In it's current state, the VPN tunnel is traditionally encrypted using rustls, which is fine for now (and the foreseeable future).
To prepare for a post quantum world, where AES, ChaCha20, and SHA256 become breakable, the tunnel should optionally employ a hybrid-style encryption where a post quantum cryptography (PQC) method as well as standard TLS are applied (in layers).
As of now, rustls does not natively support PQC, but this may come to change. If not, some PQC can simply be applied before sending the packet through TLS.
In it's current state, the VPN tunnel is traditionally encrypted using rustls, which is fine for now (and the foreseeable future).
To prepare for a post quantum world, where AES, ChaCha20, and SHA256 become breakable, the tunnel should optionally employ a hybrid-style encryption where a post quantum cryptography (PQC) method as well as standard TLS are applied (in layers).
As of now, rustls does not natively support PQC, but this may come to change. If not, some PQC can simply be applied before sending the packet through TLS.