
WireGuard VPN review: A new type of VPN offers serious advantages - yepthatsreality
https://arstechnica.com/gadgets/2018/08/wireguard-vpn-review-fast-connections-amaze-but-windows-support-needs-to-happen/
======
StavrosK
If you aren't using WireGuard yet, do. Setting it up is super easy, I wrote a
guide for common setups:

[https://www.stavros.io/posts/how-to-configure-
wireguard/](https://www.stavros.io/posts/how-to-configure-wireguard/)

~~~
rahimnathwani
This is a great guide. Thanks. I was reading it just yesterday.

If Algo had supported WireGuard at the time you looked into this, would you
still have done it yourself?

~~~
StavrosK
I'm not sure how Algo does it, but the configuration is easy enough. I
wouldn't do it without the post to help me, because it took a long time to
figure it out, but copying two files isn't much hassle.

~~~
rahimnathwani
Cool. I'll try it out this week. My current VPN uses shadowsocks tunneled over
KCPTUN, but I don't think I've optimised the KCPTUN parameters well enough, as
the throughput is similar with and without it. I'm curious to see what
throughput I get with WireGuard.

------
dingaling
Unfortunately WireGuard is UDP only, so I can't even use it to get out through
the university wifi firewall. 80 / 443 on TCP only.

At least OpenVPN, for all the criticism the article throws at it, has the
configurability to pass through the various strange firewall rules that exist
in the real World. Waiting eight seconds for negotiation isn't a big deal when
the new and shiny 'replacement' doesn't have a hope of working.

~~~
galadran
Oh man! If only there was a way to take UDP packets and tunnel them over TCP!
Wait a second!

[http://manpages.ubuntu.com/manpages/xenial/man1/udptunnel.1....](http://manpages.ubuntu.com/manpages/xenial/man1/udptunnel.1.html)

Setup Wireguard on your server as though everything were normal. However, on
the server, run this command (as a service):

udptunnel -s 443 127.0.0.1/51820

Then on your client run:

udptunnel -c [SERVER-ADDR]/443 127.0.0.1 51818

In the Client's Wireguard Config, where you would normally specify the
server's address / port. Instead specify 127.0.0.1 51818. Finished!

Don't forget to open the firewall on the server's port 443!

Setting up udptunnel as a systemd service to auto start / restart only
involves writing two short files! Wireguard uses a standard service file as
well so you can simply require the udptunnel service as a prerequisite!

Personally, I find this style of combining simple components much more
satisfying (and secure!) than the gargantuan complexity of OpenVPN/IPSec!
Wireguard's simplicity means it is easy to have a mental model around how it
functions and how it can be composed!

~~~
Foxboron
Huh. Think I'll package udptunnel for Arch and fix up the ArchWiki entry with
this. Super neat.

~~~
nickik
You doing gods work.

------
pimeys
Having been running WireGuard in my router for a couple of months now I have
to say it's just the first ever VPN to offer no bandwidth penalty and a very
easy setup. Now I have IPv6 through the VPN, all traffic from the house is
routed through anonymous servers and I've had no problems with the connection
dropping. Very nice work here.

~~~
corybrown
What router do you have that lets you run wire guard?

~~~
ac29
You can run it on Ubiquiti's EdgeRouters:
[https://community.ubnt.com/t5/EdgeRouter/Release-
WireGuard-f...](https://community.ubnt.com/t5/EdgeRouter/Release-WireGuard-
for-EdgeRouter/td-p/1904764)

~~~
technofiend
And if you're feeling like a fun weekend hacking project it's also available
on OpenBSD which runs on the EdgeRouter including support for the onboard
packet accelerator.

[https://marc.info/?l=openbsd-
ports&m=152712417729497&w=2](https://marc.info/?l=openbsd-
ports&m=152712417729497&w=2)

Nothing against vyatta/edgeos but since getting into edge cases requires
command line anyway, you can just start there without too much trouble.

