Proton VPN Kills Off Legacy OpenVPN Configs in Push for Better Security
Arthur T Knackerbracket writes:
Proton VPN Kills Off Legacy OpenVPN Configs in Push for Better Security
Proton VPN has announced it is retiring old manual OpenVPN configuration files on security grounds, setting a strict cutoff date of February 28, 2026.
The change affects all users who rely on configuration files downloaded before September 2023. While users on the official Proton VPN apps remain unaffected, those running manual setups on routers, Linux terminals, or third-party clients will lose connectivity if they don't refresh their credentials.
[...] The old configuration files are being retired to enforce the use of AES-256-GCM encryption, replacing the older CBC mode.
According to Proton, the switch to GCM offers "built-in integrity, support for parallel processing, and other efficiency improvements," meaning it is faster and drains less battery on mobile devices.
Additionally, the new configurations implement TLS-Crypt, a feature that encrypts the control channel and packet headers. This hides the TLS handshake and metadata, making it much harder for firewalls and censors to identify that you are using a VPN.
If you use a manual OpenVPN setup, check when you last downloaded your configuration files. If it was before September 2023, or if you aren't sure, the safest bet is to update them now.
Failing to update these files before the February deadline will result in a sudden loss of connectivity, potentially leaving your traffic exposed or your internet access blocked entirely.
However, if your router or hardware supports it, we strongly recommend switching to WireGuard instead of reinstalling OpenVPN.
WireGuard uses modern cryptography that is faster to execute, meaning you will likely see a boost in connection speeds and lower latency, vital for gaming or 4K streaming on a router level.
Furthermore, Proton's custom implementation of WireGuard includes specific "Stealth" obfuscation capabilities, making it much harder for ISPs or strict firewalls to detect and block your VPN tunnel compared to a standard OpenVPN connection.
This news comes just days after Mullvad VPN took a much more drastic step. On January 15, Mullvad completely shut down support for OpenVPN across its entire server network, forcing all users onto the newer WireGuard protocol.
Proton's approach is softer. While the company admits it is looking to phase out OpenVPN from its apps, it confirmed to TechRadar that server-side support is going nowhere.
Speaking to TechRadar, David Peterson, General Manager at Proton VPN, explained that while WireGuard is taking over, legacy support remains a priority.
"With the higher performance of WireGuard, particularly on mobile devices, and our extension of WireGuard for Proton VPN's Stealth protocol, we have seen the rate at which OpenVPN is used drop to a tiny minority of our user base," Peterson said. "As such, over time we will start to phase out OpenVPN support in our client apps -particularly for mobile devices where speed and battery performance are of concern."
However, Peterson drew a clear line between the apps and the servers: "We will continue to support OpenVPN on Proton VPN's servers for the foreseeable future in order to support legacy routers and other older devices that are unable to support WireGuard."
Read more of this story at SoylentNews.