IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [wireguard]

21 questions
12
votes
2 answers

WireGuard VPN: how safe is it for production in its current state?

In our project we had to build a VPN to get through to computers residing behind NAT. I never did it before. While looking for suitable software I came across WireGuard which claimed to be very simple. After some reading I indeed was able to setup a…
user1876484
  • 279
  • 3
  • 6
4
votes
2 answers

Compression and Encryption against security issues

I'm having a hard time knowing whether the following setup is vulnerable to CRIME/BREACH type attacks (which target HTTPS). I am running a Wireguard VPN that tunnels VXLAN protocol, using ChachaPoly20 encryption. I would like to add CPU cheap…
Orsiris de Jong
  • 143
  • 6
3
votes
1 answer

WireGuard / CVE-2019-14899: How secure the protocol really is?

I've been using OpenVPN and SSH tunnels for a multitude of scenarios over the years and recently I've been earning a lot of buzz around the simplicity and security of WireGuard. Now I've found some troubling information about CVE-2019-14899: An…
TCB13
  • 217
  • 3
  • 7
3
votes
1 answer

Is there a security vulnerability in setting a public DNS entry to a private IP Address?

I recently set up a wireguard server-network configuration with a home server and client devices. I have one main domain that I hope to route everything through via subdomains (in this example, abc.example.com, def.example.com, etc.). I hope to use…
Will Pike
  • 133
  • 5
2
votes
1 answer

What's the wireguard "key" exactly used for?

In here, it is required to actually share your wireguard public key to be able to port forward: https://mullvad.net/en/help/port-forwarding-and-mullvad/ So if this key is actually used for encryption, why would Mullvard need to specifically only…
45145818
  • 21
  • 1
2
votes
1 answer

Logging into remote server via SSH using VPN (Wireguard). Is it foolproof?

I have a remote server into which I login via ssh. On this server I have setup a Wireguard VPN to which my host connects. The ssh server (ssh daemon) listens on a private IP interface (the server's Wireguard interface). It seems to me that the only…
Kibartas
  • 123
  • 1
  • 5
1
vote
2 answers

Why do site operators block legal VPNs?

I use OpenWrt and by default all outgoing traffic is tunneled through Wireguard VPN endpoint (provider from the list of privacytools.io recommendations). Often I get an "Access Denied" or the page does not load (timeout). Famous local sites, which…
Sybil
  • 1,435
  • 2
  • 15
  • 29
1
vote
0 answers

How roaming works with ssh private keys?

This occurred to me when looking at the security model wireguard is using. Instead of relying on users credentials and Radius authenticating central server each user has a private key used to authenticate VPN. This is modeled after SSH PKI. But how…
Daniel Krajnik
  • 11
  • 2
1
vote
0 answers

Wireguard is blocked in Iran , what can I do?

Brief description : I think Wireguard is blocked from special datacenters like Hetzner. How can I bypass the government firewall? Is there a way, for example, a plugin or something to mix it with original wireguard to get it to work? Details…
Parsa
  • 111
  • 2
1
vote
1 answer

Block WireGuard clients' access to specific websites

I have installed a WireGuard VPN server on a Raspberry Pi (running Raspbian) using PiVPN and I would like to either block the VPN clients to access specific websites (i.e. block them access https://www.foo.com and https://www.bar.com) or let them…
G. Digkas
  • 11
  • 2
1
vote
1 answer

Wireguard: Is it suitable for road-warrior scenarios?

Is Wireguard suitable for road-warrior scenarios where the IP address of the client keeps changing? If anyone tried it out already, I also would like to know if it's really easier to setup than, say, OpenVPN.
eternaltyro
  • 817
  • 7
  • 16
0
votes
0 answers

Comparing Wireguard to IPsec: Is Wireguard working like transport- or tunnel-mode?

I'm deeper into different VPN technologies for university and wondering, how Wireguard is handling the IP-packets (header and payload) compared to IPsec's tunnel and transport mode. May someone explain that to me?
bitdruid
  • 1
0
votes
2 answers

Is WireGuard fixed IP address obtainable by LAN clients if VPN is running on the router? WebRTC/STUN risk?

WireGuard does not assign dynamic IP addresses, which may be a privacy risk. It is known that while WireGuard may offer advantages in terms of performance, by design it is not ideal for privacy, because it doesn't allocate VPN IP Addresses (10.*)…
Opayq
  • 3
  • 2
0
votes
1 answer

Risks posed by a wireguard connection to a compromised server

I am trying to understand the risks posed by having a wireguard connection under a very specific and narrow set of circumstances. I have a desktop at home that is behind a router/firewall and is not exposed to the internet in any way. I am…
gauss
  • 3
  • 1
0
votes
0 answers

Azure VPN through Wireguard VPN - 'Name Not Resolved'

I have setup a wireguard (WG) vpn server on a raspberry pi that connects to my home internet and I connect to this with my work laptop through a VPN router. On my work laptop, I get access to several pages through an Azure VPN executed from the…
GeorgescuRoegen
  • 1
1
2