Wireguard No.(Unless you want to use kernel module) Android/iOS/Windows clients Everything UDP
Tunneling TCP over TCP is generally slower than tunneling TCP over UDP.
In which case do I need to tunnel non-TCP traffic?
What do you mean by this? I am sorry, I didn’t get this bit.
I am a huge fan of wireguard and if it works in your suggestion(As in, It can carry packets without your ISP blocking it), I’ll definitely recommend it.
If you use a custom kernel on your phone that has built-in wireguard kernel module, You can keep the tunnel enabled 24x7 with negligible battery consumption. The wireguard-go module(that is used by default in android/iOS clients) is a bit slower but still not a deal breaker or anything.
Wireguard tunnels can be enabled within 4-500ms compared to few seconds it takes on stuff like OpenVPN.
It supports 6-to-4 or 4-to-6 tunnels. So, If your ISP only has IPv4 support and you want IPv6 on your clients, You can do it with wireguard. Same goes in the other direction. i.e. If your ISP uses CG-NAT(on IPv4) + IPv6 and you want your wireguard clients on the ISP network to be accessible from outside at any moment. You can create a wireguard tunnel that connects over IPv6 and assigns clients IPv4 and IPv6 addresses. This typically isn’t reliable with just IPv4.
There is tons of stuff I use it for and I can go in more specifics if you have questions.
In which case do I need to tunnel non-TCP traffic?
Sorry for the confusion, but I was wondering which common application layer protocols are UDP-based. Among others, DNS is probably the most notable application, but I can visit google.com with sshuttle and shadowsocks (both AFAIK tunnel TCP traffic only) without problems, while Google’s DNS is blocked in my country. Can you explain this?
There is tons of stuff I use it for and I can go in more specifics if you have questions.
Actually, I have a question: how do you troubleshot performance issues? The CPU usage of my Linode VPS is around ~5%, and there are thousand of miles between it and me, so I guess bandwidth is the bottleneck, but I would like to get some diagnose information about it to be sure. If that is the case, can I improve the performance by, say, making it transmitting more packages per second to compensate for the high packet loss rate?
DNS can work over both UDP and TCP. But what’s happening most likely with SOCKS is that your browser does not resolve DNS at all, it just sends the hostname as is to the proxy. That’s what the “use remote DNS” flag does in Firefox.
Configuring static site generation for tombrow.com, then using what I learn to set up a homepage for my fiancé. Anyone know if Google Domains would be a nicer place to keep my domains than 1and1 is?
It does not plays well with other programming languages and cgo is a mess. This results in situations where you would feel everything is going well right until the moment you have to interface a program written in Go with a program written in any other language. I don’t like this and I believe it should be more co-operative.
nil.
Lack of enums. You can sort of hack your way around with a custom declared type but it’s not pretty and I’d like to see better builtin support for those.
Rust:
It’s a vast language and it was much more intimidating for me given my background was in writing Go almost exclusively.
I had tried to get into async/await in the past and it’s all very complex and confusing. I gave up a few times after reading random blog posts and tokio docs and only recently(read, this week) got into async/await by reading up the async/await book and just experimenting with it.
Lack of libraries. Go has a very good library ecosystem and I miss that in rust.
I assumed traits were like interfaces and made huge refactors in my code and only later learned that they are actually not like interfaces and I had to undo all the work I did.(learnt some important lesson that day). The issue I faced was, There is no safe way to get the underlying concrete type from a trait.
Following the table in my answer.
Tunneling TCP over TCP is generally slower than tunneling TCP over UDP.
What do you mean by this? I am sorry, I didn’t get this bit.
I am a huge fan of wireguard and if it works in your suggestion(As in, It can carry packets without your ISP blocking it), I’ll definitely recommend it.
If you use a custom kernel on your phone that has built-in wireguard kernel module, You can keep the tunnel enabled 24x7 with negligible battery consumption. The wireguard-go module(that is used by default in android/iOS clients) is a bit slower but still not a deal breaker or anything.
Wireguard tunnels can be enabled within 4-500ms compared to few seconds it takes on stuff like OpenVPN.
It supports 6-to-4 or 4-to-6 tunnels. So, If your ISP only has IPv4 support and you want IPv6 on your clients, You can do it with wireguard. Same goes in the other direction. i.e. If your ISP uses CG-NAT(on IPv4) + IPv6 and you want your wireguard clients on the ISP network to be accessible from outside at any moment. You can create a wireguard tunnel that connects over IPv6 and assigns clients IPv4 and IPv6 addresses. This typically isn’t reliable with just IPv4.
There is tons of stuff I use it for and I can go in more specifics if you have questions.
Sorry for the confusion, but I was wondering which common application layer protocols are UDP-based. Among others, DNS is probably the most notable application, but I can visit google.com with sshuttle and shadowsocks (both AFAIK tunnel TCP traffic only) without problems, while Google’s DNS is blocked in my country. Can you explain this?
Actually, I have a question: how do you troubleshot performance issues? The CPU usage of my Linode VPS is around ~5%, and there are thousand of miles between it and me, so I guess bandwidth is the bottleneck, but I would like to get some diagnose information about it to be sure. If that is the case, can I improve the performance by, say, making it transmitting more packages per second to compensate for the high packet loss rate?
DNS can work over both UDP and TCP. But what’s happening most likely with SOCKS is that your browser does not resolve DNS at all, it just sends the hostname as is to the proxy. That’s what the “use remote DNS” flag does in Firefox.
Configuring static site generation for tombrow.com, then using what I learn to set up a homepage for my fiancé. Anyone know if Google Domains would be a nicer place to keep my domains than 1and1 is?
Documenting the code I use for keyboard remapping in macOS. I might write a short post to try to persuade people of the benefit of mapping Ctrl-[ to Escape and Fn-hjkl to arrow keys.
Cutting some more drawer organizers using the laser at the maker space.
Go:
It does not plays well with other programming languages and cgo is a mess. This results in situations where you would feel everything is going well right until the moment you have to interface a program written in Go with a program written in any other language. I don’t like this and I believe it should be more co-operative.
nil.
Lack of enums. You can sort of hack your way around with a custom declared type but it’s not pretty and I’d like to see better builtin support for those.
Rust:
It’s a vast language and it was much more intimidating for me given my background was in writing Go almost exclusively.
I had tried to get into async/await in the past and it’s all very complex and confusing. I gave up a few times after reading random blog posts and tokio docs and only recently(read, this week) got into async/await by reading up the async/await book and just experimenting with it.
Lack of libraries. Go has a very good library ecosystem and I miss that in rust.
I assumed traits were like interfaces and made huge refactors in my code and only later learned that they are actually not like interfaces and I had to undo all the work I did.(learnt some important lesson that day). The issue I faced was, There is no safe way to get the underlying concrete type from a trait.
Compile times