@sir One thing to note about WireGuard is that it's by default less private than OpenVPN right now, so one must be careful about that.

@martijnbraam @sir
> The WireGuard protocol alone can’t ensure complete privacy. Here’s why. It can’t dynamically assign IP addresses to everyone connected to a server. Therefore, the server must contain a local static IP address table to know where internet packets are traveling from and to whom they should return. It means that the user's identity must be stored on the server and linked to an internal IP address assigned by the VPN.

nordvpn.com/blog/nordlynx-prot

@d_ @martijnbraam rich coming from NordVPN which uses authentication to tie you to your breaking billing info

@sir @d_ @martijnbraam They fail to convey the actual problem. Is the problem that they have to store the user's public key and according private IP on all their nodes? When using OpenVPN you transmit user/password, which doesn't seem any better.

@d_ @sir I don't see how the ip being static or dynamic changes anything, the host still needs to know what traffic to route to you. also the ip addresses inside the tunnel don't need to correlate with anything actually.

wireguard removed all provisioning crap from the protocol, which is a good thing. if provisioning worked on openvpn I wouldn't need a 30 line config file on the client side...

@martijnbraam @sir I guess I'm a bit on the paranoid side, I don't fully understand OpenVPN vs. Wireguard so I've been conservative about jumping on to it.

@d_ @sir if you're self-hosting wireguard then it doesn't matter a bit. and in most cases wireguard is easier to set-up

@martijnbraam @d_ @sir

Isn't it so that Wireguard hasn't yet been properly audited?

@sir small add on, there is a go implementation of #wireguard around and therefore it is working well on android, openbsd, freebsd and AFAIR even Mac and Windows (windows client is still beta)

@sir I'd also recommend thatoneprivacysite.net/ for an objective overview of VPN (and e-mail) providers ;).

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!