1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

    Dismiss Notice
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

WireGuard worth the risk ?

Discussion in 'VPN' started by JoeBee, Feb 13, 2020 at 4:56 PM.

  1. JoeBee

    JoeBee Occasional Visitor

    Joined:
    Dec 14, 2019
    Messages:
    31
    Hi I see many jumping on the new kid of the block WireGuard protocol but came across a good read here:

    https://restoreprivacy.com/wireguard/

    Despite the back and forth debate between many top VPN providers especially Mullvad, Azire, Nordvpn and AirVPN, AirVPN state that they will not use their Customers are testers and just like the article said its not recommended. I personally rate Airvpn and mullvad right on the top so this competitive drama is nuts to see.

    Do you feel its still safe to use WireGuard with Mullvad, Azire and other WG supporting providers or do you feel it's a pass for now ?
     
  2. Butterfly Bones

    Butterfly Bones Very Senior Member

    Joined:
    Apr 10, 2017
    Messages:
    1,178
    Location:
    USA
    JoeBee likes this.
  3. distilled

    distilled Occasional Visitor

    Joined:
    Feb 7, 2020
    Messages:
    29
    Folks worrying over the efficacy of cryptographic protocols might be better off using different technology to begin with.

    If a person does something like stream pirate content to Kodi, or download the occasional movie, it is highly unlikely the copyright owner is going to go to much effort to track them down. The lowest hanging fruit may get snagged, but in general, if you avoid having your IP show up in honeypot torrents, you are fine. If it does show up, you risk getting a nastygram from your ISP that might threaten to disconnect your internet connection if you get caught six or seven more times in the next week.

    On the other hand, if you are a Christian missionary in Iran who is using social media to spread the word of Christ, you have more to concern yourself with. And if you are involved in government espionage and have to contend with cyber-warfare military matters, you have another set of challenges.

    In short, you need to assess the risk and plan accordingly. Use the proper tool for the job. Know your enemy. Another cliché here.

    What follows is a history lesson that I will enjoy typing more than you will enjoy reading.

    VPNs became relevant when T1s and internet access became less expensive than the packet switching and frame relay and dedicated PRI lines that were commonly used at the time. A methodology was needed to connect remote locations across the uncontrolled internet, and a VPN is ideally suited to take the place of a dedicated line by making it dedicated logically, by using encryption. VPNs were never designed to provide privacy, they provide security, which is a different thing. Any privacy lent by a VPN is incidental to the intended purpose.

    People quickly started realizing that we could leverage things like VPNs and SSH forwarding to glean a little privacy for little things like obscuring web surfing from our employers, and we could use them to bypass firewall restrictions (Napster on the OC48!) and a whole cottage industry selling VPN service for privacy sprung up like mushrooms on the forest floor after a good rain. And most of those boomers aren't the good kind. Many will come back on you. But that is a different story.

    The point here is that VPNs work fine as a disguise, and they do provide a degree of security. But if you are starting to seriously worry about whether people like Linus Torvalds are correct when they praise Wireguard, then you are either worrying too much, or you have a much bigger target on your back than most people participating in torrents. And if it is the latter - if you are in Iran converting Taliban - for the love of Jesus, start using Tor or I2P. Those are the ONLY public solutions designed for actual anonymity.

    TL;DR:
    Steal TV? Wireguard = Good.
    Protecting corporate data? Wireguard = Good.
    Planning an assassination? Maybe you need more.

    Don't use a screwdriver as a hammer.
     
  4. heysoundude

    heysoundude Very Senior Member

    Joined:
    Sep 20, 2016
    Messages:
    644
    This guy ^ understands Commo OpSec.


    Sent from my iPhone using Tapatalk
     
    royarcher and Butterfly Bones like this.
  5. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,177
    not distilled enough :p .
    A VPN does not fully protect you, as you still have your browser, which is why a proxy is needed.
    If you use a proxy, you can go with SSL to have a secure line, but irregardless of VPN or proxy, the server will always be visible to your ISP meaning that your ISP knows you visited it. However you can chain proxies and VPNs. Proxies have the additional benefit of being able to manipulate your requests, something VPNs cant do.

