Announcement

Collapse
No announcement yet.

We Could See WireGuard Upstreamed In The Linux Kernel In 2018

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • We Could See WireGuard Upstreamed In The Linux Kernel In 2018

    Phoronix: We Could See WireGuard Upstreamed In The Linux Kernel In 2018

    WireGuard is the effort led by Jason Donenfeld to provide a next-gen secure network tunnel for the Linux kernel. Jason has laid out plans and next steps for getting this interesting project merged into the upstream Linux kernel...

    http://www.phoronix.com/scan.php?pag...-November-2017

  • #2
    I'm struggling to understand the basic difference between openvpn based vpn and WireGuard. Don't get me wrong, I get that WireGuard implements the encryption on deeper on the OSI layer/in the Kernel. The thing that I'm not getting is how will this differ in practical terms, would you need a different VPN serivice that uses WireGuard or can you imprement current service solutions with WireGuard instead of OpenVPN. Sorry if this is a dumb question, feel like I'm missing something for everything to click in place, for that lightbolb moment. xD
    Desktop Environment poll:
    https://www.phoronix.com/forums/foru...de-do-you-like

    Comment


    • #3
      Originally posted by Kendji View Post
      I'm struggling to understand the basic difference between openvpn based vpn and WireGuard. Don't get me wrong, I get that WireGuard implements the encryption on deeper on the OSI layer/in the Kernel. The thing that I'm not getting is how will this differ in practical terms, would you need a different VPN serivice that uses WireGuard or can you imprement current service solutions with WireGuard instead of OpenVPN. Sorry if this is a dumb question, feel like I'm missing something for everything to click in place, for that lightbolb moment. xD
      Wireguard has its own standardized VPN protocol, you will need a Wireguard VPN server somewhere and a client in your PC/devices/whatever.

      As far as I was able to understand it, Wireguard's "roaming" feature makes it more like a peer-to-peer system with no true "server" or "client" distinction.
      To start the connection you will need one of the nodes to have a public IP address to be reachable by the "clients", so that's the "server".
      But if you were all on the same subnet (local network), or if we were using ipv6 so we would have no NAT hiding local device IPs from the internet, you could initiate a connection from anywhere to anywhere.
      Last edited by starshipeleven; 11-11-2017, 12:14 PM.

      Comment


      • #4
        Originally posted by Kendji View Post
        I'm struggling to understand the basic difference between openvpn based vpn and WireGuard.
        openvpn uses tcp, wireguard uses udp. tunnelling over tcp sux

        Comment


        • #5
          Originally posted by pal666 View Post
          openvpn uses tcp
          While OpenVPN CAN work over TCP it is not the default nor recommended setup

          Comment


          • #6
            Originally posted by s.ivanov View Post

            While OpenVPN CAN work over TCP it is not the default nor recommended setup
            So what's the advantage of WireGuard over OpenVPN? Is it just because WireGuard is a cooler name?

            I did read about roaming features, those remind me of MoSH and IPv6 features.

            Is WireGuard so exciting or just overhype?

            WireGuard aims to be as easy to configure and deploy as SSH.
            WTF? SSH can sometimes become an ass to configure, specially if over NAT. X redirection sucks too.

            I think there's not need of just a VPN protocol, but a resilient networking connection protocol able to be used for X, SSH-like, Wayland and whatever shit you may want to.

            And please kill obsolete baud crap of terminals! SSHFS sucks too! NFS sucks too! New protocol for both terminals, file sharing/transfer/NAS and Wayland, maybe based on 9P or whatever! Something not only shiny, but functional, robust, stable, easy to configure, usable even on the crappiest network and powerful.

            Is WireGuard that protocol? I'm damn sceptic.
            Last edited by timofonic; 11-11-2017, 06:47 PM.

            Comment


            • #7
              timofonic - Rather than speculation or relying on oversimplified forum responses, if you want, you can read about WireGuard, in order to develop an informed opinion. These resources might help a bit:

              - The front page has a big conceptual overview: https://www.wireguard.com/
              - The paper has the most detailed description: https://www.wireguard.com/papers/wireguard.pdf
              - The barebones description of the protocol is here: https://www.wireguard.com/protocol/
              - Some notes and a link to a paper on its formal verification are here: https://www.wireguard.com/formal-verification/

              Reading these will give you the most thorough information in order to determine why WireGuard exists and whether that existence is justified.

              If that's a bit too much reading for something you don't necessarily even care about, that's fine too. The tl;dr is that this is a lot simpler to use than previous VPN setups and gives better security and performance. It might not be the reality-changing alien-technology multi-purpose solves-all-your-problems all-spice everything-protocol you were hoping for though, since it's just trying to do secure tunnels. But it does do one thing, and hopefully it does that one thing decently enough. It could create the basis for other people creating the big things you have in mind on top of it.

              Comment


              • #8
                Originally posted by timofonic View Post
                WTF? SSH can sometimes become an ass to configure, specially if over NAT. X redirection sucks too.
                In short, WireGuard aims to make authentication of two (or more) peers as easy as using ssh's public key authentication.
                Last edited by ngkaho1234; 11-12-2017, 04:20 AM. Reason: Not only two peers

                Comment


                • #9
                  Originally posted by timofonic View Post
                  So what's the advantage of WireGuard over OpenVPN? Is it just because WireGuard is a cooler name?
                  Vastly reduced codebase (easier to review and keep bug-free), and higher performance so you can deploy it in embedded systems too (currently OpenVPN sucks in embedded, you get like 30 Mbit/s even on powerful dualcore ARM expensive routers, which is not a really acceptable speed for serious usage, like tunnelling filesharing protocols like SMB and friends).

                  Is WireGuard so exciting or just overhype?
                  If you need a VPN, yes it is exciting. If you want a kitchen-sink-type magic protocol that solves all Linux problems, no.

                  WTF? SSH can sometimes become an ass to configure, specially if over NAT.
                  Everything is an ass to configure over NAT, but the issue is NAT.

                  If you want to connect directly to something, it needs to be exposed somehow as it needs to be accessible from outside the NAT, you can't change basic networking.

                  I think there's not need of just a VPN protocol, but a resilient networking connection protocol able to be used for X, SSH-like, Wayland and whatever shit you may want to.

                  And please kill obsolete baud crap of terminals! SSHFS sucks too! NFS sucks too! New protocol for both terminals, file sharing/transfer/NAS and Wayland, maybe based on 9P or whatever! Something not only shiny, but functional, robust, stable, easy to configure, usable even on the crappiest network and powerful.

                  Is WireGuard that protocol? I'm damn sceptic.
                  No it is not, Wireguard is just a easy to use/configure and light VPN.

                  You have no idea of what you are talking about here, a protocol able to support both internal and external uses, VPN, file sharing, display, console and SSH is going to be a bloated mess of crap.

                  Comment


                  • #10
                    Originally posted by timofonic View Post
                    I think there's not need of just a VPN protocol, but a resilient networking connection protocol able to be used for X, SSH-like, Wayland and whatever shit you may want to.
                    such protocol exists, it is called tcp

                    Comment

                    Working...
                    X