I'm glad you're asking these kinds of questions, they need to come up more often especially in a software-supply-chain context.
I am a strong advocate of the saying 'trust but verify'. I believe you should closely audit whatever OSS software you are looking at using in light of your threat model.
To get round to your question: Why should I use subnet over OpenVPN/Tinc etc? That decision is entirely your prerogative. Subnet is small (quick(er) to audit), easy to understand, and has the bare minimum functionality needed to implement a VPN with full mutual authentication. OpenVPN and others have far more features and are almost certainty xx% faster. Where you want to draw the line is up to you.
It appears all the ISPs I use have figured out how to kill OpenVPN after a few Mbytes have passed, resulting in annoying VPN service interruptions and restarts (I need to figure out how to restart it automatically) - and the browser reacts to the interrupted transfer by restarting it on the now VPNless network connection. Obscurity might be a defense against this (but wouldn't be if one were targeted instead of getting caught in a driftnet).
That's not been my experience with OpenVPN. It's setup to reconnect to the VPN and only route traffic via the VPN (separate box, actually a repurposed old laptop). Take a look at ping and ping-restart options
Thanks for the suggestions, but decreasing the ping interval only made the VPN fail faster, and there was no difference in behavior between ping-restart and ping-exit :-(.
For what it’s worth, this only really applies to a comparison against OpenVPN or IPSec. WireGuard has similar code complexity and size, and is approximately the same when compared against the incumbent VPN options.
I don't think the comparison to Wireguard is apples-to-apples. Wireguard implements it's own semi-custom cryptosystem (Noise) whereas subnet rides on top of Go standard TLS implementation. So depending on how you view things, Wireguard is either much simpler (if you compare to the whole TLS stack) or much more complex (if you assume Go TLS to be reliable/trustworthy)
I am a strong advocate of the saying 'trust but verify'. I believe you should closely audit whatever OSS software you are looking at using in light of your threat model.
To get round to your question: Why should I use subnet over OpenVPN/Tinc etc? That decision is entirely your prerogative. Subnet is small (quick(er) to audit), easy to understand, and has the bare minimum functionality needed to implement a VPN with full mutual authentication. OpenVPN and others have far more features and are almost certainty xx% faster. Where you want to draw the line is up to you.