If anyone wants some more docs and examples for Wireguard usage, I made some here: <a href="https://github.com/pirate/wireguard-docs" rel="nofollow">https://github.com/pirate/wireguard-docs</a><p>- how it works internally<p>- how the routing works in different topologies<p>- a few complex and simple example setups<p>- performance expectations<p>- security model, key & config distribution<p>- setting up wireguard for, or inside of docker<p>- GUI tools and other wireguard-related software<p>- links to other tutorials, references, guides
If I understand the kernel development process correctly, this means it's on track to land in 5.6 (since 5.4 is the current stable and the merge window for 5.5 is already closed). Correct?
This is very welcome news! I had a seamless time using wireguard (via a streisand installation) on my honeymoon in Italy on my phone and more importantly, my wife's phone. It worked seamlessly.<p>Next up I'd like to see this be an easy config option in Unifi's network managment tools
I've been using tinc[1] as a way to get a mesh VPN on all my machines that works even if some of them are behind restrictive firewalls. It works really well and I've automated the setup with puppet so I just deploy it automatically any time I bring up a machine. Highly recommended.<p>Anyone know if there has been any recent work on making wireguard cover this use case? I'm not really worried about security as I treat this overlay network as just as insecure as any other (running ssh over it) and mitigate exploits by running the tinc daemon as a normal user. But it would still be nice to get more performance and security from an in-kernel quality solution like wireguard.<p>[1] <a href="https://tinc-vpn.org/" rel="nofollow">https://tinc-vpn.org/</a>
If you haven't given WireGuard a try yet, now is a good time.<p>Securely and reliably connecting all my devices with WireGuard was a big reminder to me that there's a much better internet hiding under the hub-and-spoke consumer services model. The internet can be so much more than our phones connecting to large data centers.
Yes!<p>Hoping this will will have a pervasive effect like https in the networking world, esp for point to points that glue things together behind the scene. Encrypt all the things!
Great experience with WireGuard so far, but does anyone know a simpler way to use it over networks where UDP is blocked (e.g. university Wi-Fi)? I've only found this comment[1].<p>[1] <a href="https://news.ycombinator.com/item?id=17847008" rel="nofollow">https://news.ycombinator.com/item?id=17847008</a>
I'm excited by this, but I'd really love a userspace C or C++ implementation. I know that context switching syscalls take time, but I've enjoyed the trend of the last 10 years towards more userspace services, not less. (I'm particularly thinking of filesystems in userspace and block devices in userspace)<p>Still, cool. cool, cool cool. I wonder how long until it's in debian.
What is the timeline for making wireguard viable for commerical VPNs?<p>"""<p>There's a few fundamental issues with wireguard that make it relatively unsuitable for commercial VPNs with many customers.<p>For a start, if you want to offer customers multiple concurrent devices, each device needs it's own key, and all keys for all customers' devices need to be loaded into kernel memory and cross checked against every packet received, which as you might imagine gets incredibly unwieldy and could savagely impact the performance of PIA servers.<p>When wireguard has the ability to hook a userspace daemon when it receives a valid-looking packet with unrecognised encryption, it'll be a lot closer to usable in commercial contexts, as the daemon could poke a database or cache to load the required keys on demand<p>"""<p><a href="https://www.reddit.com/r/PrivateInternetAccess/comments/d1blo2/wireguard_update/ezk41ix/" rel="nofollow">https://www.reddit.com/r/PrivateInternetAccess/comments/d1bl...</a>
I recently started using OpenVPN (My router comes with it pre-installed).<p>Does anyone know how this compares with OpenVPN? Is is worth setting up my own wiregaurd machine?
Sorry for off topic, but is there any way, how to setup wireguard (or any VPN) to be used for just single app (lets say Firefox) and not system wide on macOS?
Something similar to <a href="https://github.com/darkk/redsocks" rel="nofollow">https://github.com/darkk/redsocks</a> with ssh and setting up proxy in Firefox?
This is great news! I've been a wg user on an EdgeRouter for a little over a year now, and the experience is always just so _seamless_. The architecture of this thing's a beaut.<p>That news aside, this is an outstanding commit message. The kernel never disappoints on those.