
TunSafe: A High Performance WireGuard Client for Windows - ludde
https://tunsafe.com
======
zx2c4
As the author of WireGuard, I'd _STRONGLY_ advise against using this closed-
source implementation, which likely has interoperability and security issues.

We'll have an official Windows client coming out shortly, which won't have
these same security concerns.

~~~
ludde
As the author of TunSafe and µTorrent, I wonder if you base that statement on
facts or is it just an attempt at spreading FUD and general dislike against
non open-source applications?

------
pepe56
Hey ludde, I highly appreciate your work. Especially because there are no real
alternative clients at the moment for Windows. Also from knowing the first
utorrent versions (not the crap from nowadays) I believe you are able to
produce efficient code. However I would agree, that the spirit of Wireguard is
to encourage to keep code simple and auditable. That's what Jason highlights
in his motivation. Having a closed source implementation on top of that feels
a bit wrong and I find it hard to support this.

Why not go the hybrid approach and make it open source so people can
understand and audit it. You could still ask for donations or even provide a
compiled version for some dollars like
[http://www.blink.sh/](http://www.blink.sh/)

~~~
vik_tor
If I remember correctly, there was an issue that torrent-sites and other pages
renamed uTorrent and sold the program after it was released, even though it
was free and closed source. That is why it was stated in the about box that it
is a free software and that you have to claim the money back if you have paid
for it. Regular Windows users seldom research or have an interest about the
origin of a software. If you imagine that TunSafe would be released as an open
source at a time when the progress is in an experimental stage and the TunSafe
name is not established, it would not surprise me if a lot of people and
companies quickly release copies of TunSafe with a new name and hard marketing
and ads to quickly get users. Without understanding the code or the wireguard
protocol, and may not have the knowledge or interest to further develop or
have a team that validates the code and fixes bugs. Since the wireguard
protocol is officially not yet complete, I believe neither Ludde, Jason nor
anyone who is passionate about the future of wireguard would like to see such
a development right now.

------
nostream
Cool news!

zx2c4: Would it be possible for you to configure the WireGuard demo server so
that it detects if there are interoperability issues with other clients?

~~~
zx2c4
I'm not going to be playing the interoperability game or wasting time with
closed-source proprietary garbage. Simply use a real implementation of
WireGuard and you'll be fine.

~~~
nostream
zx2c4: I appreciate your software but I think it's good with alternatives, and
your attitude is a bit harsh. Why not support alternatives? Isn't the main
reason with open-source communication protocols to inspire people to make
alternative client/server software? TunSafe seems to be a neat pieace a
software and something a lot of people have been waiting for, and Ludvig
Strigeus made the best software for the BitTorrent protocol in the early days.
Why do you not appreciate that he spend time to make a client that support
your protocol? I've been waiting for a wireguard windows client and I would
have made one if I had the knowledge. God damn, show a little appreciation?

~~~
zx2c4
Actually there are a couple open source alternatives around the corner -- one
in Rust and another in Go -- fully supported. I agree that software really
does thrive with an abundance of alternatives. An important thing is that we
can verify the security of these implementations.

~~~
nostream
zx2c4: I've looked at the Go version on your homepage, but the initial text in
the git project. "This is not a complete implementation of WireGuard .....
There is no group of users that should use the code in this repository here
under any circumstances at the moment, not even beta testers or dare devils.",
is this the one that you refer to or do you have a closed git project with a
newer version?

Either way. The L2TP/IPSec implementation in Windows 7 I use now is also
closed-source proprietary software. So I can't see that TunSafe should be
worse since the author is public. I guess TunSafe will not be able to
communicate with the wireguard servers if it does not use the correct
encryption and protocol scheme?

~~~
zx2c4
> TunSafe will not be able to communicate with the wireguard servers if it
> does not use the correct encryption and protocol scheme

There's a lot more to writing secure software than merely implementing
something that appears to speak the protocol some of the time, or merely
implementing a protocol at all. As I said, don't rely on TunSafe.

As above, we'll have snapshots of the cross platform implementations shortly.
Until then, I'd recommend just waiting patiently.

~~~
nostream
zx2c4: I've been waiting for quite a while, how far away in time is shortly?

"appears to speak the protocol some of the time, or merely implementing a
protocol at all"

ludde: Is the wireguard protocol fully implemented or just partially
implemented in the version that is on the homepage?

------
fulafel
Is it implemented in a memory safe language?

~~~
zx2c4
We've got two official WireGuard open source clients coming in the pipeline
for Windows and macOS -- one in Rust and another in Go. (Neither are TunSafe,
which is C++.)

~~~
nostream
zx2c4: Which language is the linux version of wireguard written in?

~~~
rumpelsepp
the reference implementation is a linux kernel module:
[https://git.zx2c4.com/WireGuard/](https://git.zx2c4.com/WireGuard/)

there are currently at least two actively developped open source userspace
implementations in different languages. Two examples are Go and Rust:

[https://git.zx2c4.com/wireguard-go/](https://git.zx2c4.com/wireguard-go/)
[https://git.zx2c4.com/wireguard-rs/](https://git.zx2c4.com/wireguard-rs/)

