I’ve always had it on, but it’s kind of a pain in the ass. Especially on worse (not necessarily slower) networks.
On laptop it’s fine for the most part since the use-case is a bit different, but on a phone it’s causing me some annoyances/issues.
With my carrier indoors it takes on average 62 seconds to connect. This is pretty annoying if toggling/switching VPN servers more often.
But when travelling (e.g.: in a train) it can make the difference from slightly spotty signal to almost never being connected successfully, impacting usability.
As such, I often find myself not even using VPN in such cases in the first place.
For comparison, plain Wireguard is done before I can pull away my finger from the “connect” button, usually even on 2G EDGE.
Do you keep this (perhaps a bit paranoid-level) option on?
Even if actually useful in the future, it would only protect traffic recorded from User to VPN anyway.
That shouldn’t happen. All quantum resistant does is to switch out RSA for ML-KEM. The data transmitted is slightly more, around a KB vs a couple bytes, but that only happens once. The algorithm itself is actually faster.
So something else is going on here. I suspect it has to do with the MTU of your carrier, because the handshake will most likely not fit into a single packet, and then maybe something goes wrong with the related ICMP.