I'm struggling to understand the basic difference between openvpn based vpn and WireGuard. Don't get me wrong, I get that WireGuard implements the encryption on deeper on the OSI layer/in the Kernel. The thing that I'm not getting is how will this differ in practical terms, would you need a different VPN serivice that uses WireGuard or can you imprement current service solutions with WireGuard instead of OpenVPN. Sorry if this is a dumb question, feel like I'm missing something for everything to click in place, for that lightbolb moment. xD

Wireguard has its own standardized VPN protocol, you will need a Wireguard VPN server somewhere and a client in your PC/devices/whatever.

As far as I was able to understand it, Wireguard's "roaming" feature makes it more like a peer-to-peer system with no true "server" or "client" distinction.
To start the connection you will need one of the nodes to have a public IP address to be reachable by the "clients", so that's the "server".
But if you were all on the same subnet (local network), or if we were using ipv6 so we would have no NAT hiding local device IPs from the internet, you could initiate a connection from anywhere to anywhere.

openvpn uses tcp, wireguard uses udp. tunnelling over tcp sux

While OpenVPN CAN work over TCP it is not the default nor recommended setup

So what's the advantage of WireGuard over OpenVPN? Is it just because WireGuard is a cooler name?

I did read about roaming features, those remind me of MoSH and IPv6 features.

Is WireGuard so exciting or just overhype?

WTF? SSH can sometimes become an ass to configure, specially if over NAT. X redirection sucks too.

I think there's not need of just a VPN protocol, but a resilient networking connection protocol able to be used for X, SSH-like, Wayland and whatever shit you may want to.

And please kill obsolete baud crap of terminals! SSHFS sucks too! NFS sucks too! New protocol for both terminals, file sharing/transfer/NAS and Wayland, maybe based on 9P or whatever! Something not only shiny, but functional, robust, stable, easy to configure, usable even on the crappiest network and powerful.

Is WireGuard that protocol? I'm damn sceptic.

timofonic - Rather than speculation or relying on oversimplified forum responses, if you want, you can read about WireGuard, in order to develop an informed opinion. These resources might help a bit:

- The front page has a big conceptual overview: https://www.wireguard.com/
- The paper has the most detailed description: https://www.wireguard.com/papers/wireguard.pdf
- The barebones description of the protocol is here: https://www.wireguard.com/protocol/
- Some notes and a link to a paper on its formal verification are here: https://www.wireguard.com/formal-verification/

Reading these will give you the most thorough information in order to determine why WireGuard exists and whether that existence is justified.

If that's a bit too much reading for something you don't necessarily even care about, that's fine too. The tl;dr is that this is a lot simpler to use than previous VPN setups and gives better security and performance. It might not be the reality-changing alien-technology multi-purpose solves-all-your-problems all-spice everything-protocol you were hoping for though, since it's just trying to do secure tunnels. But it does do one thing, and hopefully it does that one thing decently enough. It could create the basis for other people creating the big things you have in mind on top of it.

In short, WireGuard aims to make authentication of two (or more) peers as easy as using ssh's public key authentication.

Vastly reduced codebase (easier to review and keep bug-free), and higher performance so you can deploy it in embedded systems too (currently OpenVPN sucks in embedded, you get like 30 Mbit/s even on powerful dualcore ARM expensive routers, which is not a really acceptable speed for serious usage, like tunnelling filesharing protocols like SMB and friends).

If you need a VPN, yes it is exciting. If you want a kitchen-sink-type magic protocol that solves all Linux problems, no.

Everything is an ass to configure over NAT, but the issue is NAT.

If you want to connect directly to something, it needs to be exposed somehow as it needs to be accessible from outside the NAT, you can't change basic networking.

No it is not, Wireguard is just a easy to use/configure and light VPN.

You have no idea of what you are talking about here, a protocol able to support both internal and external uses, VPN, file sharing, display, console and SSH is going to be a bloated mess of crap.

such protocol exists, it is called tcp