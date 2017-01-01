Hacker News new | comments | show | ask | jobs | submit login
WireGuard Presentation at FOSDEM17 [video] (wireguard.io)
49 points by zx2c4 2 hours ago | hide | past | web | 5 comments | favorite





The FOSDEM web site includes a synopsis of this talk [0], along with the video, slides (PDF) [1] and a "demo screencast" (MP4/video) [2].

It's a good talk and WireGuard is quite interesting. IPSec, OpenVPN, et al., are great but I definitely think there's a need for a high-performance, high-security, easy to configure VPN.

The demo is only two and a half minutes long, check it out.

[0]: https://fosdem.org/2017/schedule/event/wireguard/

[1]: https://fosdem.org/2017/schedule/event/wireguard/attachments...

[2]: https://fosdem.org/2017/schedule/event/wireguard/attachments...

Previously covered 7 months ago at https://news.ycombinator.com/item?id=11994265

The author answered questions there.

Also 4 days ago for its FOSDEM presentation: https://news.ycombinator.com/item?id=13569420

WireGuard does seem like a very good approach to an easily configurable, high performance, high security VPN.

How good/bad of an idea is a kernel-level VPN?

ipsec/ike2/isakmp are implemented in kernel afaik, with userspace tools to control them and they're used pretty heavily in commercial scenarios(for office to office vpn or vpn into cloud tenancy etc). OpenVPN/Tinc etc are userspace and seem to be popular for consumers as they require less coupling and relatively easy to setup.

In terms of whether that's good or bad, it depends on your requirements and what's optimal to you. If you think about the problems in OpenSSL, which backs OpenVPN, then that's been a fairly large attack surface vector. Compare that to ipsec/ike2 kernel related vectors and weigh up the setup/learning/deployment costs of both.

