Jump to content
Not connected, Your IP: 3.145.62.36
Guest

wireguard privacy warnings

Recommended Posts

Guest
Posted ... (edited)

I'm using airvpn on my linux desktop via humingbird and downloaded ovpn files.
I have a my own modem with a personal router connected to it. I concede in advance
that I don't know much about networking, just looking for a little help.
I'm trying to understand, as best I can, the risks involved in using wireguard because
the speed gains are enticing, to say the least.

I'd like to get clarification on these points.
 

Quote

It doesn't allocate VPN IP Addresses (10.*) dynamically like OpenVPN does.


   As I see it the wireguard VPN IP Addresses (under linux) are handled like any other network address.
   It seems that they are not directly exposed to the internet, are they indirectly expose somehow?
   Are you saying that this 10.* fixed address is more insecure because of it's fixed nature?
   Does the fixed nature make my desktop system more vulnerable to external attacks or tracking?
 
Quote

WireGuard stores users' real IP addresses on the VPN server indefinitely.
The different issue here is that WireGuard keeps this data even if the session is closed.
In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is
removed and reapplied. Doing so removes the real IP address from server memory.

   
    This reads like  wireguard is blamed for storing an IP address 'indefinitely',
    Seems like openvpn also stores it's IP 'indefinitely', but airvpn  removes it after a lag in activity.
    Is it wireguard, openvpn, or airvpn that stores the IP, and which is responsible for that data ?
    Are you saying that wireguard should monitor airvpn activiity somehow so it can refresh
    the connection periodically, or that wireguard can not cooperate with airvpn periodic refresh?
    Is it that the possible extended storage of IP address information is prohibitive
    to the efficiency of AirVPN services?

    Thinking of way around this issue from the desktop perspective.
    Each time wireguard is brought up, a new ip address is generated.
    One could bring wireguard down and then back up to simulate this service.
    A timer could be used, if one didn't want to bring wireguard down/up manually.

    If it's never written to disk on the VPN server, I wonder how to rank this as a vulnerability.

  Edited ... by henrythemouse

Share this post


Link to post
12 hours ago, henrythemouse said:

   Are you saying that this 10.* fixed address is more insecure because of it's fixed nature?
   Does the fixed nature make my desktop system more vulnerable to external attacks or tracking?


Neither. wg-quick requires IP addresses to be rolled out with config files. With OpenVPN this allocation is done dynamically at connect time, with Wireguard the internal IP address must be written in the config file. This issue is compounded by the next paragraph you quote.
 
12 hours ago, henrythemouse said:

    Seems like openvpn also stores it's IP 'indefinitely', but airvpn  removes it after a lag in activity.
    Is it wireguard, openvpn, or airvpn that stores the IP, and which is responsible for that data ?


That's the thing: OpenVPN removes it itself while with Wireguard it is not removed at all. AirVPN mimics OpenVPN behavior in that it removes Wireguard session info after three minutes. It's Wireguard saving that info.
 
12 hours ago, henrythemouse said:

    Are you saying that wireguard should monitor airvpn activiity somehow so it can refresh
    the connection periodically, or that wireguard can not cooperate with airvpn periodic refresh?
    Is it that the possible extended storage of IP address information is prohibitive
    to the efficiency of AirVPN services?


None of these points.
 
12 hours ago, henrythemouse said:

    If it's never written to disk on the VPN server, I wonder how to rank this as a vulnerability.


It never was seen as a vulnerability, just a privacy implication to which AirVPN found a workaround that also works with "standard" Wireguard builds.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
Guest

Thank you for the concise reply.

I'm seeing this issue differently now, after your reply and after reading some more about wireguard online. Wireguard is new and perhaps a bit of a moving target, development wise. Many vpn providers have introduced support for wireguard, while many have not or are waiting.  If I'm correct, airvpn is running an openvpn server by default, but is now also running a wireguard server for interested users. As a user, I sometimes forget that what I'm using is a client and that that client needs a server. That was the point of confusion for me when I asked which was responsible for that data. That's on me, I apologize.

I think I have a much better understanding now. Again, thank you for your reply and thank everyone at airvpn for giving us the option to use wireguard.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...