Unsurprisingly no mention of wireguard, as it's not FIPS.
However, unless you need FIPS compliance, it seems like the way to go these days.
The hard part of a VPN, the part that everybody makes money at, isn't the IP-level encapsulation. Yes, Wireguard is both conceptually and in implementation simpler and more elegant in this regard. But IPSec per se isn't actually a real pain point in real world corporate road warrior deployments, at least not any more than with Wireguard, which can have very similar issues with MTUs, NAT timeouts, etc when dealing with the diversity of remote user networks.
The hard part of a corporate VPN is authentication, address assignment, subnet routing, nameserver announcements, etc. Therein lies the hard, dirty, complex pieces. Many IPSec-based VPNs utilize IKE for that, although some don't and utilize bespoke, hacky solutions. Most of the horror stories of configuring IPSec relate to IKE, and much of the complexity there is irreducible. (Though I rejoiced when Android finally added native IKEv2 support--years after Windows, macOS, and iPhone--as IKEv2 substantially reduces some of the complexity relative to IKEv1.)
Wireguard provides none of that. Instead, you have to build that stuff separately, and in the realm of Wireguard it's still the wild west, with people slapping together management frameworks with all the dubious quality and opaqueness that have made the traditional VPN ecosystem a nightmare. (The Wireguard team is working on and publishes a separate project for that aspect, but AFAIU it's not widely used and in any event is far removed by its nature from the stark elegance of the transport layer Wireguard protocol.)
But the year is 2021. Every major platform today, including Debian- and RedHat-based Linux, FreeBSD, NetBSD, OpenBSD, macOS, Android, and iPhone, ships with a modern, native IPSec+IKEv2 stack that is highly interoperable and provides, at least in the simple case, certificate-based authentication, dynamic address assignment and subnet routing, and nameserver advertisement. And, importantly, they all support modern cipher suites so the old problem of finding compatible suites is (or could be, in new deployments) a distant memory--everybody supports ECDH P256, AES128-GCM, etc.
On my work-issued macOS laptop the third-party VPN software simply uses native IPSec and a custom IKE daemon. Though as far as I can tell from the configuration the custom daemon is just technical debt from building the product before macOS' IKE daemon (racoon fork) was more mature. And in fact, AFAICT there's absolutely nothing of value, beside IT familiarity, that macOS' IPSec+IKEv2 stack doesn't provide. An equivalent VPN setup using the native stack requires nothing more than a username, password, certificate, and a hostname for the endpoint. You don't need to install a third-party client to automate entering that information; heck, you don't really even need to automate it at all, not any more than you need to automate sending a person to gmail.com or outlook.com for their e-mail.
When you're comparing Apples + Apples, I personally don't think Wireguard is a serious choice for corporate, road warrior VPN access. On most key points, actual Wireguard-based systems are qualitatively worse. The story is different for static point-to-point, server-to-server communications, especially when you can do static address assignments on the tunnel interfaces. In such scenarios the simplicity of Wireguard shines through. But in those scenarios the popular solution is more often OpenVPN than IPSec.
I simply don't see Wireguard replacing IPSec for corporate VPNs. I hope I don't ever see that because good VPN solutions should be deeply integrated with the host system (e.g. to help prevent leakage, integrate DNS resolution, etc), and you're just not going to see that with Wireguard-based solutions. The situation isn't perfect on modern platforms, but it's much better than it was 10 or even 5 years ago, and its getting better and the pace of improvement has (relative to the past 20 years) picked up considerably.
Secondly, what are your thoughts on Tailscale?
The site to site problem is a little easier, as it can be handled by the network hardware at each site and doesn’t need a desktop/mobile UI or personal authentication.
What she said. I’d go with Strongswan. Or openbsd iked
I was thrilled to see that ProtonVPN recently added openvpn over tcp as an option — I really wanted to give them money but a vpn that only works on networks I control has limited utility. Express VPN has offered openvpn over tcp for a while and they have been my go-to because it worked everywhere.
They also support WireGuard though currently in beta.
I implement IPSec at work, because we need the real deal.
Though for my personal projects, my infra is using OpenVPN. The reason is simple: it's so much easier to configure and understand, and the desktop clients are usually more modern and stable.
With IPsec, there's always these plethora of extensions and subtleties that each client will support or not. Clients will support Cisco IPsec but will bug with strongswan, strongswan clients will not play well with windows, Android client will not support IKEv2, etc etc etc. From my experience, there's a lot of "finding the right client for the right setup for each platform" with IPsec.
For OpenVPN, usually the native windows/Linux(NM) clients will work out of the box, which is a much better experience than a third party client.
As for TLS VPNs being more prone to vulnerabilities, that does not scare me all that much, since there's always SSH behind the VPN anyway, so it's usually "good enough" for non corporate security.
It's either too good for them or it's bad. :)
However the govt standards for cryptography to use are known as FIPS 140. These standards are made by NIST, which has the NSA either heavily own or directly write the documents. This means that the NSA is defining the crypto standards for the rest of US Gov.
The conclusion is that if you want wireguard in govt networks, the NSA must bless their crypto primitives and algorithms. That's why I want to know their thoughts on it.
Just saying “NSA bad” is a lazy argument.
Yeah, so is that, and a stupid one given how much they, NIST, and the CIA rig things like elliptical curve standards
And no mention of poor configurations such as IKEv1, pre-shared keys and aggressive mode?
The NSA did like breaking IPSec VPN configurations according to documents exposed by Snowden
Also,the reference  is also the same URL as references 6, 9, 10, 13, 16, 18, 19, 20, 21
Layer 7 solutions provide so much more capacity for granular AuthZ, and thereby eliminate the "soft underbelly" of corporate networks.
- Pre-filtering per Geo IP
- VLAN separation, different users and different subnets, once connected
I am using both IPSEC and OpenVPN - they have different application/purpose and I need both.
I don't want to worry about implementation errors or weird bugs or DNS leaks or anything like that.
A slug, which is a "transparent layer 2 firewall running on a device with only two interfaces" generally breaks your entire network if your VPN is not working exactly as you hope it will.
Anyone have a non-PDF version of this? :-p
But TLS has traditionally been a nightmare, crypto-wise, to say secure. POODLE, CRIME, BEAST et al.
At least WireGuard is either secure or off.