Hi forum.
For anyone not it the know, this is an alternative to OpenVPN, supposedly faster, simpler and with less likelihood of introducing new bugs, partly due to there only being one protocol suite. https://www.wireguard.com/
I wonder if any of you sane people have any input about it? Have you tried it? What was/is your experience?
Also, to the ones knowing a little about cryptography, is the single suite of protocols, as opposed to OpenVPN, which have many, a good or a bad thing in your opinion? Their suite contains Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF.
I saw a thread on their subreddit, with someone praising it and wishing for it to be implemented in pfsense. The community was sceptic at best. Let me see if I can find it.
“Eventually we’ll work with OpenBSD to produce a component for their kernel, and perhaps even write a kext for Darwin and a driver for NT. For now, however, a cross-platform userspace version is most appealing.”
I don’t think the cross-platform userspace application will be useful to pfsense users, so we might have to wait some time before the openbsd kernel component is written.
Do you think it is essential to their success that they get available on openbsd/pfsense? Also in realtion to what platform other router manufacturers write their firmware in? I don’t know what Cisco and the like use. I also wonder how this “Market” is put together. We can all agree that pfsense folks are probably what you’d call “leaders” or “early adopters”, in the marketing nomenclature, but is this, router based VPN clients, where the main market share is?
Well, a standard in this regard is just convenient and easy, but not necessarily the best, as I sense you also imply. I’m thinking, if something better comes along and adoption on both ends of the tunnel (so to speak) is happening, it will become a proper alternative, maybe one day even the new standard. I do agree that too much choice can be counterproductive, or in other words, could be more productive, just look at all the Linux distributions available (which is also some of the beauty of it, but that’s another discussion).
I found out about it through my VPN of choice - Mullvad, who praise it to the skies. I don’t know how many other VPN providers have implemented it, but word on the street is that it is picking up speed. At least Mullvad and PIA has donated to the project. It currently ONLY runs on linux based systems, and as such, you can test it out on a number of routers with LEDE, running on top of OpenWRT (Source). also, a community member of UBNT ported it to EdgeRouter, maybe they’ll pick it up.