OVPN julkaisi pitkän beta testijakson jälkeen viimein iOS käyttäjille vakaan version wireguardilla varustettuna:
OVPN's iOS app has been beta tested by users since April. Today, we're releasing it to everyone. The iOS VPN app only supports WireGuard because it is a more suitable VPN protocol for phones.
www.ovpn.com
Airvpn ei tue vieläkään wireguardia, tässä on heidän perusteluja parin vuoden takaa miksi airvpn vielä(kään) ei tue wireguardia
Why should we do that? In other words, what advantages in terms of security and/or performance do a user get from Wireguard (over OpenVPN) when deployed before an audit has been performed?
In terms of performance, we are concerned about this:
https://www.wireguard.com/performance/
The Wireguard performance is low, while the OpenVPN reported throughput is fake. Remember that we could beat in a single core of an archaic Q6600 CPU 300 Mbit/s in 2014. In 2018 (just a couple of weeks ago) we have obtained 1.7 Gbit/s on our AES-NI optimized machine with a load of 300+ clients practically in just ONE CORE of an E3-1270 @ 3.80 Ghz with a Linux kernel 4.9 and AES-256-GCM (so we could even go higher with ChaCha20 Poly305).
The fact that in the Wireguard web site not believable data for OpenVPN is published is a reason of concern. Then, the performance of Wireguard is not interesting, especially on a core of an i7 with ChaCha20.
On top of that, it is unfair to deploy to our customers a service based on a software that's not yet been tested enough in our opinion. USA Senator Wyden recently recommended Wireguard to replace everything (IPsec, OpenVPN...) in USA infrastructures and recommended to recommend Wireguard to NIST:
https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Senator-Recommends
Why this requirement before any serious audit when we know for sure (from the Snowden documents) that plans to insert backdoors in random number generators and other cryptography-related software, and then have that very software approved by NIST, started several years ago? This is another reason of concern that maybe makes Wireguard wide deployment premature: it is safer to check deeply the software and the ECC employed first, and then deploy to the public.
Remember what happened with the infamous Dual_EC_DRBG, we are not short on memory like some of our competitors are, and we are not trading your security for a fistful of dollars by riding the Wireguard hype. When and if Wireguard will prove to be as secure as OpenVPN, and capable to provide the same (or higher) performance, and provide obfuscation and more protocols choice, then we'll be very happy to experiment with it.
https://en.wikipedia.org/wiki/Dual_EC_DRBG#Software_and_hardware_which_contained_the_possible_backdoor
Tässä linkki koko keskusteluun jos jotain kiinnostaa.
Hey guys, I was wondering now that your other competitors are actively integrating Wireguard into their offerings, when do you think youll have something ready for your customers?
airvpn.org
En tiedä miten tosia nuo asiat on mistä tuossa keskustellaan kun en aivan kaikkea ymmärrä. Nyt käytössä on just tuo airvpn ja on kyllä ollu erittäin hyvä palvelu ilmankin wireguard protokollaa. Toisena vaihtoehtona olen tiiraillut just tuota OVPN palvelua, näyttää kyllä hyvältä kaikipuolin mutta vielä ei ole tarvetta vaihtaa mihinkään koska tuo airvpn on vain todella hyvä vielä. Voi mennä vielä pitkäänkin ennenkuin airvpn tukee wireguardia, mutta en sitä edes koe tarpeelliseksi mitenkään.
Mullvad & OVPN samanhintaisia joten valinta olis kyllä vaikea kumpaan kallistuisi jos oli pakko vaihtaa jompaankumpaan. Muita vaihtoehtoja en juurikaan itselle salli. Toistaiseksi Airvpn on vielä mukavasti tuntuvasti halvempikin kaikkine juttuineen että tuskin vaihdan pois tuolta ellei jotain Kape:n kaltaista yritysostoa tapahdu. Mielestäni Airvpn foorumilla oli jonkinlainen "lupaus" siitä että eivät mistään hinnasta myisi itseään Kape:lle...Mutta mieli voi muuttua kun tarpeeksi rahaa laitetaan pöydälle. Tuskin nuo Kape:n vpn ostot vielä tähän loppui, saas nähdä kuka seuraavaksi.
Edittiä, löysin vielä vähän tuoreempia perusteluja ja suunnitelmia Airvpn foorumilta.
"
When we put Wireguard into production, OpenVPN will stay, so investing in our own OpenVPN development is perfectly fine.
Just a few reasons that make
OpenVPN superior to Wireguard for many, different needs:
- it's faster than Wireguard in AES-NI supporting systems when it uses AES. Have a look here!
-
- it can be connected over stunnel, SSH, SOCKS5 and HTTP proxies, and Tor swiftly
-
- even for the above reason, for an ISP it's not so easy to block OpenVPN, while it's trivial to block Wireguard
-
- it supports TCP
-
- it supports dynamic IP address assignment
-
- it supports DNS push
-
- it does not hold in a file your real IP address when a connection is closed
-
- a significant part of our customers will not be able to use Wireguard effectively, simply because UDP is totally blocked in their countries or by their ISPs
-
- UDP blocking and heavy shaping are becoming more and more widespread among mobile ISPs, making Wireguard slower than OpenVPN in TCP even in mobile devices, or not working at all in mobility
About Torvalds and Linux kernel, you only tell a part of the story. Wireguard was first put in some Linux kernel line when Wireguard was still in beta testing and no serious audit was performed, and not put in a kernel milestone release.
A further note about battery draining you mentioned in one of your previous messages: our app Eddie Android edition and Wireguard, when used with the SAME bandwidth and the SAME cipher (CHACHA20-POLY1305), consume battery approximately in the same way, so that's yet another inessential point that does not support your arguments and show once more that our investments have been wise.
Finally, let's spread a veil on your embarrassing considerations on ciphers, security, privacy and NSA. Let's underline only that CHACHA20.-POLY1305 is very strong, the cipher algorithm in itself
(if implemented correctly) is not a Wireguard problem in any way.
It would be a reason of deep concern if Wireguard needed OpenVPN defamation to convince us that it's a good software. Unfortunately various bogus accounts have been created with such assumption and purpose, and the hidden agenda is no more hidden."
n. vuoden vanhoja ajatuksia wireguardista kun sitä on niin paljon luultavasti kyselty tuolla foorumilla.
Tuo tuoreempi keskustelu löytyi täältä :