Reply to post: @ds6

US-Cert alert! Thanks to a massive bug, VPN now stands for 'Vigorously Pwned Nodes'

Sandtitz Silver badge

@ds6

I have not used Wireguard, but let's see...

- IKEv2 is built-in in most operating systems, which is the biggest reason why I wouldn't use Wireguard. Android for some reason doesn't have IKEv2 built-in. I'd rely on either OpenVPN or 3rd party IKEv2 software then.

- No firewall appliance (that I know of) offers Wireguard VPN connections. IKEv2 is not universally adopted by all firewalls either but it's getting there - especially since all (?) modern firewalls support IKEv2 tunneling.

- IKEv2 can use AES which is accelerated by all current CPUs whereas ChaCha in Wireguard is software driven. Not that important feature if the VPN connection is over slow links (<10Mbps)

- IKEv2 is a standard, and based on the earlier proven technology, namely IKE(v1). According to the Wireguard website: "WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change."

I have nothing against Wireguard but at the moment I wouldn't use it for anything except my personal connections, not something I would implement for my clients.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021