Hacker News new | past | comments | ask | show | jobs | submit login

Yeah, I seriously appreciate WG. Allows me to keep all home automation local / non-cloud while still giving me the option of easily controlling and checking elements remotely.



Genuine question: In terms of getting from Network A to Network B, is there anything that Wireguard does special that OpenVPN cannot/does not?


OpenVPN is harder to configure and uses/allows arkane crypto. The same applies to IPsec, just more strongly. WireGuard is more in line with modern cryptographic protocols that we know and love from e.g. instant messaging.


Also lower-latency which is really great for streaming video for example. At least in my case it's the difference between stuttering video and nice stream.


From an operator/user point of view, it's way easier to configure. It only took me maybe an hour or two including reading all the docs and dealing with my special firewall situation to get it set up on the server. Setting it up on the clients only takes about five minutes and then the client literally flicks a switch. No passwords or anything required, because it uses a simple out of band key exchange for the setup.


One of the things I really like about WireGuard is how easy "split tunneling" is. I can define a subnet as available through the interface and only traffic destined for it will be routed.

This is especially helpful for users with metered connections. You don't have to send ALL your traffic, only the ones destined for LAN will get sent.


I'm in a similar position with regards to tinc. I'm willing to grant that wireguard is vastly simplified, easier to configure, and likely better performance. But it doesn't appear to currently support routing through intermediate hosts with opportunistic NAT punching, meaning the presented network won't actually be fully connected. Which I might accept and work around if I didn't already have a better option set up...

If you've got a working OpenVPN setup, then it probably makes sense to just stick with that. I'm guessing the real gains are only to be had when you want to overhaul your setup anyway.


Wireguard supports roaming IPs and is typically a lot faster / less resource intensive than OpenVPN.

I haven't bothered setting up wireguard yet, but on paper it looks a lot better and when it's stable I suspect a lot more people will jump on board.


OpenVPN supports client roaming as well, though. The wireguard design is more flexible in that everyone can roam, but taking advantage of that requires userspace daemons that coordinate it. And as far as I can tell, the userspace hasn't been developed to the point of supporting those features yet.

I've sized up its current functionality as useful for replacing OpenVPN, but not yet as a general mesh VPN.


> roaming IPs

This. I've installed it on Android just because I get a better experience with WiFi switching on when I have a poor signal. And having my SSH connection not break is nice.


Have a prayer at being code-audited by you.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: