1. 12
  1. 2

    I feel like we just need something that’s like Caddy v1 [1] but for VPNs that just works: it should have very little setup overhead and just do everything for you (e.g. generate public/private keys, certs, etc) but still be able to be more flexible with larger configurations.

    This isn’t the first environment-assuming-auto-install script I’ve seen for insert generic complicated VPN software here and I don’t want more of those; I know I can’t just ask for free software and have it be made [2] but I don’t know much crypto and rolling your own is dangerous.

    [1] Caddy v2 is bloated and doesn’t really respect v1’s simplicity IMO.

    [2] There’s dsvpn but it seems the author has stopped maintaining it and it was quite unreliable when I tried it.

    Edit: Another concern is cross-platform: only the big and bulky VPNs have mobile clients right now.

    1. 2

      there’s dsvpn

      Runs on TCP (first bullet point under features)

      Eh, no thanks. At that point I’d much rather just use openssh as a socks proxy.

      TCP over TCP is unpleasant, and UDP and similar protocols over TCP is even worse.

      It seems likely the future of vpn will be built on wireguard. But it needs something like zerotier.com for some “virtual secure lan” use cases.

      Tailscale.com does a bit of the zerotier stuff for wireguard - but zerotier has (AFAIK) smarter routing - local lan traffic stays local and encrypted. (if you have two laptops at home, a vps in the cloud - all on the same zerotier vpn - all traffic is encrypted, but traffic between the two laptops is routed locally. And things like bonjour/mDNS works across all three machines).

      1. 4

        FWIW, Tailscale also routes traffic intelligently, so LAN traffic will remain local (assuming the devices are able to talk to each other, of course). Tailscale does have public relay nodes as a last resort fallback, but on well-behaved networks, all traffic is p2p on the most direct path possible.

      2. 2

        Check dsnet, which was posted here a few weeks ago: https://github.com/naggie/dsnet it is basically a simpler UI for wireguard, which I like so far.

        1. 2

          There’s dsvpn but it seems the author has stopped maintaining it […]

          The GitHub repo currently has 0 open issues, so I’d rather call it mature instead of unmaintained.

          […] and it was quite unreliable when I tried it.

          Maybe give it another chance now? It works perfectly for me.

          1. 2

            seems like streisand fills the gap of easy-but-still-configurable setup. not entirely one-click but aimed toward a less technical crowd and holds the user’s hand decently well.

            1. 1

              This looks fantastic, thanks for putting this together. I’m particularly interested in the prospect of Wireguard support, is that waiting until that’s merged into OpenBSD proper? (If I can avoid needing any Go on my machines I’m happy).