Announcement

Collapse
No announcement yet.

Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than Later

Collapse
X
Collapse
 
  • Page of 2
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Falcon1
    replied
    Originally posted by Britoid View Post

    I don't think WG can do NAT-NAT.

    If it can, I'd love to know how.
    I was wondering that too. Wireguard can't but since it's registered as a "usual" network device you can set iptables masquarading to do that for you.

    NAT-to-NAT VPN with WireGuard
    https://staaldraad.github.io/2017/04/17/nat-to-nat-with-wireguard/
    A recent research project/idea required me to look into setting up a NAT-to-NAT VPN. The basic idea being that two NATed networks are able to communicate through a VPN and share resources. While researching possible VPN solutions, I remembered reading about WireGuard a new VPN that aims to be fast, secure and lightweight. This seemed like the perfect opportunity to both try out a new VPN implementation and accomplish the goals of the research project.


    I Guess this is also one of the nice things about WG. Do one thing and do it well and chain with similar though of tools.
    • Likes 2

    Leave a comment:

  • Britoid
    replied
    Originally posted by andy22 View Post
    I use softether in its own protocol version, mainly because it was much faster than openvpn. I guess it wins the most bloated achievement, since it actually re-implements all other VPN protocols as well !
    SoftEther is probably one of the easiest to setup.

    Leave a comment:

  • andy22
    replied
    I use softether in its own protocol version, mainly because it was much faster than openvpn. I guess it wins the most bloated achievement, since it actually re-implements all other VPN protocols as well !

    Leave a comment:

  • Britoid
    replied
    Originally posted by mb_q View Post
    I am a big fan of tinc, which has somewhat similar design to WireGuard; it is user-space and uses a traditional, unimpressive cryptography, but has a built-in mesh routing, so one can do cool things like NAT traversal or redundant gateway severs. These are possible with WG, but not without additional tools and cumbersome configuration...
    I don't think WG can do NAT-NAT.

    If it can, I'd love to know how.

    Leave a comment:

  • mb_q
    replied
    I am a big fan of tinc, which has somewhat similar design to WireGuard; it is user-space and uses a traditional, unimpressive cryptography, but has a built-in mesh routing, so one can do cool things like NAT traversal or redundant gateway severs. These are possible with WG, but not without additional tools and cumbersome configuration...
    • Likes 2

    Leave a comment:

  • Britoid
    replied
    Originally posted by macemoneta View Post

    Actually, Wireguard has more usable functionality for modern environments in its support for mobile connectivity, similar to mosh. With Wireguard, you can hop from access point to access point to LTE and back, while maintaining connectivity. This prevents the "drop/reconnect/oops it failed" that currents VPNs experience for mobile devices.
    Should also be much better for battery life.
    • Likes 1

    Leave a comment:

  • Brisse
    replied
    Just leaving this random comment here, sent through a WireGuard VPN connection, just for the fun of it
    • Likes 8

    Leave a comment:

  • macemoneta
    replied
    Originally posted by Britoid View Post

    OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

    Which is a better idea for security imho.
    Actually, Wireguard has more usable functionality for modern environments in its support for mobile connectivity, similar to mosh. With Wireguard, you can hop from access point to access point to LTE and back, while maintaining connectivity. This prevents the "drop/reconnect/oops it failed" that currents VPNs experience for mobile devices.
    • Likes 4

    Leave a comment:

  • starshipeleven
    replied
    Originally posted by Britoid View Post
    OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

    Which is a better idea for security imho.
    I think "10x functionality" is not the best way to express the difference.

    They have more not-so-often used features and quite a bit of legacy features for compatibility.

    I agree that it is better to keep extra features as a plugin where possible.
    • Likes 1

    Leave a comment:

  • Britoid
    replied
    Originally posted by starshipeleven View Post
    He is very likely talking about the code. Not that the protocol itself is amazing, but OpenVPN and IPSec are commonly bashed for their code bloat and large size, which is not what you want in anything working with security.
    OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

    Which is a better idea for security imho.
    • Likes 1

    Leave a comment:

Previous 1 2 template Next
Working...
X