@sir One thing to note about WireGuard is that it's by default less private than OpenVPN right now, so one must be careful about that.

@martijnbraam @sir
> The WireGuard protocol alone can’t ensure complete privacy. Here’s why. It can’t dynamically assign IP addresses to everyone connected to a server. Therefore, the server must contain a local static IP address table to know where internet packets are traveling from and to whom they should return. It means that the user's identity must be stored on the server and linked to an internal IP address assigned by the VPN.


@d_ @sir I don't see how the ip being static or dynamic changes anything, the host still needs to know what traffic to route to you. also the ip addresses inside the tunnel don't need to correlate with anything actually.

wireguard removed all provisioning crap from the protocol, which is a good thing. if provisioning worked on openvpn I wouldn't need a 30 line config file on the client side...

@martijnbraam @sir I guess I'm a bit on the paranoid side, I don't fully understand OpenVPN vs. Wireguard so I've been conservative about jumping on to it.


@d_ @sir if you're self-hosting wireguard then it doesn't matter a bit. and in most cases wireguard is easier to set-up

@martijnbraam @d_ @sir

Isn't it so that Wireguard hasn't yet been properly audited?
Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.