On Wed, Oct 03, 2018 at 09:36:11AM -0500, o1bigtenor wrote: > Greetings > > Found what looks to be a quite interesting vpn 'system' called wireguard. Lets start with a disclaimer. I'm helping with the review work for the networking part of wireguard for getting it into the mainline kernel. My knowledge of wireguard it limited to just reviewing the patches. I've not used it myself. > The dev team is still saying, after a couple years of what looks to be > some very active development, don't run this as solid software. From > the chatter that I've read the quality of the software is maybe like > grub where it sat at version 0.97 for what was that - - - about 7 or 8 > years ( and then hit version 2 in no time flat!). I expect something similar will happen here. Once it gets accepted into the mainline kernel, it should really be production quality. However the process of getting it into the mainline kernel is suffering because it has spent so long outside of the kernel, and was developed without involving the kernel community. The code ignores a lot of kernel conventions, and introduces a new controversial crypto library. This is slowly being beaten into shape, but it is taking time. At the moment, the networking part has only been superficially reviewed, because of the kernel conventions it ignores. Those need fixing before anybody takes a serious look at the actual networking code. Jason does seem to be a good cryptographer and coder, so in the end it seems like it will be a good addition to the kernel. I don't think anything found so far during reviews would compromise the security. > I am wanting to use this wireguard between two different routers here > to firmly control not only the in but also the outgoing electronic > communications. > > Perhaps someone has a better solution - --if so - - - I'm looking (grin!). I avoid IPSec. It seems like you can wrongly configure it and traffic you expect to the protected is not. I use OpenVPN. And then ssh/sftp etc on top of that. Security is about having multiple layers. Andrew