Guest Posted ... (edited) I'm using airvpn on my linux desktop via humingbird and downloaded ovpn files. I have a my own modem with a personal router connected to it. I concede in advance that I don't know much about networking, just looking for a little help. I'm trying to understand, as best I can, the risks involved in using wireguard becausethe speed gains are enticing, to say the least. I'd like to get clarification on these points. Quote It doesn't allocate VPN IP Addresses (10.*) dynamically like OpenVPN does. As I see it the wireguard VPN IP Addresses (under linux) are handled like any other network address. It seems that they are not directly exposed to the internet, are they indirectly expose somehow? Are you saying that this 10.* fixed address is more insecure because of it's fixed nature? Does the fixed nature make my desktop system more vulnerable to external attacks or tracking? Quote WireGuard stores users' real IP addresses on the VPN server indefinitely. The different issue here is that WireGuard keeps this data even if the session is closed. In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory. This reads like wireguard is blamed for storing an IP address 'indefinitely', Seems like openvpn also stores it's IP 'indefinitely', but airvpn removes it after a lag in activity. Is it wireguard, openvpn, or airvpn that stores the IP, and which is responsible for that data ? Are you saying that wireguard should monitor airvpn activiity somehow so it can refresh the connection periodically, or that wireguard can not cooperate with airvpn periodic refresh? Is it that the possible extended storage of IP address information is prohibitive to the efficiency of AirVPN services? Thinking of way around this issue from the desktop perspective. Each time wireguard is brought up, a new ip address is generated. One could bring wireguard down and then back up to simulate this service. A timer could be used, if one didn't want to bring wireguard down/up manually. If it's never written to disk on the VPN server, I wonder how to rank this as a vulnerability. Edited ... by henrythemouse Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 12 hours ago, henrythemouse said: Are you saying that this 10.* fixed address is more insecure because of it's fixed nature? Does the fixed nature make my desktop system more vulnerable to external attacks or tracking? Neither. wg-quick requires IP addresses to be rolled out with config files. With OpenVPN this allocation is done dynamically at connect time, with Wireguard the internal IP address must be written in the config file. This issue is compounded by the next paragraph you quote. 12 hours ago, henrythemouse said: Seems like openvpn also stores it's IP 'indefinitely', but airvpn removes it after a lag in activity. Is it wireguard, openvpn, or airvpn that stores the IP, and which is responsible for that data ? That's the thing: OpenVPN removes it itself while with Wireguard it is not removed at all. AirVPN mimics OpenVPN behavior in that it removes Wireguard session info after three minutes. It's Wireguard saving that info. 12 hours ago, henrythemouse said: Are you saying that wireguard should monitor airvpn activiity somehow so it can refresh the connection periodically, or that wireguard can not cooperate with airvpn periodic refresh? Is it that the possible extended storage of IP address information is prohibitive to the efficiency of AirVPN services? None of these points. 12 hours ago, henrythemouse said: If it's never written to disk on the VPN server, I wonder how to rank this as a vulnerability. It never was seen as a vulnerability, just a privacy implication to which AirVPN found a workaround that also works with "standard" Wireguard builds. 2 moejoe and L4yth reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Guest Posted ... Thank you for the concise reply. I'm seeing this issue differently now, after your reply and after reading some more about wireguard online. Wireguard is new and perhaps a bit of a moving target, development wise. Many vpn providers have introduced support for wireguard, while many have not or are waiting. If I'm correct, airvpn is running an openvpn server by default, but is now also running a wireguard server for interested users. As a user, I sometimes forget that what I'm using is a client and that that client needs a server. That was the point of confusion for me when I asked which was responsible for that data. That's on me, I apologize. I think I have a much better understanding now. Again, thank you for your reply and thank everyone at airvpn for giving us the option to use wireguard. Quote Share this post Link to post