Author: wirelessduck Date: To: dng Subject: Re: [DNG] Info about openvpn
> On 17 Dec 2023, at 23:20, o1bigtenor via Dng <dng@???> wrote:
>
> (looking to understand rather than any other . . . )
>
> You're running Openvpn - - - is that because you have been running this
> for a while?
>
> Curious as to WireGuard - - - its the 'new kid on the block' but it also
> purports to be easier to set up. Have you looked at it to date?
>
> Comments - - - please ?
>
> TIA
The problem I found with wireguard is that it seems to be just a point-to-point encryption tunnel so it doesn’t come with any authentication stack included like openvpn does.
Last time I looked at it you need to add user authentication and OTP as a separate layer on top like firezone does with a web portal. I’m also not sure if wireguard includes any capability to setup network routes or if that is another thing you have to DIY or find a separate tool to handle. Openvpn, with its much larger code base, includes all of that plus the kitchen sink. You can hook directly into PAM auth to use your favourite OTP plugin very easily.
If you don’t need any of that then I would agree that wireguard is easier to setup.
The main benefit of wireguard seems to be a relatively small code base which is easier to audit, and a very small restricted set of high quality ciphers that can be used. The same cipher list can be achieved in openvpn via configuration but wireguard makes it easy by not even giving the choice of older crypto. I guess being a newer protocol allows such liberties to be taken.