
WireGuard on OpenBSD - fcambus
https://blog.jasper.la/wireguard-on-openbsd.html
======
jedberg
This is great! I love seeing Wireguard spread. I just spent three weeks
traveling abroad and installed wireguard on my home server right before I
left. It saved me a lot of trouble when I need to get work done "in the US",
but even moreso, it was great so that my kids could continue to watch PBS
while we traveled, and it was so easy to use on iOs that everyone in the
family could make it work for them.

~~~
hanklazard
Yeah, I seriously appreciate WG. Allows me to keep all home automation local /
non-cloud while still giving me the option of easily controlling and checking
elements remotely.

~~~
groovybits
Genuine question: In terms of getting from Network A to Network B, is there
anything that Wireguard does special that OpenVPN cannot/does not?

~~~
blattimwind
OpenVPN is harder to configure and uses/allows arkane crypto. The same applies
to IPsec, just more strongly. WireGuard is more in line with modern
cryptographic protocols that we know and love from e.g. instant messaging.

~~~
Avamander
Also lower-latency which is really great for streaming video for example. At
least in my case it's the difference between stuttering video and nice stream.

------
vxNsr
Looks like it's also now available for windows:
[https://hn.algolia.com/?query=https:%2F%2Flists.zx2c4.com%2F...](https://hn.algolia.com/?query=https:%2F%2Flists.zx2c4.com%2Fpipermail%2Fwireguard%2F2019-May%2F004126.html&sort=byPopularity&prefix&page=0&dateRange=all&type=story)

super exciting. can't wait to see where it goes from here.

~~~
freedomben
I'm definitely happy to see Windows getting closer, but I do think it's
important to state up front that this is "pre-alpha" currently. Depending on
you use case, that is super important.

------
JoachimS
The final part of the article mentions this "What is particularly neat is that
WireGuard on iOS supports Always-on."

I can only agree. I have WG installed on my iPhone, iPad and use the WG
service provided by Mullvad VPN. And it is on all the time since a few months
back. I don't experience any connectivity issues, lack of performance or
degradation in battery/power consumption. It really just works. Huge thanks to
Jason for developing WG as protocol, server implementation and clients.

------
Lownin
Does this mean we're close to WireGuard being viable as a pfSense package?

~~~
loeg
It's unrelated. pfSense is a FreeBSD derivative; not OpenBSD. FreeBSD already
has wireguard-go in ports, but the userspace implementation may not be
suitably performant for the kinds of embedded devices pfSense targets.

------
brunoqc
If I have a Wireguard server at home, can I use it on my phone in "always-on"
mode? Would it cause problem when I connect to my home's wifi?

It's been a while but I tried to do that with ipsec or something like that in
the past and I think it was causing problems. With the routing maybe.

~~~
slim
you need a fixed routable ip address for your home

~~~
themattress
I use afraid.org dynamic dns offering and it works great.

------
loeg
FWIW, there is a NetBSD kernel implementation work in progress that might be
useful (at least as a starting place) for OpenBSD:

[https://github.com/ozaki-r/netbsd-
src/tree/wireguard](https://github.com/ozaki-r/netbsd-src/tree/wireguard)

No activity since March, though.

------
WindowsFon4life
Will the kernel portion depend on lkm?

~~~
brynet
OpenBSD no longer has lkm, or any loadable kernel module framework. Any kernel
implementation would have to be part of the kernel source tree (this one is
userland, in ports).

~~~
vbezhenar
I thought wireguard is kernel-mode software and I disliked it because of that.
Interesting, may be there's Linux version of user-mode wireguard. I wonder
what's the performance difference between usermode and kernelmode wireguard.

~~~
thecompilr
There is user mode wireguard for Linux, it is wireguard-go:
[https://git.zx2c4.com/wireguard-go/](https://git.zx2c4.com/wireguard-go/).

There is also BoringTun:
[https://github.com/cloudflare/boringtun](https://github.com/cloudflare/boringtun)
which is faster

Disclaimer: I wrote BoringTun

