mises 5 years ago

Great to see wireguard is taking Windows support seriously, rather than just using the openvpn driver. Currently on tunsafe, but I'm excited to switch over to the first-party client when it's available.

  • zvrba 5 years ago

    So, genuine question: why would one use a 3rd-party VPN client in windows when Windows 10 comes with a built-in client supporting PPTP, L2TP/IPsec and IKEv2?

    What is better about OpenVPN or Wrieguard?

    • ownagefool 5 years ago

      IPSec is considered compromised by complexity. Your encryption shouldn't come with footguns, the UX should be designed in a way that just works.

      Wireguard has a limited amount of configuration, a small code base and has been reviewed. This gives us a greater level of confidence in it. Obviously this needs to stand the test of time and you'd be connecting to a wireguard server.

      There may be specific technical worries about the IPSec protocol, but I'll leave that to someone more knowledgeable.

      • LIV2 5 years ago

        I can only assume the people who describe existing VPN technologies as "too hard" are the people hired to do things badly in infomercials.

        Setting up IPSec site-site tunnels can be a frustrating experience but setting up IPSEC/L2TP is piss easy with any router I have worked with, maybe it's hard to bang together a working config on a Linux server but I wouldn't know.

        • akerl_ 5 years ago

          I'm not sure where you're quoting "too hard" from; it doesn't occur in the comment you're replying to or in the WinTun site.

          The complexity folks are referring to is the volume of code, number of config options, and the equivalent increase in "wrong but functional" ways the code could work. As an end user, one of the worst possible outcomes is that I set up a VPN and the tunnel works for my traffic, but due to an error on my part or a bug in the code, the connection is not secure.

          Wireguard's codebase is designed to be small, easily auditable, and expose the minimum necessary config choices. This is specifically to guard against these risks.

        • vetinari 5 years ago

          IPSEC with Linux is actually easier than with Windows.

          It's windows that has the special requirements (oh, you have NAT somewhere on the way? You are going to deploy a registry key to all your clients to allow UDP encapsulation. And you have your gateway behind NAT? Now you cannot have your hostname in your Subject Alternate Name (otherwise mandatory), you gotta have the external IP there, potentially breaking all the non-windows clients).

    • mises 5 years ago

      Wireguard there is one clear advantage for me: speed. I got a clear and immediate speed bost, because wireguard is significantly less cpu-intensive, and I was running on an $5/mo VPS. For openvpn, it had good support cross-platform and was reasonably easy to set up. Also, I am fairly sure that at least some of the options you listed are deprecated for security reasons.

    • AckSyn 5 years ago

      When Microsoft breaks the built-in VPN client going from 1803 to 1809 (which has caused me a lot of downtime and troubleshooting), it makes me pause and consider if it'll break again with another update. So I've been considering other options.

      Microsoft isn't known for its stability; especially lately.

atesti 5 years ago

Did someone find the interface specification how to access this driver? Probably by opening the device, but what would one write and read into it? IP-pakets? How to configure the IP and routing?

lousken 5 years ago

can't download the prebuilt file - 404