Announcement

Collapse
No announcement yet.

Next-Generation Secure Network Tunnel Announced For The Linux Kernel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Next-Generation Secure Network Tunnel Announced For The Linux Kernel

    Phoronix: Next-Generation Secure Network Tunnel Announced For The Linux Kernel

    Jason Donenfeld announced today WireGuard, what he describes as a next-generation secure network tunnel for the Linux kernel...

    http://www.phoronix.com/scan.php?pag...uard-Announced

  • #2
    As an OpenVPN user, it's plenty fast for most WAN network connections that are south of gigabit speeds or so, and you don't even need super high-end hardware to get that performance.

    He has a point that in very highspeed scenarios something like OpenVPN won't fly. Here's a question though: Can this tunneling architecture be ported to other operating systems? Because a linux-to-linux tunneling protocol is nice but very limited [95% of the OpenVPN clients we support are Windows, and it also works with Mac & Linux].

    Comment


    • #3
      According to the main website (linked in article), there is cross platform clients written in go and rust. So it seems more than possible to be fine cross platform going forward. I do like that it is ready for docker containers ect.

      Comment


      • #4
        Originally posted by chuckula View Post
        As an OpenVPN user, it's plenty fast for most WAN network connections that are south of gigabit speeds or so, and you don't even need super high-end hardware to get that performance.
        Dunno about you, but any VPN I've tried kills most routers if you have more than a few tunnels. OpenVPN is a bitch on server side.

        I'm not a fan of placing x86 systems around just for VPN.

        Can this tunneling architecture be ported to other operating systems?
        The server side part probably no (or not without losing most of its performance), as this critter manages to be so small and light as it is off-loading most of the stuff to the kernel.

        Clients I don't see why not.

        Comment


        • #5
          This would be perfect for my use cases. 100% of my vpns are linux to linux, and typically at the network boundaries, so that internal nodes, regardless of OS, get a free ride without the need for any client software and without even being aware that they are using a vpn to get to the other branch offices.

          Comment


          • #6
            Pretty cool for vpns running on routers.
            For example the freifunk mesh community often uses vpns on routers to tunnel their traffic to a server to bypass the weird open wlan laws in germany.

            Comment


            • #7
              Originally posted by starshipeleven View Post
              Dunno about you, but any VPN I've tried kills most routers if you have more than a few tunnels. OpenVPN is a bitch on server side.

              I'm not a fan of placing x86 systems around just for VPN.
              Yeah, router hardware (even ludicrously expensive router hardware) is crappy for any sort of general-purpose application.

              As for x86 systems being a problem, the 8 year old Core 2 system we use runs just fine for multiple users. As a bonus, it actually gets regular security updates, which is something I can't say for many routers.

              Comment


              • #8
                Don't like ec-keys. Can I have something else please?

                Comment


                • #9
                  Originally posted by milkylainen View Post
                  Don't like ec-keys. Can I have something else please?
                  Keep in mind that this is Curve25519, and not ECDSA. Not tainted by NSA AFAIK.

                  Comment


                  • #10
                    Originally posted by chuckula View Post
                    As for x86 systems being a problem,
                    It's power-hungry, bigger, usually requires fans and ATX PSUs and all kinds of stuff that can and does fail if left online and under load for 24/7, embedded devices designed from the ground up for 24/7 usage and low power consumption are usually more reliable.

                    It's not the first time stuff I (we) installed somewhere fails horribly or requires babysitting. Routers are usually much more resilient.

                    For relatively limited usage (one or two VPNs) most routers are fine, and placing a dedicated x86 box is overkill.

                    I'm therefore not spitting on a good way to do more VPNs without adding a x86 box.

                    As a bonus, it actually gets regular security updates, which is something I can't say for many routers.
                    I use custom firmwares based off OpenWRT and now LEDE. How do you think I can trust a VPN server in a router at all?

                    Comment

                    Working...
                    X