WireGuard, a Revolutionary VPN Project, Adds Support for Android ROMs
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it plans to be cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Have you been in contact with devs behind DD-WRT, AsusWRT-Merlin, Tomato, etc. to help them integrate it into their router firmwares? I'm interested in the improved security, but it won't be easier than OpenVPN for a lot of people until it's baked into their router.
As far as router firmware goes, in addition to the ordinary Linux distros, it's also integrated into OpenWRT/LEDE and EdgeOS. I haven't talked to the DD, Merlin, and Tomato people yet though. That's a good suggestion.
I just found about this on xda. What do you guys think?
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.
Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup. _________________ KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
Edit: Ignore above question. I thought there is a comparison chart which shows IPSec having a greater performance than WireGuard. But you meant having a great performance, closer to WireGuard but significantly better than OpenVPN.
Thanks for the response.
Last edited by KittyChampion on Tue Nov 28, 2017 20:52; edited 1 time in total
Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.
Some instructions on how to get it running would be good! As far as I understand you first enable freeradius and generate certificates. Not entirely clear if it's enough to then just enable IPSec server and transfer certificates to the clients. Not clear what to put in the ip/net field under "clients". _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.
Quote:
WireGuard has been designed with ease-of-implementation and simplicity in mind. It is meant to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities. Compared to behemoths like *Swan/IPsec or OpenVPN/OpenSSL, in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, WireGuard is meant to be comprehensively reviewable by single individuals.
Sounds good, but not widely supported, as you can see by their comparison, IPSec has great performance. IPSec support is all over the place. Android,iOS,Android natively support IPSec. Not sure how easy it is to auto generate the config for this new vpn solution.
Once I have time again, I'll work on IPSec again, last time I tested the integrated IPSec (in my builds) it just needed a few clicks to set it all up including client setup.
I would love a guide for this. I think some "easy" to setup IPSEC vpn is a huge miss in dd-wrt. Everyone on ios/mac os cannot use PPTP anymore. _________________ Internet Router: Edgerouter ER-X v.1.10
Acces Point: R7000 v. Latest Kong
Never heard of them, I would definitely want to make sure that code were well audited before sticking it into the kernel of any device.
This isn't brand new; only the Android integration aspect (is now easy). The XDA article stated that Greg Kroah-Hartman (maintainer of various Linux kernel subsystems, for those that don't know) was involved in a code review with "a few" others:
...few of us did a "code walkthrough" of the wireguard kernel codebase, displaying it on a large screen and walking through the various functionality "here's the receive path, here's the transmit path, here's the cookie handling, etc." which was really informative and highly recommended. I could only stick around for 4 hours, but I saw the main portions, and the other participants finished out the rest a few hours later.
Now I'm trying out a "commercial" vpn who is offering wireguard nodes, to see how well that works out. So far it's just so much simpler to configure and run than any OpenVPN client so on that point alone it's worth it.
Also, "The WireGuard protocol...has been formally verified in the symbolic model using Tamarin" with details here:
https://www.wireguard.com/formal-verification/ _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Thanks. Very interesting, AzireVPN has been somehow below my radar.
AND WireGuard currently is free at AzireVPN:
Quote:
WireGuard with AzireVPN is currently free for everyone
Everything has been running smoothly so far, and we are now interested in testing our WireGuard infrastructure at larger scale. We have therefore decided to open up our WireGuard servers for free. Simply sign up to connect to all of our WireGuard endpoint locations!
Joined: 30 Jan 2015 Posts: 676 Location: Texas, USA
Posted: Sun Jan 21, 2018 0:52 Post subject:
Cant't wait... Pretty impressive benchmark: _________________ ASUS GT-BE98 PRO Main: Fiber 5gbps up/down
ASUS AXE16000: AI Mesh node
2 X ASUS RT-AX89X: AI Mesh nodes
QNAP QSW-1208-8C 12-Port 10GbE Switch
XS712T ProSafe 12-Port 10GbE Switch
3 X R9000 DD-WRT Mesh
Anyone tried it? Have viewed some of BS changes in the SVN and WireGuard seems to replace "eoip-networking" which I've never tried. WireGuard seems promising. If it works well I'll replace a couple of OpenVPN bridges with it when available. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Upgraded one of my routers to Kong newest build (34790). Noticed that the tab named eoip-tunnel is now called “tunnel”. This under the “Setup” tab.
There are two alternative tunnels selectable. Suspect the first alternative is WireGuard.
Have no information on how to setup though.
When I setup a second router with a recent build and have time to spare I’ll look into it further. _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Joined: 31 Oct 2015 Posts: 5 Location: Stuttgart, Germany
Posted: Sat Feb 10, 2018 13:10 Post subject:
wabe wrote:
Upgraded one of my routers to Kong newest build (34790). Noticed that the tab named eoip-tunnel is now called “tunnel”. This under the “Setup” tab.
There are two alternative tunnels selectable. Suspect the first alternative is WireGuard.
Have no information on how to setup though.
When I setup a second router with a recent build and have time to spare I’ll look into it further.
Hey guys,
I set up a EoIP Tunnel on the newest beta version 34876. What do I have to do next to route all my traffic through that EoIP tunnel?
My Asus nt18u is connected to another router via LAN where he gets his internet connection from.
I already set up a wireguard vpn connection on my android smartphone with Mullvad VPN. Works perfect and is amazing fast so I want to set it up on my router, too.