:: Re: [DNG] Info about openvpn
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\wirelessduck at <-
MMAntonio A. Rendina at ->
Delete this message
Reply to this message
Author: o1bigtenor
Date:  
CC: dng
Subject: Re: [DNG] Info about openvpn
Please questions are mostly because I'm a total noob at this and I'm
trying real hard to
understand this stuff that seems to often be flying by overhead - - -
just out of reach . . .

On Mon, Dec 18, 2023 at 8:22 AM wirelessduck--- via Dng
<dng@???> wrote:
>
>
>
> > On 17 Dec 2023, at 23:20, o1bigtenor via Dng <dng@???> wrote:
> >
> > (looking to understand rather than any other . . . )
> >
> > You're running Openvpn - - - is that because you have been running this
> > for a while?
> >
> > Curious as to WireGuard - - - its the 'new kid on the block' but it also
> > purports to be easier to set up. Have you looked at it to date?
> >
> > Comments - - - please ?
> >
> > TIA
>
> The problem I found with wireguard is that it seems to be just a point-to-point encryption tunnel so it doesn’t come with any authentication stack included like openvpn does. 

https://www.wireguard.com/quickstart/    - - - page seems to suggest
that authentication ( at least
I'm assuming that's what the 'key generation' refers to) is a part of
the 'stack'.


>
> Last time I looked at it you need to add user authentication and OTP as a separate layer on top like firezone does with a web portal. I’m also not sure if wireguard includes any capability to setup network routes or if that is another thing you have to DIY or find a separate tool to handle. Openvpn, with its much larger code base, includes all of that plus the kitchen sink. You can hook directly into PAM auth to use your favourite OTP plugin very easily.
>
Same page seems to suggest that something that to me looks like
'network routing' is
possible.

> If you don’t need any of that then I would agree that wireguard is easier to setup.
>
> The main benefit of wireguard seems to be a relatively small code base which is easier to audit, and a very small restricted set of high quality ciphers that can be used. The same cipher list can be achieved in openvpn via configuration but wireguard makes it easy by not even giving the choice of older crypto. I guess being a newer protocol allows such liberties to be taken.
>
Is it possible that you were looking at an earlier version - - -
current seems to be from 202109 AFAICT?

Thanking you for helping to understand what is necessary in setting up
vpn software.

Regards
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] Raspberry Pi 5Re: [DNG] Info about openvpn->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)