Questions on wireguard and networking
Greetings Found what looks to be a quite interesting vpn 'system' called wireguard. The dev team is still saying, after a couple years of what looks to be some very active development, don't run this as solid software. From the chatter that I've read the quality of the software is maybe like grub where it sat at version 0.97 for what was that - - - about 7 or 8 years ( and then hit version 2 in no time flat!). I am wanting to use this wireguard between two different routers here to firmly control not only the in but also the outgoing electronic communications. Perhaps someone has a better solution - --if so - - - I'm looking (grin!). TIA Dee
On 10/03/2018 10:36 AM, o1bigtenor via talk wrote:
Found what looks to be a quite interesting vpn 'system' called wireguard.
"WireGuard^® is an extremely simple yet fast and modern VPN that utilizes *state-of-the-art cryptography <https://www.wireguard.com/protocol/>*. It aims to be faster <https://www.wireguard.com/performance/>, simpler <https://www.wireguard.com/quickstart/>, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN." Be very, VERY careful about cryptography that hasn't been extensively verified by experts. Even ones that have still have flaws discovered occasionally.
On Wed, Oct 3, 2018 at 7:54 AM James Knott via talk <talk@gtalug.org> wrote:
On 10/03/2018 10:36 AM, o1bigtenor via talk wrote:
Found what looks to be a quite interesting vpn 'system' called wireguard.
"WireGuard^® is an extremely simple yet fast and modern VPN that utilizes *state-of-the-art cryptography <https://www.wireguard.com/protocol/>*. It aims to be faster <https://www.wireguard.com/performance/>, simpler <https://www.wireguard.com/quickstart/>, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN."
Be very, VERY careful about cryptography that hasn't been extensively verified by experts. Even ones that have still have flaws discovered occasionally.
*THIS* Having said that, the good news about wireguard is not around those. The author of wireguard understands that and has implemented using well tested/verified algorithms. It is mostly around how it has currently been implemented. The last I saw on that, the wireguard authors are working on fixing the crypto side of things before the networking side will be reviewed. People are interested in getting it in, it will just take time before it is mainline. Dhaval
On 03/10/18 10:36, o1bigtenor via talk wrote:
I am wanting to use this wireguard between two different routers here to firmly control not only the in but also the outgoing electronic communications.
Perhaps someone has a better solution - --if so - - - I'm looking (grin!).
GRE & IPsec would be the bog standard approach here. https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/P2P_G... Ignore the cisco specific bits, just look at the diagrams and descriptions. You can implement this yourself pretty easily using 'ip_gre' (GRE kernel module) and strongswan (for IPsec) following any of the tutorials out there. Cheers, Jamon
On 10/03/2018 11:06 AM, Jamon Camisso via talk wrote:
Perhaps someone has a better solution - --if so - - - I'm looking (grin!). GRE & IPsec would be the bog standard approach here.
I have set up many systems with IPSec at work, but use OpenVPN with my own network. Both work well.
participants (4)
-
Dhaval Giani -
James Knott -
Jamon Camisso -
o1bigtenor