Hacker News new | past | comments | ask | show | jobs | submit login

>The gold standard, as ever, is Wireguard.

Not disagreeing with you about the state of commercial VPN products, but regarding WG specifically. Something I don't see in the other replies just yet is that Wireguard doesn't yet have an ecosystem around it, but is designed for that in a good way. By which I mean, it follows the Unix philosophy of focusing on one specific task and doing it very well, and it has succeeded in that admirably even at its early stage of development. And long term I think that will result in better, more secure and more reliable solutions. But in the immediate term solutions/ecosystems around it don't exist and I think that makes for legitimate scalability problems for anyone who doesn't want to roll their own infrastructure. It very explicitly doesn't want to deal with integrating with key management/HSMs/AD policies/whatever. Eventually WG itself will be used along with those, and there will be nice GUIs on it, and so on. Hopefully it'll simply become the standard for VPN products to rely upon and the world will be a better place for it.

But in these early days it can't slot in everywhere because it's not even meant to. That'll take more time, maybe kernel mainlining (maybe after the WG port to the crypto API Jason announced last week?) and integration with the *BSDs. It's still in a fairly significant growth phase.

It depends on what you're using a VPN to accomplish. If you're talking about rolling out an enterprise-wide solution that does site-to-site and small branch offices and remote access, I agree: WireGuard isn't there yet (an enterprising security engineer might get it there!).

But most of the VPNs I encounter in my work are not that; rather, they're simple remote access mechanisms, addressing the same problem an SSH tunnel would, but more cleanly. WireGuard is better than the alternatives for these common-case simple remote access VPNs.

Additionally, there are lots of random tasks that you might want to deploy a simple point-to-point VPN to solve (peering, cross-account cloud access, etc) that OpenVPN and strongSwan are just too painful to set up. WireGuard is approximately as easy to set up as an SSH tunnel; the tunnel wants you to map ports, and WireGuard wants IP addresses. I imagine it might see a lot of deployments that legacy VPN protocols won't.

If all of my remote access can be done via ssh {+ local/remote forwarding}, is there a reason for me to consider wireguard?

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer without fussy interactions with a Unix shell (that then also needs to be accounted for in a security model), has higher performance, is practically bulletproof in terms of keeping connections alive, and gets you direct access to whatever resources you've provisioned the network to provide.

I wouldn't ding someone using SSH tunnels (carefully), but in a de novo design, I would always recommend WireGuard first.

>> If all of my remote access can be done via ssh {+ local/remote forwarding}..

> WireGuard .. has higher performance ...

Note there are circumstances where ssh port forwarding (-L, -R, -D) is faster than any L2/L3 vpn because it breaks TCP connections in two segments, so any flaky retransmission causing issues are localized, RTTs are smaller, TCP ramp-up is faster, etc.

On the other hand, ssh tun/tap forwarding will almost certainly be slower.

If you are connecting over a flaky wifi/2g/3g connection, possibly to a flaky/distant counterpart, and have performance issues, I would recommend trying (L4 is it?) ssh/socks or even http forwarding via a stable middle host.

Wireguard does not have better performance or is faster verses Openvpn in any independent Benchmark released up to now.

I was just benchmarking routers in VM. I also tested Openvpn vs Wireguard. Results:

  Openwrt 18.06.4 32-bit
  wireguard: 645 Mbit/s ping 1.1ms
  openvpn: 164 Mbit/s ping 1.2ms

  Openwrt 19 (snapshot r11159) 64-bit:
  wireguard: 1.16 Gbit/s ping 1.1ms
  openvpn: 230 Mbit/s ping 1.2ms

  pfsense 2.4.4-p3 (amd64):
  openvpn: 115 Mbit/s ping 1.2ms
It was tested by moving traffic between two virtual bridges, Debian>router>Debian, on KVM (libvirt), CPU E3-1270, kernel: 4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64

1 core, 2GB per VM

iperf3 -t 60

  Wireguard: defaults
  OpenVPN: no compression, udp, tun, defaults
I would also note that I setting wg took about 5-10 minutes while setting openvpn took about an hour.

Sure there are, many threads about wireguard include performance comparisons to openvpn. Most home routers that can install both see a significant increase (I saw about 3-4x if I remember correctly).

Also see the endless discussions on how to deliver 100 Mbit/s for single connections on OpenVPN. It is absolutely insane, you have to spend many hundreds of dollars on hardware to have a fighting chance. And even if you get hardware acceleration that doesn't help nearly as much as you'd expect. And aside from cost the power consumption required for such hardware is very prohibitive for most.

Meanwhile my phone (first gen. Pixel (so three generations behind)), over wifi, gets at least 60 mbit/s over wireguard to a weak home router and then out to internet.

Do any independent benchmarks show it to be no faster?

Yeah, but nobody cares. OpenVPN is horribly slow and wireguard isn't, there's no point in comparing these two.

You wouldn't have an independent benchmark comparing a GTR and a semi truck.

> WireGuard .. is practically bulletproof in terms of keeping connections alive

Try switching between IPv4 and IPv6 networks, or reaching a peer on non-default/primary network on Windows.

Not denying it would usually have better connectivity than TCP based ssh.

