Jump to content
Not connected, Your IP: 3.149.235.171
Sign in to follow this  
matmat

ANSWERED Wireguard privacy FAQ clarification

Recommended Posts

This is written on wireguard privacy faq:

"The different issue here is that WireGuard keeps this data even if the session is closed. In AirVPN servers, if no handshake has occurred within 180 seconds, the peer is removed and reapplied. Doing so removes the real IP address from server memory."

Can someone from staff please explain a bit more detail on what does this mean?

I would read this as wireguard removing road warrior peer after 180s. In that case, those 3mins are the only time where privacy is of concern. So why is it a privacy issue and why is it said that client IP is permanently visible on the server if the peer is removed after 3min?

What does the 'reapplied' actually mean?

And how is it actually done?

Thanks

Share this post


Link to post
@matmat

Hello!

WireGuard doesn't ever remove the public IP address of the peer. It must be done by a specific non-WireGuard task which does it for each session who had no handshake in any given 180 s timeframe. Therefore, this important WireGuard problem is greatly mitigated because the public IP addresses of the peers will not remain forever on the VPN servers (which is a grave privacy concern), but only for 3 minutes after a disconnection. "Reapplied" is just a glitch in the description, you can ignore it. Just use OpenVPN if this mitigation is not enough for your needs or threat model.

Kind regards
 

Share this post


Link to post

Thanks for the answer. Maybe this can be incorporated into the FAQ.

So basically you have a separate job/Script/service that removes the peer and with it records of a connection? This sounds great for wireguard.

And also with that removal of peer, you drop all the info about the client like data volume etc? Basically, after 3min, even you (as in airvpn) shouldn't know if a wireguard connection was ever used for a specific account.

Is there a different logging policy applied for wireguard compared to OpenVPN?

Thanks

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...