
List of software and things that use or support WireGuard - z0mbie42
https://ianix.com/wireguard/wireguard-deployment.html
======
leeoniya
> OPNsense 19.7 supports WireGuard

yep, can confirm :)

currently running on this passively-cooled thing:

[https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-
AES-...](https://www.amazon.com/Firewall-Micro-Appliance-Gigabit-AES-
NI/dp/B0742Q3NT6)

~~~
oneplane
That's pretty expensive for what is essentially a rebranded Qotom. On the
other hand, if you are in the USA, it's probably a good choice.

OPNSense 20+ also support WireGuard just in case someone gets confused about
that specific version reference.

~~~
jms703
The ProtectLi boxes might cost a little bit more, but they seem to be really
well made and of good quality. I moved from a PCEngines APU to a ProtectLi
because I needed faster packet forwarding performance when I upgraded my home
internet connection to 1 Gbps.

~~~
bdd
I run an apu2c4 at home, with 1 Gbps internet connectivity. It’s a two legged
setup, one leg to the ONT, and one leg to the switch carrying dot1q tagged
VLAN traffic. It never fails to saturate that internal interface and does that
with ~20-30% cpu idle time. I also run few small processes like DNS, NTP,
syslog receiver in their own containers, serving the home. The only time this
machine struggles is when my wife is out in a library, coffee shop with good
connectivity and her VPN traffic (wireguard) to home is above 200 Mbps and at
the same time I’m downloading from somewhere that can feed me at least
800Mbps. In this case it cannot saturate the gigabit interface because CPU is
too busy.

Linux 4.19 kernel. IPtables for packet filtering and IPv4 NAT. ~30% of my
traffic is v6 without NAT overhead.

------
roamerz
Maybe a little OT but any word of a FIPS 140 implementation of this protocol?
Would make the adoption of this in an enterprise environment possible.

~~~
ausjke
a very good questions indeed, but that means you need certify lots of kernel
crypto modules for whatever wireguard depends on, redhat has fips-140 kernel
so I assume it will do something similar to wireguard, as redhat will want to
sell this to governments etc

------
geraldcombs
Is there a way to suggest additions to the page? Wireshark supports WireGuard
dissection and decryption[1], and the pcapng[2] file format has a block type
defined for WireGuard secrets.

[1][https://wiki.wireshark.org/WireGuard](https://wiki.wireshark.org/WireGuard)

[2][https://github.com/pcapng/pcapng](https://github.com/pcapng/pcapng)

------
clairity
> "wireguard-vanity-address[0] — generate Wireguard keypairs with a given
> prefix string"

generating 4-5 character-prefixed keys seems to up the chances of collision by
many orders of magnitude, right? but even so, is that enough of a concern to
not use such a tool?

[0] [https://github.com/warner/wireguard-vanity-
address](https://github.com/warner/wireguard-vanity-address)

~~~
Znafon
It's just a brute force so I think it should not matter. Once you find a
public key that match what you are looking for you have the same amount of
work to do to find the private key.

It would be different if it was to generate a private key that matches the
prefix.

------
kamyarg
[https://github.com/trailofbits/algo](https://github.com/trailofbits/algo)
Also supports it.

Have been using it for personal VPN deployments, very easy to use and each
time I notice they have made moves to be more secure.

------
mobilio
TunSafe also works on iOS, Android, Linux and Windows. Not just on macOS!

------
kgersen
managed wieguard: [https://tailscale.com/](https://tailscale.com/)

~~~
ornornor
I’d like to try it but why force users to login with either gmail or
Microsoft? What’s wrong with a plain old username/any other email provider and
password?

~~~
cpuguy83
They addressed this in another post on HN.

Basically they don't want to manage U/P. They are looking at other services as
well (such as github).

------
st3fan
You can add Firefox VPN to the list too.

------
jorvi
> It is recommended to use official WireGuard software whenever possible.

I don't agree with his sentiment _at all_. With OpenVPN Viscosity is by far
the best OpenVPN client and both the 'official' client (OpenVPN) and the open
source alternative (Tunnelblick) are buggy and have crappy UI. I'm hoping
Sparklabs either repurpose Viscosity to include WireGuard as well, or write a
new client specifically for WireGuard (which I'd happily buy).

Edit: wow, what the hell. I guess HN hates improved clients with a violent
passion.

~~~
catalogia
What does OpenVPN having a shitty official client have to do with wireguard?

~~~
jorvi
Both the iOS and macOS Wireguard client are functional but they aren't shining
examples of great UI, UX or feature richness. Often 3rd party clients (as
happened with OpenVPN) will fill that gap.

~~~
catalogia
Hmm, I can't say I've noticed much UI/UX issue with the MacOS wireguard
client; it seems very straight forward to me. As for feature richness,
wireguard not having a bunch of knobs and buttons to tweak is one of its nicer
features I think.

