Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The one problem I encounter with Wireguard is the use of UDP. Some publicly accessible Wifi nets at shops don't allow UDP at all, and this effectively breaks use of the VPN.

Yeah, there are utilities like setting up udptunnel or udp2raw and similar, but what a headache. I really don't agree with Wireguard's developers justification that it makes speeds terrible. Who cares? It'll be terrible using those utilities anyway. Give us the option, JFC.



VPN over TCP really is quite a bit slower than over UDP, which makes it quite undesirable for me. I think it's quite reasonable of them not to want to complicate the wg project by adding and maintaining the option of UDP over TCP. Remember, wg is supposed to be a minimal project. If you really need TCP traffic, you could always use openVPN.

With quic on the way, this problem will diminish with time anyway.


There's complicating the protocol and complicating the client. It would definitely be nice if they would add a solution to this to the official clients, particularly mobile ones. VPN over UDP is quite a bit slower than over TCP when the ISP blocks/throttles the UDP traffic...


A little trick for this is to listen on udp/53 which is almost always unblocked, even before captive portals


Actually, I found ATT blocking inbound port 53 to my home. Maybe udp 443 could work?


yeah high rates of data over port 53 tends to trigger a lot of firewalls. I've never had much success with it.

443 is much more likley to be let past, with the popularity of QUIC.


I once used port 53 for all my communications at a hotel that was charing metering bandwidth by the gb... it was a magical weekend of DNS passthrough with video calls, etc.

53 is my go to port when the network is wonky.


Could you elaborate on your setup? Do you have a proxy / VPN server running on port 53 somewhere?


This is the reason why I still stick with OpenVPN on TCP 443 for my selfhosted VPN. Yes performance suffers a bit but it works absolutely everywhere including behind campus/corp firewalls as no one blocks TCP 443. I've tried running a seperate UDP instance on a different port for situations where I need higher performance but for my use cases TCP works fine.

From my experience UDP 53 like another commenter suggested does not always work as some firewalls forcibly route all UDP 53 packets to their own local DNS server in order to prevent people from using their own.

As a bonus OpenVPN has the "port-share" option which allows you to share the port with other services like an SSL web server. SSLH is also an option if you want to host both your VPN and a HTTPS site on TCP 443.


Yeah, OpenVPN even supports authenticated web proxies, which is a really nice feature for tunneling. But I realize that I'm probably far from a typical user.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: