OpenVPN is just worse than WireGuard, we shouldn’t be requiring VPN providers to support it.
We require all our recommended VPN providers to provide OpenVPN configuration files to be used in any client.
7 Likes
Agree. It would be awkward if, come next year, Mullvad all of a sudden does not meet the requirements because of this.
4 Likes
Seconded.
Unless of course if anyone has a particularly strong argument for including this requirement? Otherwise, it appears to be a no brainer for me
2 Likes
The intent behind this requirement isn’t necessarily to require OpenVPN specifically, even though that is how it’s currently worded. The intent is to require that VPN providers provide the option to use a generic VPN client with standard configuration files.
I think it is fine if we update this to require WireGuard instead, like:
We require all our recommended VPN providers to provide WireGuard configuration information which can be used in any client.
I also think it is fine if we update this to be more generic to cover potential future cases, while keeping the original intent of this criteria:
We require all our recommended VPN providers to provide standard configuration files which can be used in a generic, open-source client.
I would actually probably prefer this second route, because we already require WireGuard in a different part of the criteria anyways.
12 Likes
Agree. My only thought is what if they use something that doesn’t have a generic client. But we can cross that bridge when we get to it.
2 Likes
I can’t really imagine an acceptable situation where a VPN provider exclusively uses some non-generic protocol, so that situation is exactly why this criteria exists in the first place.
1 Like
Obscura is using some kind of custom QUIC-based thing. Cloudflare WARP is using MASQUE and I’m not sure if there’s any generic clients supporting that.
1 Like
I’d say Obscura intentionally wouldn’t qualify at this time. I originally wrote this criteria because the trust/security in a VPN client is important and you might not necessarily want to place your trust in the local software you run in the same party you are trusting to provide a VPN service (ironically the very same issue @ignoramous and I have been discussing in Obscura’s thread lately lol).
Obscura has a path forward and a way to provide their existing service with generic WireGuard clients, which I believe they intend to do in the future, so I don’t think they need an exception. When they add generic WireGuard client support their service will improve dramatically, so yes, this criteria is supposed to filter them out for now.
I have no specific thoughts about Cloudflare Warp, but I have no qualms about it being excluded by this criteria either, for the reason above.