Going to get replaced by Wireguard.

According to the VPN provider "perfect-privacy", undoubtly one of the most trustworthy and secure providers, they said that thare are still many uncleared
problems with Wireguard, preventing them from offering official support anytime soon.

We sometimes play older games that are LAN- but not internet-capable or they have been and the servers went down a long time ago. We used OpenVPN in TAP mode as those games were discovering each other with broadcasts. Now as OpenVPN drops TAP mode we'll have to find something new. Does Wireguard have a layer 2 mode?

Integration of efficient compression as zstd and test it at 1Gbps should be greate

I'm assuming multiplayer games aren't extremely sensitive information, so you should be fine by switching to plain L2TP (that is level 2 but has no encryption) or if you really need it encrypted to L2TP/IPSec. https://www.cactusvpn.com/beginners-.../what-is-l2tp/

I am not sure if you are being sarcastic or not, but this article does not actually underlines some of the best pros of Wireguard (terse protocol, roaming capabilities, single key configuration, IMO), while the cons it gives are really not convincing either (especially when it comes to thir in-house solution). I also never heard of that website either before, and I am not sure if it's really trustworthy?

Boa, if they really kill TAP many will get _really_ big problems - me included... Already for administration of foreign networks I often need L2, because the administration software of devices often does L2 things (broadcast for detection and the like)...

You need to look closely at how you are doing this wireguard is also only L3 TUN. Bad point there is little more of a reason than something simple.

I wish this was the only reason then it would be a dumb idea to drop TAP support. Problem is MAC Randomization. What should happen when you end up with two machines on both sides of a VPN link with the same MAC address what one should the L2 packet go to. Before you say we will just do MAC address duplicate detection some people patented some forms of that in 2014. I will not quote current patent numbers some people would 100 percent not like that.

Basically layer 3 vpn makes the vpn a mac address conflict barrier. Lets say you have 5 sites joined up by vpn TAP and you start having random failures could be a bit hard it if happening because of mac address conflict and its because someone has brought their laptop or phone in. The conflict could result in like your main DNS/file server disappear for everyone. Same vpn network this time connect by L3 the breakage will be restricted to 1 segment.

We don't have dhcp for mac addresses in prior art. Guess what was patented.

Mobile devices and UWP and the like are pushing TUN because IP address conflict detection and resolution has prior art and Layer 2 to have mac address conflict detection and resolution could be pay patent. Layer 2 bridging may have to disappear resulting in having to use IP routing and management agents of some form running on both sides of the VPN. Yes management agents are covered by prior art.

Same here, but with Windows VPN (which offers only layer 2 protocols like PPTP and L2TP) on a load of small companies (50 hosts or less for each), and a few middle-size ones (many hundreds of hosts).

I've never ever ever had hardware MAC conflicts, the only MAC conflicts I've seen happened because someone in IT was doing something specific to spoof MAC or copied VMs in a server and then failed to set them up properly afterwards (as VMWare will randomize again the MAC if the VM is cloned and set up properly).

BUT I do recognize that this could be an obvious way to break massive havok "with a simple trick" anyone could learn from youtube, so I'm fine with it being forced to disappear.

I'd personally also love to throw the whole "modern" network stack in a fire as it's beyond stupid. What's the fucking point of having 2 separate addressing systems running in parallel (MAC and IP), just make ONE that can do all jobs.