Page 1 of 3

WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Thu Apr 26, 2018 3:58 pm
by forest
For anyone wishing for a VPN with lower complexity, better performance, or less administrative hassle than currently-popular VPN protocols, or who just likes to be informed about such things, check out WireGuard. It looks very promising.

I expect the the kernel implementation to avoid the context-switching bottleneck that hampers OpenVPN, allowing low-power devices to run at closer to wire speed and giving VPN servers significantly greater capacity.

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue May 01, 2018 12:57 am
by faisal
Where are you terminating?

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue May 01, 2018 10:19 am
by kgc
Interesting in that one of OpenVPN's specific benefits is that it is in user space. This not only increases portability but simplifies development and maintenance.

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue May 01, 2018 11:20 am
by forest
kgc wrote:Interesting in that one of OpenVPN's specific benefits is that it is in user space. This not only increases portability but simplifies development and maintenance.
Yes, to some extent. Unfortunately, it comes at the price of a ton of context switches. This seems to be why openvpn bottlenecks at relatively low speeds on devices like my EdgeRouter X, despite having crypto hardware, and even in protocol tests with crypto disabled.

WireGuard's small, simple code base is another approach to easing portability, development, and maintenance.

Anyway, it looks like it's getting both a kernel implementation and a user-space implementation, so you'll have access to the latter if you prefer.
https://www.wireguard.com/xplatform/

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Mon Mar 30, 2020 7:28 pm
by forest
Follow-up: WireGuard has reached 1.0.

https://arstechnica.com/gadgets/2020/03 ... ux-kernel/

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue Mar 31, 2020 1:48 pm
by zbang
It's available for just about every common OS (linux, freebsd, mac, windoze) and is even in openwrt. (Some in the kernel, some in user space.)

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Fri Apr 24, 2020 10:07 am
by craig.langman
It's apparently included in the latest ubuntu (20.04). I came here to search if sonic had any support for it, seems no...

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue Apr 28, 2020 9:44 am
by mediahound
Is there a way to import a .opvn file in to Wireguard? I was not able to figure it out.

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue Apr 28, 2020 1:15 pm
by forest
mediahound wrote:Is there a way to import a .opvn file in to Wireguard?
No. OpenVPN and WireGuard are fundamentally different and not compatible with each other. Even if the configurations were compatible, you would need the VPN provider to offer WireGuard, which Sonic currently does not.

Re: WireGuard: A very strong candidate to replace OpenVPN and IPSec VPNs

Posted: Tue Apr 28, 2020 1:17 pm
by mediahound
forest wrote:
mediahound wrote:Is there a way to import a .opvn file in to Wireguard?
No. OpenVPN and WireGuard are fundamentally different and not compatible with each other. Even if the configurations were compatible, you would need the VPN provider to offer WireGuard, which Sonic currently does not.

Thanks. I'll stick with Viscosity.