1

Is Wireguard suitable for road-warrior scenarios where the IP address of the client keeps changing? If anyone tried it out already, I also would like to know if it's really easier to setup than, say, OpenVPN.

Sybil
  • 1,435
  • 2
  • 15
  • 29
eternaltyro
  • 817
  • 7
  • 16
  • 1
    "easier to set up": you often wouldn't go in and hand-write your openVPN config and generate keys and set up distributable configuration files and…; you'd just swoop in and use a VM appliance, that does all this for you. "Streisand" is a famous one that people seem to like. It comes with easy steps to give you VPN access via a lot of different tools, among these *both* wireguard *and* openVPN (and the other usual suspects). So, when someone else does the setting up for you, does it matter which is easier? – Marcus Müller Aug 06 '18 at 22:44
  • 3
    But yeah, writing an OpenVPN config that suits non-standard needs gets pretty involved pretty quickly, and wireguard is pretty awesomely easy with respect to that. Also, you can choose (presumed to be) unsafe ciphers with openVPN, if you try to. Wireguard doesn't even come with legacy ciphers. – Marcus Müller Aug 06 '18 at 22:45
  • @MarcusMüller In this case, I'm the one that'll be setting things up. I've managed to setup Wireguard manually. Never have tried Steisand. Will give it a spin and post an update. From the client's perspective, does it have off-the-shelf client apps on Linux, Mac, Windows? Like, say, Tunnelblick for OpenVPN on Mac? – eternaltyro Aug 18 '18 at 07:06
  • @eternaltyro Yes, there are client apps, and yes it's easier than OpenVPN because you don't need to run your own CA, which is just plain silly. For server installations, use an Ansible. See my article [Protecting your cloud networks with WireGuard VPN and Ansible](https://consensus.enterprises/blog/protecting-cloud-networks-wireguard-ansible/). – colan Feb 05 '21 at 17:19

1 Answers1

7

Yes, WireGuard does an extremely good job at preserving your connections even if your local IP keeps changing. Wireguard connections are also super fast to establish, such that if you suspend your laptop and then resume later, your wireguard VPN connection will be immediately available without having to do anything on your part.

Whether it is easier to set up is more difficult to judge, as "easier" is a very relative term. GUI tools for wireguard are still missing from many distros, so the most straightforward way to set up your wireguard VPN is using command-line. Mullvad provides a few handy guides (and they also are one of the very few commercial VPN providers offering wireguard support):

https://mullvad.net/en/guides/category/wireguard/

mricon
  • 6,238
  • 22
  • 27