As an anecdotal point, I’ve been using always-on WireGuard (using a setup that’s essentially a fork of Algo) on my iPhone, iPad, and MacBook for months, via the native clients for each. I routinely hop between countries, SIM cards, WiFi networks, etc. I hit issues with Apple’s built-in captive portal detection (which has to kick in so it gives me the captive portal outside of the always-on VPN), but the WireGuard tunnel itself has been pretty much solid.

Where do you encounter IPv6 in the wild?

There were multiple complaints on the mailing list about roaming not working on IPv4/v6 transitions. I believe it was mobile vs. wifi.

I've come across it on Wifi hotspots as well for some reason, it felt like the were deployed by a telecom company (cellular being most common way for non tech people to use IPv6 on my sites).

Cellular networks.

Cellular networks abroad.

Last I checked it did not have a a Windows client, so I'm still using OpenVPN. CLI clients are of course next to useless for Windows users. I would really like to use WG instead.

It does now, and it has a much better UX than OpenVPN.

Tunsafe is there since quite a while.

Some client from WG directly is also in the works.

> It very explicitly doesn't want to deal with integrating with key management/HSMs/AD policies/whatever.

If you look at the list of vulnerabilities, they're all precisely in those parts of the stack that Wireguard doesn't address.

So what value is Wireguard providing, exactly? It's a beautiful protocol, but security isn't a beauty contest. It's easy to create a beautiful solution when you avoid dealing with the difficult problems.

>If you look at the list of vulnerabilities

If you look at THIS list of vulnerabilities, sure. That's not an exhaustive list of every problem standard VPNs have had though, you understand that right?

>So what value is Wireguard providing, exactly?

Even ignoring vulnerabilities entirely, OpenVPN and the like are full of footguns and are very, very easy to fuck yourself with. You talk about the value of practicality and solutions, which is very true, and that's just the point. One of the core aspects of modern security practice is making it hard to fuck up, the few knobs and dials the better. For example, older protocols still have obsolete awful crypto options that you shouldn't use, but precisely because they exist as choices at all you have to worry about misconfiguration or classes of issues like downgrade attacks. There are plenty more, like if you remember back during Logjam, tons of SSH/VPN/HTTPS servers were using identical prime numbers for Diffie-Hellman key exchange.

WG aims to be a better foundation for the VPN component of things. Contrary to your assertion, the problem it deals with isn't trivial and does matter. Having something that is focused on that rather then part of a gigantic blob makes it easier to verify, and also makes whatever auth and other systems it's ultimately tied into easier to verify. Also just plain lower overhead.

I mean, I'm barely touching on things here but there are good reasons a lot of people are enthusiastic about its potential.

I'm not defending SSL-based VPN servers. They exist because people didn't understand how IPSec IKE worked or want to put in the effort to make it work better, and as is typical in the industry worse-is-better won the day.

But the value those SSL-based and similar bespoke VPN servers brought was automated key management, end-user based authentication, route setup, etc. They've done so horribly in terms of correctness and security, but nonetheless in a way that companies value.

Yes, Wireguard avoids all the pitfalls of the transport security. But so do the crappy SSL-based solutions, because they also have the benefit of hindsight.

What's the practical value of Wireguard over IPSec? AFAICT, it has marginally better NAT traversal; IPSec requires NAT-T (a UDP wrapper) which is marginally more complex. But what's the biggest impediment to IPSec uptake? It's IKE, which is a purely userland service. Most IKE implementations suck. Whatever solutions will be built around Wireguard, they'll ultimately look almost exactly like IKE in terms of their relationship to the in-kernel component--a userland daemon for PKI and/or general user authentication management which does some setup like installing the secret transport key and policy of the otherwise simple in-kernel components. But if those better IKE solutions don't exist (outside of OpenBSD), why would Wireguard magically make them appear?

At best what we'll get (what we are getting, as manifest in every VPN service and open source project announcement) with Wireguard is a recapitulation of the mess we have with SSL VPN products. All the same security issues revolving around horrible key management and poorly written software, all the same incompatibilities and vendor lock in stemming from the diverse "solutions". Except we'll have a beautiful transport layer protocol to soothe ourselves with.

I don't mean to criticize Wireguard. From a low-level engineering perspective it's beyond reproach. My concern is with how it's being received and the fantasies people have about how it will change things. And IMO (which I admit is my opinion--not a hill I'd choose to die on, but something I'd still wager on and orient my plans around) is that long-term security would be better spent by fixing (mostly deprecating old modes) and reinforcing IPSec and IKE, which is already very mature. macOS, iPhone, and Windows have mature IKEv2 support. Linux, and Android in particular, does not have mature IKEv2 support, at least not out-of-the-box. Implementations like FreeS/WAN are too complex and have too many pitfalls, which is why startups either avoid it or flounder in their attempts to build on it. If I could order open source engineers around, I'd order them to improve IKEv2 support. Why? Because IKEv2 addresses in a reasonable fashion 80% of the things that compromise the value-add of commercial VPN products. That last 20% still leaves maneuvering room for novel key and user management solutions, but without as great a risk of really f'ing things up.

I think the value in WireGuard is that by making things simple enough, you can do the "hard" parts manually, and thus don't need all this fragile machinery around it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact