Post by Darryl Nixon <img src="https://social.manalejandro.com/media/emoji/infosec.exchange/verified_flashing.png" class="emoji" alt="Emoji verified_flashing">

Takahē

@0x00string Tailscale is built on Wireguard so it should process traffic faster than OpenVPN. The inability to set Tailscale as "Always On" on iOS spoiled it for me, but you can do that with OpenVPN and the Wireguard app (and AFAIK you can't use the Wireguard app with a Tailscale deployment).

It'll definitely seem sketchy to have their software automatically generate, manage, and ship your keys. Effectively, it's Wireguard with a great user experience. They promise that private keys never leave devices and your e2e encrypted traffic never touches their servers.

You can read about its past CVEs. Despite their promises, I don't like the wording on the impact of CVE-2022-41924. I wonder what logs they ship that enables them to guarantee it was never seen in the wild.

1 0 0 View Post & Replies See Original

@0x00string All that to say, if OpenVPN is working great for you at its current speed, there's no real security-based reason to change.

0 0 0 View Post & Replies See Original