I've been using the pre-alpha builds since I saw them posted a week or two ago. They've been reliable so far for my simple use cases, and it's nice to move off of a third party Windows client.
Same here. Running of a $5/mo VPS and works fine. Wireguard is particularly helpful here, as I get about double the speed compared to openvpn (server-side CPU bottleneck).
AES-GCM uses way less CPU, should check it out. WG with ChaCha-Poly consumes 4-5 times less (hadn't done benchmarks though, I just have Bandwidth meter and CPU% on my taskbar in Linux side-by-side).
It depends on if you have AES-NI (for AES) and PCLMULQDQ (for GCM), or similar features on non-x86 architectures. Without them, AES-GCM is usually much slower than Chacha-Poly.
The good thing about WireGuard is that it doesn't really have any "complexity and [...] internal mess". A simple WireGuard setup with one client and one server has a 10-line configuration file on each side, with each side knowing their own private key and its peer's public key. I have not used WireGuard for the public VPN scenario, so I don't know if additional firewall rules are required to route traffic from VPN into the public internet, but I would guess as much.
From my limited experience of setting it up the complexity is not in the configs files (also not with OpenVPN as you usually just copy paste some template anyway) but in setting up the routing, iptables etc.
They are great. From Sweden and they are bunch of hackers. They helped pay for mullvad and working on their own clients. They were very early with supporting Wiregurad.
They also over tons of payment methods, including the ability to send them cash threw the post office.
Does this work in the Middle East (Dubai) where we have DPI as good/better than the Great Firewall? Nothing but Shadowsocks [1] seems to be consistent there. Unfortunately I have had poor/no UDP performance on SS even when enabling the UDP Relay on my Mac.
I fail to find the post on the mailing list right now, but iirc the author prefers WG to be the secure part of the equation, with use cases like Dubai/China relying on other tools to mix up/obfuscate the data hitting the wire.
I do hope the author takes this up too. They're extremely talented. Could make a big change in firewall systems.
Iran sometimes does data per endpoint analysis and is able to block any VPNs since they're all single endpoint VPNs. If we were able to split the data to, say a few hundred unique ips it would be extremely difficult to block it.
This is a completely unscientific test, but I saw about 35mbps down on tunsafe vs 45mbps on the new, official wireguard implementation. I imagine this will get better with time.
36 comments
[ 187 ms ] story [ 1425 ms ] threadI don't know if they're reputable, but I have used them in the past – mostly because they supported wireguard pretty early on.
I had no problems with bandwidth or connecting.
It depends on if you have AES-NI (for AES) and PCLMULQDQ (for GCM), or similar features on non-x86 architectures. Without them, AES-GCM is usually much slower than Chacha-Poly.
e.g. https://github.com/hwdsl2/setup-ipsec-vpn
PIA (Private Internet Access) is sponsoring Wireguard development: https://www.privateinternetaccess.com/blog/2018/09/the-curre...
They are great. From Sweden and they are bunch of hackers. They helped pay for mullvad and working on their own clients. They were very early with supporting Wiregurad.
They also over tons of payment methods, including the ability to send them cash threw the post office.
[1] https://shadowsocks.org/en/index.html
Iran sometimes does data per endpoint analysis and is able to block any VPNs since they're all single endpoint VPNs. If we were able to split the data to, say a few hundred unique ips it would be extremely difficult to block it.
You can put it behind stunnel though for example.