WireGuard? #633
Comments
ghost
added
the
|
Related whitepaper: https://www.wireguard.com/papers/wireguard.pdf
|
|
From a personal experience with Mullvad. It was significantly faster for me, may of been because less people use the WireGuard server over the OpenVPN server though. :) |
|
Relevant links: https://airvpn.org/topic/28984-wireguard/?p=76527 & https://www.wireguard.com/#work-in-progress Seems like it hasn't been properly audited yet?
Linus on WireGuard: http://lkml.iu.edu/hypermail/linux/kernel/1808.0/02472.html
|
|
@KenanSulayman
If we recommend WireGuard on the site, we should "warn" users about this. While this is great performance-wise, we should explain why noise is good for privacy. Maybe I could even write something about noise on theprivacyguide.org and we could link to it. I think there are programs that one can run to artificially create noise when not communicating. Privacy-wise, your traffic should ideally look the same when communicating and when not communicating. |
|
@Shifterovich I'd argue Wireguard is more closely related to normal traffic than other VPN implementations, since it only "works" when the requests are made, just like in a normal setting. OpenVPN, etc, our devices are in constant connection with them (if I'm not mistaken), and that would be considered unusual (obviously nowadays not so much, as most pages have autoupdating features, chats and what not). |
|
Good point. Though the traffic would have to be indistinguishable from normal traffic, which it isn't (unless I'm wrong), due to communicating with one IP only, rather than tons of IPs -- like regular traffic. |
|
@Shifterovich
Have OpenVPN and IPSec been properly audited? Linus (Torvalds I presume):
This is not a formal security audit, but it's a big improvement on not audited at all. In summary, there will definitely come a time when information about using Wireguard needs to be added to the site. Probably worth starting a discussion on what that could look like and where on the site it fits. |
IMO, it doesn't make sense to include it until they finally release a stable release, and not just a beta/alpha/whatever they call it. |
|
I’m sure everyone who remotely values their OpSec will already be using WireGuard. |
|
@KenanSulayman
The WireGuard website currently says:
I agree with @jonaharagon, it doesn't make sense to recommend using WireGuard until the developers start recommending production use of their own software. |
|
There's a formal verification of the Noise protocol, which is the primary component of this program. If you're looking for a full audit of OpenVPN, you're up for a surprise. You should not rely on this code. is a disclaimer -- and it shouldn't be just a disclaimer, it should be your basic assumption with everything related to your OpSec. |
|
"You should not rely on this code" is a given yes, the "WireGuard is not yet complete" and "It has not undergone proper degrees of security auditing" are the bigger concerns in the quote there. Not that OpenVPN is too much better as you mentioned, but it's in far, far wider use than WireGuard currently is. |
|
@jonaharagon Beta has never really been a reason to remove software on privacytools.io Just look at Brave or Riot or even TorBirdy. These are all considered beta but also heavily recommended in the privacy community. |
|
Yeah, people often forget that beta does not mean insecure, just that is has not yet reached its target goal. it can be perfectly secure when its beta software, however, as Jonah pointed out, the developers themselves state that you should not rely on it yet, so i am unsure if we want to recommend it. A worth mentioning might be okay though, with a warning. EDIT: words |
|
I believe this decision to be highly uninformed so I take the initiative to reopen the discussion. Feel free to try and change my mind. OpenVPN isn't safe: WrongThe warning on WireGuard's website has been mentioned again and again however it seems you were convinced by the arguments of @19h which are groundless. Yes OpenVPN isn't a good standard. It is old and the code is uselessly long and complex leading to new vulnerabilities found despite the multiple audits. However the chance that a vulnerability will be found in the near future AND is used against lambda users is lower than most vulnerabilities. Moreover, we are a privacy website, not an infosec one. Most of the readers use their computer in VERY insecure ways making a vuln in OpenVPN 1000 times overkill. It completely hides your traffic and doesn't have obvious security flaws. That's all we ask.WireGuard being in the prototype phase isn't a reason to not recommend: WrongWhile it's true that we can and already have recommended software in active development, WireGuard is a special case. The problem doesn't stand with the protocol itself but with it's implementation. WireGuard currently (last time I checked at least) doesn't have any way to be implemented in a secure and privacy friendly way. Currently it can barely be scraped together to make it works in order to conduct tests. The biggest problem is that it needs to store and make readily available all IP adresses of the VPN's customers voiding all promises of not logging IPs:
You can find similar statements from many other VPN providers. You shouldn't use WireGuard and I personally refuse to endorse any VPN actively advertising it. Edit: In case someone would want to open the box of the baseless ad hominem attacks, I would like to add that I don't work for, nor use, Express VPN or any other VPN. I only use Tor and don't really care what you do with your traffic. I just try to prevent ptio from losing face because of what I believe is a dangerously uninformed decision. |
|
Are you by any chance affiliated with ExpressVPN? |
This is incorrect. Any connection, be it via UDP datagrams or a bidirectional TCP connection, requires a valid IP address, and a physical address, to function at all. Therefore, the client IP will be known to any software. Unless configured to be using a strict allowed-ips configuration, WireGuard does not require the knowledge of a singular and static IP address to identify a user. Their public key is the only required identifier used by the underlying implementations to establish a handshake and the both semi-permanent (per connection) and ephemeral (regularly swapped, for PFS, as part of the NOISE protocol). You're arguing with a network systems engineer. Unless your arguments become technical to a level that you can point me to the implementation specifics, this conversation cannot serve any purpose anymore. |
|
I double checked the things I read and now I'm confused. What I believed to be a single issue apparently is two separate ones. Some VPN like ExpressVPN, AirVPN or VPN.ac claimed that WireGuard can't be used without static IPs. |
|
From the linked article:
That is pretty respectable, I'm amazed. I agree with the AzireVPN point. The standard configuration makes the connection between IP and user visible via the Wireguard CLI. This is akin to logging connection attempts in the OpenVPN syslog. That's definitely a weakness. That said, you can probably automate the rollout of VPN servers and lock system administrators out, mitigating this issue. The other claims, however, requiring static IPs, are incorrect and misleading. Even assuming they consider a static IP required to enforce one-public-key-per-user (preventing abuse), reusing a public key would interfere with the connection of another user using that key. |
Can anyone comment on the security of WireGuard? Should be a faster VPN protocol than OpenVPN.
The text was updated successfully, but these errors were encountered: