Reminder that if you’ve any opinions about VPNs, you should know about WireGuard, which is like the Signal of VPNs. https://www.wireguard.io/
-
-
Replying to @tqbf
I have nothing at all to do with the project, I just think 95% of all deployed VPNs would be 100% more secure if they used WireGuard.
2 replies 5 retweets 16 likes -
Replying to @tqbf
WireGuard eliminates complicated crypto handshaking and adopts a modern, simple cryptosystem derived from Noise. http://noiseprotocol.org/
1 reply 9 retweets 25 likes -
Replying to @tqbf
The WireGuard kernel code is something like 2 ORDERS OF MAGNITUDE smaller than IPSEC or OpenVPN. You can read it in an hour.
2 replies 10 retweets 27 likes -
Replying to @tqbf
Basically, Jason did to StrongSWAN what DJB and Wietse Venema did to Sendmail. We all felt dumb for running Sendmail all those years!
2 replies 7 retweets 16 likes -
Replying to @tqbf
You probably can’t use WireGuard yet. Clientside support not there. You might want a userland serverside. Whatever. Just keep an eye on it.
3 replies 6 retweets 16 likes -
Replying to @tqbf
A brief word about kernel-resident VPN serverside (which WireGuard has).
1 reply 2 retweets 6 likes -
Replying to @tqbf
For site-to-site and client/server VPNs — the majority of all VPNs — it doesn’t matter if your VPN is in-kernel or not.
1 reply 2 retweets 9 likes -
Replying to @tqbf
That’s because the VPN endpoint software should be the only thing running on the system. Any VPN bug is gameover. Kernel is a sideshow.
1 reply 2 retweets 9 likes -
Replying to @tqbf
There is no reason why this _cant_ be written for userspace and not a kernel module.. so why should I CONFIG_MODULES=Y just for that
2 replies 0 retweets 5 likes
1) You can build it directly in without CONFIG_MODULES=y. 2) A [slower] userspace version is on its way.
-
-
Replying to @EdgeSecurity @tqbf
Cool! I promise not to do any high frequency trading with it hahaha
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.