Zack 0 Posted ... (maybe wrong forum to post on) Hello I read that wireguard by design in its default saves connected IP addresses on the server until the server is rebooted. As far as I know, this is by design as wireguard is made for security first and not privacy and as far as I understand this would go against any VPN`s no-logs policy. I guess the keyword here is "default" and its possible to setup wireguard on the server side to not log addresses, but I would like some input on this from someone who knows more than me on the subject. Not that I don't trust Air, its more curiosity of the technology. Quote Share this post Link to post
Staff 10014 Posted ... Hello! Yes, what you write is substantially true, although a server reboot is not needed. The matter has become a FAQ and we added an answer to this FAQ here:https://airvpn.org/faq/wireguard/ In the answer you can see how we patch a specific problem, how you can act through our tools to improve your privacy when you run WireGuard, and all by not breaking original WireGuard compatibility. However OpenVPN under this respect remains widely superior, so consider it according to your threat model and the amount of annoyance you would get to generate new keys after each WireGuard session. Kind regards 2 Zack and blubby reacted to this Quote Share this post Link to post
rx_man123 6 Posted ... On 7/19/2023 at 4:42 AM, Staff said: Hello! Yes, what you write is substantially true, although a server reboot is not needed. The matter has become a FAQ and we added an answer to this FAQ here:https://airvpn.org/faq/wireguard/ In the answer you can see how we patch a specific problem, how you can act through our tools to improve your privacy when you run WireGuard, and all by not breaking original WireGuard compatibility. However OpenVPN under this respect remains widely superior, so consider it according to your threat model and the amount of annoyance you would get to generate new keys after each WireGuard session. Kind regards Can you please explain why if this is true: "The different issue here is that WireGuard keeps this data even if the session is closed. In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory." Then why do keys still need to be re-generated? "Our clients can renew their keys whenever they want, forcing a new, random IP address reassignment" Quote Share this post Link to post
Staff 10014 Posted ... 11 hours ago, rx_man123 said: Then why do keys still need to be re-generated? "Our clients can renew their keys whenever they want, forcing a new, random IP address reassignment" Hello! Because only in this way you change VPN IP address, as already explained. Kind regards Quote Share this post Link to post