
How Fastmail Connect Their Datacentres Together - bootload
https://blog.fastmail.com/2016/12/19/secure-datacentre-interlinks/
======
matt_wulfeck
Interesting use of openvpn. Eventually your sysadmin might have his day, as
managing the overhead (both in engineers and CPU resources) for site-to-site
networking becomes a pain without hardware designed to do it.

My problem with setups like this is they are usually fairly brittle in the
long run, and the person who created and maintains the links gets bored but
nobody has the desires or skills to take over the project. It breaks once and
suddenly the hardware cost just isn't that big of a deal.

------
nly
This solution provides no forward secrecy and doesn't use TLS, as stated.

[https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage](https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage)

Search the page for '\--secret'.

Frankly I would have expected better from FastMail.

(And I'll resist the urge to hate on OpenVPN, although I could do so all
night)

------
atonse
I seriously can't wait for Wireguard to reach a certain level of maturity. It
looked awesome and very simple to use.

The best thing about OpenVPN is ease of use but for these kinds of cases,
isn't performance an issue?

