> Wireguard won't upgrade itself if it's still running…<p>This is not unique to Wireguard. I’ve had this happen with the Lockdown app too.
This is an Apple problem. Apple should notify you that the VPN app needs to close in order to upgrade then offer you a simple way of doing that.<p>> I don't know exactly, and I don't really care.<p>This about sums it up. This is a rant and it’s difficult not to just close tab half way through.
I have had the opposite experience to OP. I have the macOS app installed on several Macs (laptops and desktops). They have all worked so well to the point that I even forget Wireguard is running. On top of that I upgrade macOS almost as soon as Apple releases a new version.<p>It is true that for updating WG you need to first disable the on-demand setting (probably only on Big Sur). But to me that is such a trivial hiccup considering it is free and generally bug free! On the rare occasions that I have had a non-trivial issue looking at the log file has provided clues.<p>My VPN cost is only about $5/month as I run my own instance of WG server in the cloud. Worth every penny! It is possible it could be lower if I use one of those #3.50/month AWS lightsail instances but I never tried.<p>Go WG!
Jason (the creator of Wireguard) wrote a great response to this: <a href="https://lists.zx2c4.com/pipermail/wireguard/2020-December/006226.html" rel="nofollow">https://lists.zx2c4.com/pipermail/wireguard/2020-December/00...</a>
To make the WireGuard windows app better (for non-admin users) you need to make your user(s) a member of the "Network Configuration Operators" group.<p>This allows you enable/disable (or choose if you have multiple) the VPN without needing to be a member of the Administrators group. You also need to add a line to the registry.<p>Here's the powershell code to do that:<p><pre><code> New-ItemProperty "hklm:\software\wireguard" -Name "LimitedOperatorUI" -Value 1 -PropertyType "DWord" -Force
Add-LocalGroupMember -Group "Network Configuration Operators" -Member "$username"</code></pre>
Making a bug report would be better :)<p>But yeah Apple doesn't make it any easier with vpns on big Sur, they have to use a new type e of extension now and they exclude their own services automatically.<p>Not something that seems related to these issues but it make macOS one again less interesting for me as daily driver
Wireguard can only be installed via the Mac App Store, which, upon opening, transmits your permanent/unchangeable hardware serial number and Apple ID (required to download even free apps), which is linked to your phone number, to Apple, thus deanonymizing your VPN's public IP.<p>I don't use the Mac App Store. I run my VPN on a second device, because I no longer find the macOS to sufficiently preserve my privacy.<p>It's insane to me that Apple thinks it's okay to demand hardware serial number, name, street address, email, and phone number to download free privacy apps. An organization that had privacy as a value simply would not do that.<p>Apple has banned apps that want to use the NetworkExtension API from being self-signed, OR by being Apple-approved-developer signed and distributed outside of the App Store. You can download the windows Wireguard client from the Wireguard website, but not the mac one.<p>They even recently censored the donations link in the Wireguard mac client, because App Store.
What’s the point of ranting on your blog about a free and open source app that is quite new as well? At least raise a bug if you’re not willing to put in any effort to help.<p>It’s people like this that make it so hard to stay motivated to do any kind of open source work. Choosing beggars.
Skip the Windows app too, I wish it was exactly like this client <a href="https://tunsafe.com/" rel="nofollow">https://tunsafe.com/</a> (made by the Spotify dev Strigeus)
I’m still sad about the state of WireGuard for average consumers. The protocol and the underlying tools are a simple and nice in a UNIX-like way, but for average people, it’s a wash. WireGuard would benefit greatly from a set of robust, easy to understand clients.<p>The current state of the world, where many VPN providers ship questionable apps of varying quality, is just sad for a solution that claims to prioritize security and privacy. The WireGuard app is somewhat useable, but it is by no means “easy to setup” unless you’re already familiar with how WireGuard works.
WireGuard works perfectly on my Windows box for like half a year now. Standalone installation, no WinStore, or how is this thing by Microsoft called. It asked for auto-update 2 or 3 times since install and did it with no effort.<p>I became interested in how exactly it works and found an original code repo. It turned out that a delay between repo tag push and auto-update notification was about 15 minutes. This includes CI/CD pipeline time!<p>I've instantly converted into Wireguard beleiver.
While it may be good from an encryption and basic security configuration perspective I find wireguard lacking from a networking and administration perspective.<p>Networking wise it implements a point to multipoint model which is just awful to deal with. I had hoped that moving on from frame relay and ATM had killed this model but wireguard brings it right back. Then you also have to deal with complications of wireguard interfaces always being up. The two combined means doing anything but the most basic setups means more complicationd with more chance for incorrect configuration than an ipsec or openvpn alternative.<p>Then there is the whole troubleshooting problem. When it doesn't work wireguard provides much less information to troubleshoot the issue than ipsec and openvpn.<p>Also there is the irritating lines of code comparison vs ipsec and openvpn when for the most part it is comparing apples to oranges since wireguard doesn't include many of the features of either which are required for an enterprise site to site or road warrior VPN solution. Once the solutions are in place to provide comparable functionality the attack surface is likely to be pretty comparable.
Had exactly the same experience. Definitely annoying, but more that anything else, I’m impressed that Rachel was able to turn it into cogent blog post.
A friend recently attempted to chat with me over XMPP on macOS. The result was a nightmare of trying different out of date and poorly supported mac clients. They seemed quite used to the process. The logical choice for desktop (Gajim) did not have an app available. The MacPort is wildly out of date. Which is too bad because Gajim supports macOS. It seems that no one can be bothered to package it.<p>It's like everyone has abandoned MacOS but are too polite to admit it...
ZeroTier is so much better than WireGuard. I literally spend 2 weeks futzing about with a WireGuard config and was able to set up a VPN between my homelab and my new apartment in less than 15 minutes with ZT.<p>Day and night difference in quality and ease of use.<p>AMA?