~~~
IcePic
You just get to port Go to octeons during that weekend then. But if you do, I
will be happy! \o/

------
Johnny555
Is Wireguard stable and ready for general use? The Wireguard devs seem to
think it's not:

[https://www.wireguard.com/#about-the-
project](https://www.wireguard.com/#about-the-project)

 _Work in Progress_

 _WireGuard is not yet complete. You should not rely on this code. It has not
undergone proper degrees of security auditing and the protocol is still
subject to change. We 're working toward a stable 1.0 release, but that time
has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD",
but these should not be considered real releases and they may contain security
vulnerabilities (which would not be eligible for CVEs, since this is pre-
release snapshot software). If you are packaging WireGuard, you must keep up
to date with the snapshots._

~~~
chme
When it has been reviewed merged into the mainline linux kernel, then it can
be considered stable.

AFAIK Jason does use wireguard for himself now, but is cautious to recommend
that to everyone.

The last submission to the linux kernel is here:
[http://lkml.iu.edu/hypermail/linux/kernel/1808.3/00619.html](http://lkml.iu.edu/hypermail/linux/kernel/1808.3/00619.html)

While merging wireguard should not be a problem, its own crypto library called
'zinc' has bigger open points of discussion.

~~~
viraptor
Merging into mainline doesn't mean things are stable. There's a few
experimental options available when compiling the kernel.

~~~
pnutjam
Btrfs has been in the kernel for years.

~~~
viraptor
I'm not sure if this was meant as a jab or accurate, but btrfs is a good
example. The core of it is stable, but there are a few features which are
unstable/experimental, yet still included.

------
amckinlay
Why can't we have IPSec + IKEv2 everywhere as originally intended as part of
IPv6. No "VPN" necessary.

~~~
MaxBarraclough
We're not in IPv6 world yet, but even if we were, Amazon AWS EC2 would
doubtless continue to make IPSec awkward.

They only route UDP and TCP to your VM, so if you want IPSec, you have to mess
about with 'Amazon Virtual Private Cloud'.

------
SEJeff
Linus is also a huge fan of wireguard overall:
[http://lkml.iu.edu/hypermail/linux/kernel/1808.0/02472.html](http://lkml.iu.edu/hypermail/linux/kernel/1808.0/02472.html)

Praise like this from him is rare.

~~~
snaky
Linus never was a big fan of serious security matters. He is interested
primarily in simple, small code that is simple to maintain, code that doesn't
require any serious changes in other parts of the kernel, that's it.

------
adrian_mrd
Does anyone know if any commercial VPN providers implement WireGuard yet on
iOS? > "An iOS app is available in the WireGuard repository, but as it isn't
in the App Store yet. It's probably not going to do you any good unless you're
an iOS developer yourself."

The article references code for iOS apps but also states that "it needs to be
baked right into the kernel for that to happen.". Would iOS apps also need the
iOS Kernel (say iOS 12.x or iOS 13.x) to include WireGuard to take advantage
of some of the speed advantages over OpenVPN?

~~~
monocularvision
I don’t think so, although I am hardly an expert. The iOS SDK has the ability
for apps to provide custom VPN implementations for use system wide (see:
[https://developer.apple.com/documentation/networkextension/n...](https://developer.apple.com/documentation/networkextension/nepackettunnelprovider)
)

I don’t know if WireGuard being UDP causes issues, but I would assume it is
possible.

------
dewey
Is there any "easy" algo-like setup? I've checked but all of them still seem
to involve a lot of steps. I could do it but I'd prefer if there's some quick
start to test it out.

~~~
pvg
Algo supports it, without being super-obvious about it. When it's done doing
its thing, fish out the generated wireguard client config from

algo/configs/your.server.ip/wireguard/uname.conf

Add

    
    
        PersistentKeepalive = 25
    

as the last line (should be in the [Peer] section).

Feed the conf file to your client. That's it.

~~~
aorth
I've been using WireGuard via algo for a few months and love it. What does
PersistentKeepalive do?

~~~
pvg
Sends a tiny bit of dummy traffic every N seconds, keeps a NAT router from
just forgetting about your client's state. I imagine Algo doesn't include that
line because the generated config is for Android phones but for a laptop or
desktop behind NAT, you pretty much always want it. This is especially true
for things like public WiFi where the routers can be particularly keen to
forget you.

Edit: There's a blurb about it on the website as well that is a little less
handwavey than what I typed:

[https://www.wireguard.com/quickstart/#nat-and-firewall-
trave...](https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-
persistence)

~~~
dguido
Please submit an issue and I'll fix it! -AlgoVPN developer

~~~
pvg
What Algo does now seems technically correct (the best kind of correct!) since
it essentially says WG is for Android. I've added the issue though, for when
more desktop-y clients are officially supported.

[https://github.com/trailofbits/algo/issues/1068](https://github.com/trailofbits/algo/issues/1068)

Thanks!

