Hacker News new | ask | show | jobs
by BSDobelix 614 days ago
>I share GP’s expectations too.

Sorry but no you don't, since you call into your LAN-network of course you can see your local machines.

But if you sit in a LAN and you call outside there should be no traffic leaked to the local network your calling out from (for example airport/motel etc).

>Point is, I don’t think of VPNs as something that prevents anyone from seeing my traffic

Correct, every middleman (normally ISP) can see that you connect from your External-IP to the other External-IP over an encrypted tunnel (udp or tcp). The expression 'vpn' i nearly as muddled as cloud ;)

If you want to obfuscate your traffic you need something like tor/i2p, however it's also possible to tunnel your vpn-tunnel through tor-tunnel's (but i don't see much sense in that since exit-nodes are for sure under more observation and publicly known)

Tor and vpn traffic can be detected and blocked (for example Chinese firewall) and for that, shadowsocks can be a solution:

https://github.com/shadowsocks/shadowsocks-rust
1 comments
ninkendo 614 days ago
> Sorry but no you don't

Yes, I really do.

I specifically want my traffic to “leak” from my VPN when traveling away from home, because my home internet upload speed is slow and I don’t want it to bottleneck everything else on my device. I only want the tunnel to be used when I am talking to my LAN.

Similarly when I’m at home and using my work VPN, I want a split tunnel there too. I don’t want every bit of traffic going over the VPN tunnel, because my work network tends to have congestion, and if I’m streaming music or something to listen to, there’s no reason that should have to go throufh my work’s network.

Before saying “nuh uh!” every time someone disagrees with you, maybe stop and consider that people have different use cases from you?

link
BSDobelix 614 days ago
>Yes, I really do.

No you don't, you need a normal (for example) ssh-tunnel, not a "VPN"...trust me ;)

>Before saying “nuh uh!” every time someone disagrees with you, maybe stop and consider that people have different use cases from you?

You want to actively weakening a system that was made for one thing only (a point to point encrypted tunnel with no exceptions of data flow), but hey go on and make your setup a cobbled mess, but don't cry about leaked information.

link
ninkendo 614 days ago
> No you don't, you need a normal (for example) ssh-tunnel, not a "VPN"...trust me ;)

Yes I do. (See how tiring this is getting?)

I don’t want an SSH tunnel when wireguard does the same thing but faster and with an iOS app that works correctly out of the box. I’m aware of SSH tunnels and that’s how I used to do things back in 2008 but times have changed and wireguard is infinitely better at that use case.

> You want to actively weakening a system that was made for one thing only (a point to point encrypted tunnel with no exceptions of data flow), but hey go on and make your setup a cobbled mess, but don't cry about leaked information.

Nobody’s talking about weakening anything here, you’re coming into a conversation where someone said “use cases differ”, and you’re trying to deny that reality… every time someone shows you a different use case you childishly shout “nuh uh” and act like such a use case is wrong because it invalidates your point.

A split tunnel VPN is a valid use case, period. It’s not the only use case. People who want full tunnel where all traffic goes through the tunnel, ALSO have a valid use case. But it doesn’t mean split tunnel is not a thing, and it doesn’t mean people who want split tunnels are wrong.

link
BSDobelix 614 days ago
No problem have fun.
link