Hacker News new | past | comments | ask | show | jobs | submit login

As a sibling suggests, it's very easy to set up OpenVPN _badly_.

I have a config right now on my other PC labelled "Old staging KEEP" which is this type of setup for OpenVPN, it's relying on a crappy out-of-box private CA setup, no passwords, shared private keys, it's likely vulnerable to key compromise attacks and a dozen other problems as configured.

Edited to add: Also, the reason I kept it, this config relies on hijacking public addresses. Some... person... took an OpenVPN config example with 172.16.0.0/16 addresses and it conflicted with the stupid WiFi NAT in their office, so they just changed the IP addresses to a public range nearby, apparently not realising (certainly not caring) that this means it's now randomly breaking other things too.

But for the typical end user this looks like it worked. Random drive-bys can't get in, spinning it up for the new frontend dev is easy, what's not to like? If it takes them five minutes to install & configure OpenVPN wrong, and an hour to install & configure WireGuard right, they will conclude WireGuard is harder, even if it might have taken them a week to get OpenVPN done right.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: