In case the author is reading this, I recently started using Wireguard in Mac OS with the Mac app and the experience has been great.
Not only is it much faster other VPNs that I used in the past, but compared to other clients (Forticlient and Tunnelblick), the overall experience feels much nicer, IMO.
iirc, ipsec is considered somewhat of a security nightmare by modern standards, given that it difficult to fully understand and very easy to misconfigure in an insecure way. I would only recommend using ipsec over wireguard when legacy compat matters.
It is. Even the companies I integrate with that require it know it's full of pitfalls. When you've been doing ipsec for two decades and it's a checkbox in your compliance sheet though, you check the box and hopefully you're good at it by now.
IKEv2 can be configured securely, but by someone that that is familiar with that particular minefield. Both on Windows and MacOS the GUIs configure weaker security by default (the cynic may wonder why!).
On MacOS you can use Apple Configurator /Apple Profile Manager and on Windows Powershell, to configure stronger security.
The nice thing with WireGuard is it’s either secure or it’s off.
As you say, it’s easy to misconfigure IPSec and the number of experts gets smaller day by day.
With IPSec native client in MacOS, there are several problems:
- multiple users on the same machine cannot have their own credentials for the same tunnel; you have to create several tunnels and each user sees all of them. Obviously, you cannot save password then.
- if you want to setup routing for your L2TP split-tunel, you have to create bash scripts (ip-up, ip-down) in /etc/ppp. Not even Linux makes you to do this by hand.
Compared to this, Wireguard for Mac is much more polished.
I wanted to add this. We have had a nearly flawless experience and the macOS app is really nice and polished. It feels like a nice native app, which is rare these days.
However, I've had issues since I upgraded to Big Sur. I can't edit my tunnels anymore.
Seconded. I can't comment on the Mac app but I have tried it on unix, windows and android and I'm extremely pleased that it allowed me to fairly easily create my own secure VPN that connects my home network laptop and phone.
Not only is it much faster other VPNs that I used in the past, but compared to other clients (Forticlient and Tunnelblick), the overall experience feels much nicer, IMO.
Thank you so much for your work!