------
linsomniac
I wonder how it works in ChromeOS, anyone tried it? I had OpenVPN working for
a while, but the debugibility of it was pretty low, it was a pain to set up. I
was always turning it on and off, unlike my Linux laptop where it would just
always be on and working. That's using the built in OpenVPN, not an android
app. I wonder if setting it up in the "ChromeOS centrally managed" mode would
help any?

I'm really using my chromebook a lot these days at home, but wish I had a
better VPN option for it.

------
hbcondo714
> Waiting for Windows support is going to put WireGuard out of reach for many
> users for another few months.

Haven't tried it yet but Mullvad.net just released a VPN app for Windows:

[https://mullvad.net/en/blog/2018/8/14/official-release-
new-m...](https://mullvad.net/en/blog/2018/8/14/official-release-new-mullvad-
vpn-app-windows/)

~~~
detaro
are you sure that uses Wireguard?

~~~
eptcyka
Not yet, but it's in the works. There currently isn't a stable userspace
implementation of Wireguard that would work on all the major platforms anyway
:(

------
rooam-dev
Recently we had to decide what to use and went with IPSec instead of
WireGuard. Any reasons to reconsider and switch to WG? Thanks.

~~~
chrisper
Less complex and easier on firewall traversals.

~~~
rooam-dev
Easier from performance point of view? Thanks.

~~~
chrisper
I think IPSec needs special treatment when it comes to NAT port forwarding.
WireGuard claims this is not necessary with wireguard.

------
fulafel
If you'd like to run a memory-safe-ish implementation of WireGuard, apparently
there is a working Go version:
[https://www.wireguard.com/xplatform/](https://www.wireguard.com/xplatform/)

------
nemoniac
Tried it but couldn't make it work.

When someone provides instructions to set up a WireGuard server on my Linux
server and a client on my Android, I might just buy into that "easy setup"
story.

~~~
computerfriend
There's plenty of tutorials, including a couple posted in this thread. It's
unfortunate that you had a bad experience setting it up, since it is usually
pretty simple. But I think the "easy setup" is relative to the setup for
OpenVPN, etc.

------
A_No_Name_Mouse
I love the Android client. OpenVPN used to consume some 25% of the battery
life. With wireguard it's next to nothing and it's very very quick to connect.
Great stuff!

------
andrewflnr
Regarding the whole-protocol versions instead of mix and match negotiation: is
there a reason that wouldn't have worked for TLS? At least technologically;
I'm sure it was a non-starter politically.

I'm just wondering if there are any actual downsides to this scheme. It seems
like such an obviously good idea that I'm second-guessing myself.

~~~
hedora
I wonder if protocol agility was pushed through the IETF as part of the NSA’s
intentional weakening of crypto protocols.

~~~
saas_co_de
It was required to comply with US laws against exporting strong cryptography.
In order to have a global standard the protocol had to be decoupled from the
crypto implementation and clients had to be able to negotiate down to the
(broken) crypto approved for export.

[https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...](https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States)

------
syedamer
What bothers me in the Article, the official documentation and almost all
guides for wireguard is that they ignore ipv6 completely. They either result
in a leaking vpn or bad working one where all ipv6 connections fail.

~~~
bjoli
Doesn't it just tunnel everything on one interface? In my tests, using a
minimal config, ipv6 is tunneled just fine without extra consideration.

The only thing I have added is a kill switch that blocks internet access if
the WG interface goes down.

------
jorangreef
"SipHash24 for hashtable keys"

Someone can correct me, but I would prefer Tabulation Hashing to SipHash, even
though SipHash is by DJB. Tabulation Hashing offers optimal guarantees and
performance, and it's much simpler.

------
zanchey
Automatic roaming seems to be the killer feature that nobody has noticed - I
know IPsec has this to a degree but Wireguard looks like it works much faster.

------
codedokode
I don't like that it is running in the kernel. Running in userspace makes
everything more secure and I'm fine with little less bandwith.

~~~
confounded
Not doubting you, but ignorant and curious. What’s the security benefit of
userspace?

Easier to introspect/update/verify?

~~~
codedokode
If the kernel code is vulnerable then the attacker gets full control over your
system. They can also easily hide their presence. If the code is in userspace,
the attacker won't even be able to read your files if you run the daemon under
a separate user account. They only will be able to mine Bitcoins or use your
computer as a proxy for a short time.

------
bmacauley
From a security perspective, what happens if the wireguard key is passed to
another user?

How would you implement MFA in a wireguard system?

