block. I have personally had problems specifically with OpenVPN being targeted/blocked in this way.

[–] deadcream@sopuli.xyz 23 points 1 month ago

Wireguard is not difficult to block either, it's not designed to be hidden. China, Russia, etc have learned long ago how to detect and block it. The only semi-reliable way to bypass sophisticated VPN blocking techniques is to use protocols that mask as regular https traffic (and self-host it since well know public VPNs will of course be dealt with by simply blocking packets to their ip addresses).

[–] HiddenLayer555@lemmy.ml 10 points 1 month ago

But why disable it for the people who can use it? Unless there's a security implication to the handshake?

[–] user224@lemmy.sdf.org 9 points 1 month ago (3 children)

And I specifically had luck with OpenVPN TCP on port 443 on network which DPI-blocked Wireguard.

[–] deadcream@sopuli.xyz 7 points 1 month ago

Yeah OpenVPN is often used for business reasons (e.g. by remote workers), so it's usually not blocked wholesale, only throttled (and known public VPNs providers and blocked via blacklisting their endpoints' ip addresses). Wireguard meanwhile is used much more rarely so there is less fallout from blocking it completely.

[–] refalo@programming.dev 2 points 1 month ago

Yea every network may do things differently... in my case tcp/443 openvpn is blocked at several places that I frequent.

[–] aprehendedmerlin@lemmy.dbzer0.com 1 points 1 month ago

Wireguard is not Sensorship and DPI resilient at all, it relies solely on UDP. They state it on their official website that it's not their priority at all