The Challenges With Wireguard Usage and Market Adoption

Blog post from IPFire blog.ipfire.org/post/why-not-wireguard
How To Build Your Own Wireguard VPN Server in The Cloud
ruclips.net/video/7yC-gJtl9mQ/видео.html
Testing Wireguard in the pfsense 2.5 Beta / Development Release
ruclips.net/video/PinVqihuvBQ/видео.html

For me, the real killer feature of wireguard (and the reason we are moving all stuff to wireguard) is the non-discoverability of it. In a nutshell, if you don't know the secret you cannot determine that the server is there (by portscan.. network traffic analysis can of course spot it)... Also performance is around 2x in regards to openvpn even on hosts with aes hardware accel..

Currently have our entire NOC running on wireguard.. All my teammates couldn't be happier.. It's a simple and more reliable solution.

I will never go back openvpn network i use to have alot issue when traffic hit over 100mbps it becomes very slow 🐌 .now am using wireguard am doing 200mbps and is stable with no lag issues

The beauty of wg are exactly these 'shortcomings': it is just a performant, unchatty and encrypted tunnel network interface. Which actually can be used as is, without pulling in a whole stack of stuff.

I was excited to see Wireguard on my Untangle (home license). I was dissapointed that it was an additional cost for home users. This was shortly before they came out with the Home Pro license.

Wireguard is so fast on pfsense that I’ll never go back. Ipsec is a pain to set up and openvpn is slow as heck

I get that for network professionals and some applications it is necessary for you to have many of those features you talk about, but those are not all of the use cases, and that's not Wireguard ideology.
Wireguard just pretends to be the tunneling technology module, and if you want to add to that you need to create something else that manages the wireguard tunnel.
But, for example, for someone like me that just wants an easy and fast way to connect to my network from the outside, Wireguard is without a doubt the best solution.

Regarding user management, specifically around LDAP/AD integration. I think that level of integration is something that we will (hopefully soon) look back on as being "RDP listening directly on the internet" levels of bad.

Why replace DOS with NT when DOS works fine ? Yes IPSec will be used for a very long time as the Palo and ASAs of this world will move in 20 years. Palo alto and Cisco being terrible is not a valid reason to not switch where you can. OpenVPN is not used in big industry anywhere near as much as IPSec.
So IPSec will be around for a long time, OpenVPN will be replaced faster than you think.
The fundamental design of Wireguard is just better.

I setup vpn server on my AWS cloudnspace. It’s hard to use on public wifi hotspot networks requiring signing on captive portal because it seems to already encapsulate and encrypt all traffic not allowing WiFi network to send login page. Some networks even block, because it uses non-standard ports while ikev2 work fine.

I was using wireguard on my Merlín router and anytime a file transfer would occur my CPU usage spiked, so went back to OpenVPN and the CPU spikes are gone but my speeds are a bit crap again, but at least it doesn’t slow down my whole home network or create lag spikes when gaming on consoles.

IMO, Wireguard is NOT easier to use. The client software on Android and Windows require manually entering text that you have to find on the internet and the documentation assumes you understand the concept of creating a tunnel on both ends and defining the peer (and some of them call it an endpoint!!!!) on both ends. Tailscale fixes this?

Everyone keeps saying WireGuard is faster than everything else. This is false of course. They are just comparing it to OpenVPN and other user-spacy solutions that are horribly inefficient. A modern IPSec setup is generally on par or faster than WireGuard. And in many cases hardware offloaded for even crazier efficiency. But this is just a pretty tiny gripe with messaging I guess :)
IPSec has its share of issues of course. So. Much. Historical. Cruft.

My serious gripe with WireGuard (at least, every common implementation of it) is how much it sucks at dual stack transport. Roaming is completely broken if a dual stacked client moves to a single stack network, or moving between one type of single stack network to another. From a user experience POV this is just terrible with the VPN just randomly stop working when moving around. And this from a modern solution! Big oof.

Wireguard with pia VS openvpn with pia. Wireguard runs faster than openvpn in my situation. With openvpn I achieved max 200 Mbit download.. With wireguard I reached almost 420 Mbit.

Pretty good discussion (and quite a lot of negative comments) about that blog post at Hacker News: news.ycombinator.com/item?id=22591454 So I would take that blog post with a grain of salt.

The devil is in the details. I will only use wireguard for a VPN provider for an iPad or laptop. Single host to VPN with no QoS just FIFO for bursty interactive data type traffic like web, ssh. Wireguard is completely inappropriate when you want deterministic endpoints in a multiWAN environment where you’re running a dynamic routing protocol like OSPF, and where you might want to QoS the voice and RDP within the tunnel. Also wireguard is tunnel only and for some remote access support vpns you need tap interfaces so you can configure devices where no default gateway has been set or you’re migrating gateways so need to be on the same broadcast domain. Wireguard is just a new and very limited tool in the VPN arsenal. I’m glad it’s there but is by no means the be all and end all.

I love Sriracha!

Not sure why YT would recommend your video to me, but basically taking 9 minutes to say "read an article" and "because Cisco" is not good content mate.

Like # 43

wireguard can be stopped for a few minutes by simple police cop with mobile device and on the same time they're downloaded your data to check what you watching exactly the same about open vpn sorry vpn is great only for protection from local hackers and definitely not for the professional hackers