    If you need to be covert, a proxy does a better job.
    If you need to be anonymous, a proxy does a better job.
    If you just need secure connectivity between 2 spots to extend the network, use a VPN.
    I've used a public VPN before, it leaked a lot of users who were on the same network.

    Now getting back to the point, wireguard vpn is worth it. i havent tried it, but they are less arrogant than ubuntu and openVPN, thats why when i can i am switching to wireguard. Its not just a question of which is faster or more secure, but when your options are limited, wireguard is better than openVPN.
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,573
    Location:
    UK
    So you're saying that WireGuard is "better" because you think the OpenVPN developers are arrogant.
     
    distilled and Butterfly Bones like this.
  7. distilled

    distilled Occasional Visitor

    Joined:
    Feb 7, 2020
    Messages:
    29
    Nope. Neither a proxy or VPN are anonymous. Both redirect, but neither provide true anonymity. Even a botnet with a rotating proxy chain is not anonymizing, only more thoroughly obfuscating.

    I will explain the distinction in more detail if you like, but in short, only Tor and I2P provide more than a cloak.

    Edited because apparently spellcheck thinks botnet means BITNET...
     
    Last edited: Feb 15, 2020 at 10:19 AM
    coxhaus likes this.
  8. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,177
    not even Tor as most nodes on Tor networks are government/intelligence owned, a weakness of Tor. You also cant pick your nodes on Tor.
    You can pick your nodes with VPN and proxies. I did not say they are fully anonymous either but lets say you are doing espionage, and you want to hide yourself from the target, a VPN will do you no good for that, a proxy will as a proxy hides you from the target, as proxies can be made (even customised if you are a coder, much much faster than making a new kind of VPN), to manipulate your requests and packets however you so please..

    No for hiding from ISP, SSL is already a tunnel, as whether you use VPN or proxy, the first node is always visible to the ISP. Tor is no different from a VPN or proxy only that you cannot pick your nodes, and with a proxy, you can actually set up your own around the world easily to deploy custom code Many routers also run nginx so if you have compromised routers you can install php on them and upload your custom proxy, something you cannot do with Tor.
     
  9. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,177
    more than that, its not mainstream so no one bothers to block it when blocking all VPNs.
    Better in a few ways, openVPN is already blocked in some places, wireguard isnt.
    Less arrogant support means if theres something you cannot solve, you will get an answer rather than "do it their way"
    Because they are less arrogant, that means they will go further when developing it rather than stagnated development.
     
  10. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    10,573
    Location:
    UK
    I find this a strange logic. WireGuard is "better" because hardly anyone is using it. Surely it's only a matter of time...

    But in my (limited) experience VPN services are blocked by their IP address not whatever protocol happens to be used.
     
  11. System Error Message

    System Error Message Part of the Furniture

    Joined:
    Oct 14, 2014
    Messages:
    4,177
    only public ones, but many who use it create private tunnels. For example lets say you know someone over the internet, you could from a tunnel with that guy say from china using wireguard so that guy can bypass the country's restrictions and monitoring.
    Wireguard isnt that hardly used, just that more effort is spent into blocking the 4 regular types of VPN and also openVPN due to their age and that they have the highest number of uses. If wireguard is able to keep to the demand, it would then be impossible to block wireguard should it use the same profile as an existing essential service requred for the internet to work. Its also decently secure that its definitely a consideration too. Other alternative is IKE.
     
    ColinTaylor likes this.
  12. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    32,075
    Location:
    Canada
    Since we're dealing with security products here, people should keep in mind that while the OpenVPN code went through two audits over the past few years, the Wireguard code still hasn't been properly audited.

    It doesn't mean that the Wireguard isn't solid/secure, just that it hasn't been proven so yet.
     
    Kingp1n, heysoundude and L&LD like this.