~~~
helper
This is what Jason said the last time it came up on the mailing list[1]:

"I think that given the WireGuard building block, it's certainly possible to
build a 2FA framework around it. And I do generally like 2FA and short-lived
credentials and such. Probably after getting the implementations buttoned up
-- kernel mainline, windows, etc -- I'll turn a bit of attention to expanding
tooling and full packages around the simple wg0 interface."

[1]:[https://www.mail-
archive.com/wireguard@lists.zx2c4.com/msg02...](https://www.mail-
archive.com/wireguard@lists.zx2c4.com/msg02882.html)

------
auslander
Is supporting EAP planned? Like EAP-IKEv2, which can use passwords for
authentication and session keys, RFC3748 ?

~~~
helper
No.

------
edwinyzh
I don't know much about the fundamentals of networking and security, just
asking - can a Linux server with WireGuard installed to be able be detected by
GFW (the Great FireWall) and thus get the IP address blocked?

On the other hand, I couldn't wait for the Windows client.

~~~
computerfriend
In principle, yes.

------
opk
So the control program is just "wg". We only have one namespace for commands
so using a two-letter combination for something as obscure as controlling VPNs
is not very clever. Two-letter combinations should be left to user aliases and
core things like cp, ls, df.

~~~
majewsky
I sure use "wg" more often than I use "ul", "as", "bc", "eg", "ex", "gc",
"id", "ld", "nl", "od", "pr", "sg", "tc" and "ul".

All these courtesy of `ls {,/usr}/{,s}bin/??`. In fact, there are only 44 two-
lettered commands on my (Arch Linux) system right now, so this particular
realm appears to be very sparsely populated. (Not counting shell builtins
though.)

------
xmichael999
I feel I gotta mention Tinc [https://www.tinc-vpn.org](https://www.tinc-
vpn.org) The article mentions it's existence but then ignores it...

It is as easy to use as WireGuard and has two advantages over wireguard. 1. It
will automatically mess, and find the best path. 2. It has a far wider range
of platforms supported than wireguard.

~~~
galadran
tinc is not a secure choice! Have you seen their documentation?

[https://www.tinc-
vpn.org/documentation/Security.html#Securit...](https://www.tinc-
vpn.org/documentation/Security.html#Security)

The default cipher is from 1993 and its creator recommends everyone updates.

32 bit MACs are hilariously tiny.

Home rolled authentication based around RSA.

Their own documentation even states: ”tinc’s security is not as strong as TLS
or IPsec."

DO NOT USE tinc!

~~~
Freaky
New deployments should be with 1.1 using its new protocol.

[https://www.tinc-vpn.org/documentation-1.1/Simple-
Peer_002dt...](https://www.tinc-vpn.org/documentation-1.1/Simple-
Peer_002dto_002dPeer-Security.html)

~~~
galadran
That does look a lot better, however:

a) its not supported by the stable release

b) There are no claims about downgrade resistance. The manual specifies the
new transport protocol is used if both clients support it and both have
changed their configs to enable experimental mode. Can an attacker still force
them to connect with legacy mode?

c) Users have to ensure every single config on every client has the correct
setting.

d) It still doesn't have the identity hiding features of Wireguard. (Someone
observing your network traffic can see which servers you are talking to from
the transmitted signatures)

~~~
Freaky
You can disable legacy support by not generating any RSA keys, or by building
with DISABLE_LEGACY.

------
Sami_Lehtinen
4096 bit keys, comparison, aah. Sounds like the crypto stuff is really badly
off in this article. Key length alone doesn't practically mean anything.
Classic VPN lies and hype.

~~~
borski
Did you read the article? The author agrees with you, and talks about why
4096-bit keys are not inherently more secure...

~~~
SlowRobotAhead
12 cheeseburgers are more than 1, but pretty useless to me because 1 is really
all I can use.

If current openvpn or IPSEC isn’t being cracked, there is only more energy
wasted in going to 4096bit keys.

Edit: lol downvotes... ok, cool. Tell me who is breaking 2048bit diffiehellman
exchange to 256bit AES in CBC mode. I’ll wait right here.

~~~
y4mi
You are probably getting downvoted because the article points out exactly
that. The author was erroneously thinking that a big key is necessary - and
wireguard doesn't provide one. Which made him discover that fallacy.

