from Hacker News

Virtual private networks with WireGuard

by johnramsden on 3/8/18, 1:03 AM with 38 comments

by pstadler on 3/11/18, 10:09 PM
Good to see WireGuard getting some coverage. I‘ve been embracing it from the very beginning for small scale Kubernetes clusters running on virtually any cloud provider lacking isolated private networking[1]. It‘s been running stable in different environments for more than a year; set up and forget. Unlike similar software it‘s also dead simple to configure.
Apparently, Linus wants it in the Kernel[2].
[1] https://github.com/hobby-kube/guide/blob/master/README.md [2] https://lkml.org/lkml/2018/2/13/752
by rasengan on 3/12/18, 4:38 AM
WireGuard is doing good things. PIA will be rolling out support shortly.
by adynatos on 3/8/18, 4:01 PM
can wireguard work over tcp? many captive portals i encounter daily block most ports and almost always allow only tcp. so i set up openvpn on port 443 over tcp, which got through everything so far.
by johnramsden on 3/8/18, 1:05 AM
Includes a nice description of how WireGuard works on Linux, and how it's different from other VPN implementations.
by rhn_mk1 on 3/11/18, 10:30 PM
Is WireGuard working as an IPv4 tunnel or can it transport arbitrary packets, like ipv6, becoming a tap interface?
Does it work as a link between two devices, or one-to-many? Does it support peer-to-peer connections within the group?
by mycall on 3/12/18, 2:54 AM
I've been an long time advocate of tinc. I'd love to see a comparison with WireGuard.
by feelin_googley on 3/11/18, 9:10 PM
I use one of the many non-OpenVPN "VPN" alternatives. The one I chose has fewer lines/words/characters of code than Wireguard.
It does not require SSL/TLS, it can use Curve25519 and it is faster than OpenVPN.
It is a userland daemon (using /dev/tap), so it may be slower than Wireguard.
However I think it is more portable than WireGuard. (That is an important feature to me.)
How portable is WireGuard to BSD, Minix, Plan9, etc?