Jump to content


Photo
* * * * * 1 votes

Wireguard

wireguard future vpn tech fast speed secure Experimental

  • Please log in to reply
17 replies to this topic

#1 jugs

jugs

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 26 February 2017 - 02:47 AM

Hey guys,

 

I was wondering now that your other competitors are actively integrating Wireguard into their offerings, when do you think you'll have something ready for your customers?



#2 Khariz

Khariz

    Advanced Member

  • Members
  • PipPipPip
  • 417 posts

Posted 26 February 2017 - 04:35 AM

Interesting.  I feel dumb for having never even heard of this before.



#3 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2205 posts

Posted 26 February 2017 - 05:25 AM

Too early for production. Number of reasons:

 

1) Linux support only, both server and client, at this point, which signifficantly limits the number of users

 

2) Project is less than a year old and hasn't seen any production deployments yet, even among VPN services

 

3) Single developer without funding or business model, almost no community support, both code and money.

While the code contributions can be easily tracked (there are almost none), the money contributions are a little bit more difficult to track. But just from the project page Bitcoin address, we can see the developer got only 0.27 BTC during almost a year of development. That is about $300:

https://blockchain.info/address/1ASnTs4UjXKR8tHnLi9yG42n42hbFYV2um

 

However, zx2c4 is a great kernel hacker and developer, I personally tested Wireguard during the first days of its release and it's an interesting idea and implementation. Has a great potential for small internal employments at this point.

 

The project somewhat reminds me Nginx, the robust and efficient web server that started the same way.

Now it powers lots of most busiest websites, and it started as a hobby project with a single developer as well.

Until the community gave it a huge boost, somewhere around 2009 (5 years after initial release), the deployments were minimal, even though the performance advantages over Apache were clear.


  • LZ1 likes this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#4 zx2c4

zx2c4

    Newbie

  • New Members
  • Pip
  • 1 posts

Posted 26 February 2017 - 05:07 PM

hasn't seen any production deployments yet

without funding
or business model

 

Is there a reason why you make these unsubstantiated claims? With what authority do you speak? What knowledge could you possibly have on these three points?



#5 Khariz

Khariz

    Advanced Member

  • Members
  • PipPipPip
  • 417 posts

Posted 26 February 2017 - 06:31 PM

 

hasn't seen any production deployments yet

without funding
or business model

 

Is there a reason why you make these unsubstantiated claims? With what authority do you speak? What knowledge could you possibly have on these three points?

 

How about you just correct him with correct information?  I'm not saying you need to give us your exact numbers or project developers, but it would be just as easy to say "On the contrary, I have more than 100 projects in development and have raised over half a million dollars at this point", instead of "WTF are you talking about?"

 

Just my 2 cents.



#6 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2205 posts

Posted 26 February 2017 - 08:12 PM

1) Based on the number of commercial VPN providers currently using it

2) A more clear funding transparency report would be nice to see - compared to donations to many other open source projects I find $300 very low.

More could be in PayPal, but again assuming only Linux and crypto enthusiasts mainly use the project the BTC donations is a good example.

3) Business model - clarify if you can. OpenVPN has a business model while still being open source. Same as many other projects.

This is how to sustain development and other costs. Almost same as point 2 - funding.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#7 Nnyan

Nnyan

    Member

  • Members
  • PipPip
  • 12 posts

Posted 02 March 2017 - 05:39 PM

I'm not an expert

 

Hey guys,

 

I was wondering now that your other competitors are actively integrating Wireguard into their offerings, when do you think you'll have something ready for your customers?

 

I'm not an expert but having one (or more) companies publish a guide on how to use Wireguard with their service doesn't count as "actively integrating".  It's not part of their offering just a guide.  They clearly state:

 

"Warning: WireGuard is still under active development and should be seen as experimental. Mullvad is providing this installation for test purposes and on a limited scale." 

 

Even on the Wireguard site it states:

 

About The Project Work in progress. WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities.

 

That to me tells me it should not be used in a production environment.  Want to test it?  Sure, go for it! I myself am thinking of testing it in a sandbox.  



#8 jugs

jugs

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 26 March 2017 - 02:58 PM

I'm not an expert

 

Hey guys,

 

I was wondering now that your other competitors are actively integrating Wireguard into their offerings, when do you think you'll have something ready for your customers?

 

I'm not an expert but having one (or more) companies publish a guide on how to use Wireguard with their service doesn't count as "actively integrating".  It's not part of their offering just a guide.  They clearly state:

 

"Warning: WireGuard is still under active development and should be seen as experimental. Mullvad is providing this installation for test purposes and on a limited scale." 

 

Even on the Wireguard site it states:

 

About The Project Work in progress. WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities.

 

That to me tells me it should not be used in a production environment.  Want to test it?  Sure, go for it! I myself am thinking of testing it in a sandbox.  

 

I'm not sure what "actively integrating" means to you, but they are rolling it out for public test so they can figure out how to integrate it...



#9 SlipBetween

SlipBetween

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 05 December 2017 - 02:28 PM

Hey guys.  I've been seeing some other VPN providers working with wireguard, and the tech seems pretty solid and promising.  I was wondering if Air was possibly looking at working with it as well in the near future.  Thoughts?


41199e_65168c0b16d354447852f201112be702.

I am a nobody....and I intend to stay that way...


#10 mwm

mwm

    Member

  • Members
  • PipPip
  • 23 posts

Posted 24 January 2018 - 03:49 PM

Any news on a potential uptake on this protocol? Looks like PIA are keen to adopt and so are Mullvad.



#11 Khariz

Khariz

    Advanced Member

  • Members
  • PipPipPip
  • 417 posts

Posted 24 January 2018 - 04:19 PM

I’m eager to try it out, so I will likely subscribe to some services that use it.

#12 trekkie.forever

trekkie.forever

    Advanced Member

  • Members
  • PipPipPip
  • 39 posts

Posted 08 May 2018 - 12:04 PM

Opinions alone, no offense meant to anyone.

Wireguard has some nice features (IP roaming, easy to set up)

But also a lot of hype surrounding it. Does not work in many corporate environments which does not allow UDP

No obfuscation support (AFAIK) and hence will be easy to block in countries like UAE and China if it becomes popular

There is definitely a limited case use for it however

I believe that any VPN designed in 2016 or later should have obfuscation as a major design goal. Early days for sure and all the best to the developers

#13 flat4

flat4

    Advanced Member

  • Members
  • PipPipPip
  • 401 posts

Posted 08 May 2018 - 07:22 PM

cool, I'll keep reading.



#14 Aegisprotection

Aegisprotection

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 02 July 2018 - 12:58 PM

Mullvad expands their WireGuard VPN-service to a total of 30 servers. I really hope that also AirVPN will jump on the bandwagon. Any progress on this?

#15 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 03 July 2018 - 04:44 PM

Mullvad expands their WireGuard VPN-service to a total of 30 servers. I really hope that also AirVPN will jump on the bandwagon. Any progress on this?

 
 

Hello!
 
Why should we do that? In other words, what advantages in terms of security and/or performance do a user get from Wireguard (over OpenVPN) when deployed before an audit has been performed?

In terms of performance, we are concerned about this:
https://www.wireguard.com/performance/

The Wireguard performance is low, while the OpenVPN reported throughput is fake. Remember that we could beat in a single core of an archaic Q6600 CPU 300 Mbit/s in 2014. In 2018 (just a couple of weeks ago) we have obtained 1.7 Gbit/s on our AES-NI optimized machine with a load of 300+ clients practically in just ONE CORE of an E3-1270 @ 3.80 Ghz with a Linux kernel 4.9 and AES-256-GCM (so we could even go higher with ChaCha20 Poly305).
 
The fact that in the Wireguard web site not believable data for OpenVPN is published is a reason of concern. Then, the performance of Wireguard is not interesting, especially on a core of an i7 with ChaCha20.
 
On top of that, it is unfair to deploy to our customers a service based on a software that's not yet been tested enough in our opinion. USA Senator Wyden recently recommended Wireguard to replace everything (IPsec, OpenVPN...) in USA infrastructures and recommended to recommend Wireguard to NIST:
https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Senator-Recommends
 
Why this requirement before any serious audit when we know for sure (from the Snowden documents) that plans to insert backdoors in random number generators and other cryptography-related software, and then have that very software approved by NIST, started several years ago? This is another reason of concern that maybe makes Wireguard wide deployment premature: it is safer to check deeply the software and the ECC employed first, and then deploy to the public.
 
Remember what happened  with the infamous Dual_EC_DRBG, we are not short on memory like some of our competitors are, and we are not trading your security for a fistful of dollars by riding the Wireguard hype. When and if Wireguard will prove to be as secure as OpenVPN, and capable to provide the same (or higher) performance, and provide obfuscation and more protocols choice, then we'll be very happy to experiment with it.
https://en.wikipedia.org/wiki/Dual_EC_DRBG#Software_and_hardware_which_contained_the_possible_backdoor
 
Kind regards



#16 AnnaGlup

AnnaGlup

    Newbie

  • Members
  • Pip
  • 6 posts

Posted 25 July 2018 - 07:08 AM

Im using Wireguard on my smartphones for 3 month.
My reason to no longer use OpenVPN is the battery life.
OpenVPN needs a lot of juice while with Wireguard it looks like it needs nearly nothing.
Stabile connection and fast performance. Even IPV6 works well.
Im already using a Custom Rom so Setup was a 5 minute job.
Other advantage no VPN is used in Android. I need this for another feature.
Overall a clear win for me, only my router is still using AirVPN.

#17 Staff

Staff

    Advanced Member

  • Staff
  • PipPipPip
  • 7457 posts

Posted 25 July 2018 - 09:42 AM

Hello!

 

Given the reputation of Daniel J. Bernstein, concerns about the specific employed ECC are not relevant. However, remember that Wireguard is not ready for production and you must not use it when security of your data is a priority. Wireguard developers are very honest about it, so use it at your own risk. From the official web site:
 

WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come.

 

We can't propose to our customers something based on experimental code that has not undergone a proper security auditing and those who do are clearly not protecting their customers' interests. Sooner or later Wireguard will reach a mature, stable release and will be audited and peer reviewed. That will be the right time to consider to put it into production.

 

Kind regards



#18 kaymio

kaymio

    Member

  • Members
  • PipPip
  • 11 posts

Posted 03 August 2018 - 01:15 PM

Hello,

 

we've waited a few years for IPv6 to arrive, so we can wait to get Wireguard mainlined and audited. Wireguard is an interesting prospect for the future for sure. Linus Torvalds seems to be excited too :yes:

 

https://www.phoronix.com/scan.php?page=news_item&px=Linus-Likes-WireGuard







Similar Topics Collapse


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 13458 - BW: 39532 Mbit/sYour IP: 54.198.195.11Guest Access.