raw and nacl0 are unsafe

[tommythorn]

Given that one of the point of NaCl is to provide crypto that you can't mess up, it seems really bad to include nacl0 as it is explicitly stated that one should never re-used the same nonce (which is literally what nonce means).

Similarily, the raw protocol doesn't encrypt (obviously) so doesn't actually offer a service normally associated with VPN.

nacltai looks weak, but not obviously broken. It would be better with more random entropy in the nonce.

[UCIS]

I am aware that the raw and nacl0 modes are insecure. The nacl0 mode remains mostly for backwards compatibility and may still be used for basic obfuscation and error checking. The raw mode is quite useful to create a virtual network on top of a trusted IP network, for example to replace VLAN tagging or tunnel ethernet frames over an IP VPN. The raw0 mode is also compatible with the VirtualBox UDPTunnel mode allowing direct connection of a VM to a tap device. This has been clarified on the wiki page. QuickTun will also warn the user if one of the insecure modes is implicitly selected.