Hacker News new | past | comments | ask | show | jobs | submit login
TunSafe: A High Performance WireGuard Client for Windows (tunsafe.com)
9 points by ludde on Mar 4, 2018 | hide | past | web | favorite | 17 comments

As the author of WireGuard, I'd STRONGLY advise against using this closed-source implementation, which likely has interoperability and security issues.

We'll have an official Windows client coming out shortly, which won't have these same security concerns.

As the author of TunSafe and ĀµTorrent, I wonder if you base that statement on facts or is it just an attempt at spreading FUD and general dislike against non open-source applications?

Hey ludde, I highly appreciate your work. Especially because there are no real alternative clients at the moment for Windows. Also from knowing the first utorrent versions (not the crap from nowadays) I believe you are able to produce efficient code. However I would agree, that the spirit of Wireguard is to encourage to keep code simple and auditable. That's what Jason highlights in his motivation. Having a closed source implementation on top of that feels a bit wrong and I find it hard to support this.

Why not go the hybrid approach and make it open source so people can understand and audit it. You could still ask for donations or even provide a compiled version for some dollars like http://www.blink.sh/

If I remember correctly, there was an issue that torrent-sites and other pages renamed uTorrent and sold the program after it was released, even though it was free and closed source. That is why it was stated in the about box that it is a free software and that you have to claim the money back if you have paid for it. Regular Windows users seldom research or have an interest about the origin of a software. If you imagine that TunSafe would be released as an open source at a time when the progress is in an experimental stage and the TunSafe name is not established, it would not surprise me if a lot of people and companies quickly release copies of TunSafe with a new name and hard marketing and ads to quickly get users. Without understanding the code or the wireguard protocol, and may not have the knowledge or interest to further develop or have a team that validates the code and fixes bugs. Since the wireguard protocol is officially not yet complete, I believe neither Ludde, Jason nor anyone who is passionate about the future of wireguard would like to see such a development right now.

Cool news!

zx2c4: Would it be possible for you to configure the WireGuard demo server so that it detects if there are interoperability issues with other clients?

I'm not going to be playing the interoperability game or wasting time with closed-source proprietary garbage. Simply use a real implementation of WireGuard and you'll be fine.

zx2c4: I appreciate your software but I think it's good with alternatives, and your attitude is a bit harsh. Why not support alternatives? Isn't the main reason with open-source communication protocols to inspire people to make alternative client/server software? TunSafe seems to be a neat pieace a software and something a lot of people have been waiting for, and Ludvig Strigeus made the best software for the BitTorrent protocol in the early days. Why do you not appreciate that he spend time to make a client that support your protocol? I've been waiting for a wireguard windows client and I would have made one if I had the knowledge. God damn, show a little appreciation?

Actually there are a couple open source alternatives around the corner -- one in Rust and another in Go -- fully supported. I agree that software really does thrive with an abundance of alternatives. An important thing is that we can verify the security of these implementations.

zx2c4: I've looked at the Go version on your homepage, but the initial text in the git project. "This is not a complete implementation of WireGuard ..... There is no group of users that should use the code in this repository here under any circumstances at the moment, not even beta testers or dare devils.", is this the one that you refer to or do you have a closed git project with a newer version?

Either way. The L2TP/IPSec implementation in Windows 7 I use now is also closed-source proprietary software. So I can't see that TunSafe should be worse since the author is public. I guess TunSafe will not be able to communicate with the wireguard servers if it does not use the correct encryption and protocol scheme?

> TunSafe will not be able to communicate with the wireguard servers if it does not use the correct encryption and protocol scheme

There's a lot more to writing secure software than merely implementing something that appears to speak the protocol some of the time, or merely implementing a protocol at all. As I said, don't rely on TunSafe.

As above, we'll have snapshots of the cross platform implementations shortly. Until then, I'd recommend just waiting patiently.

zx2c4: I've been waiting for quite a while, how far away in time is shortly?

"appears to speak the protocol some of the time, or merely implementing a protocol at all"

ludde: Is the wireguard protocol fully implemented or just partially implemented in the version that is on the homepage?

Is it implemented in a memory safe language?

We've got two official WireGuard open source clients coming in the pipeline for Windows and macOS -- one in Rust and another in Go. (Neither are TunSafe, which is C++.)

The only 'supported' WireGuard implementation that exists is written by you in C, yet you complain that my C++ implementation lacks memory safety. Where is the logic?

zx2c4: Which language is the linux version of wireguard written in?

the reference implementation is a linux kernel module: https://git.zx2c4.com/WireGuard/

there are currently at least two actively developped open source userspace implementations in different languages. Two examples are Go and Rust:

https://git.zx2c4.com/wireguard-go/ https://git.zx2c4.com/wireguard-rs/

No, it's implemented in C++.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact