Is WireGuard encrypted?

The WireGuard protocol works by using encryption and network code in order to create an encrypted tunnel between your device and a VPN server. Most VPN protocols use AES-256 encryption but WireGuard uses ChaCha20 authenticated encryption by default .

Is SSH a secure tunnel?

While SSH is commonly used for secure terminal access and file transfers, it can also be used to create a secure tunnel between computers for forwarding other network connections that are not normally encrypted . SSH tunnels are also useful for allowing outside access to internal network resources.

What layer does WireGuard use?

WireGuard is a secure network tunnel, operating at layer 3 , implemented as a kernel virtual network interface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/or TLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

Does SSH use cryptography?

The Secure Shell (SSH) protocol is a method for securely sending commands to a computer over an unsecured network. SSH uses cryptography to authenticate and encrypt connections between devices.

Why is VPN more secure than SSH?

While both SSH and VPN encrypt data to provide security over unsecured networks, VPNs are designed to secure all of a device's internet traffic . In contrast, SSH focuses on securing specific connections to remote servers.

What are the risks of SSH tunneling?

But there are security risks with The SSH Tunneling, if you allow SSH using port-based filtering with the standard port 22, bad actors can use the SSH Port Forwarding as an evasion technique to send non-ssh traffic inside the SSH tunnel, which increases the attack surface because any application can use an open port.

Can WireGuard be hacked?

Protocols such as OpenVPN, WireGuard, or IKEv2 have no known vulnerabilities and are considered secure .

Can WireGuard VPN be tracked?

WireGuard does not provide obfuscation , meaning that internet service providers (ISPs) can see when you are using it — although, of course, they can't see what you're using it for.

Is WireGuard secure enough?

WireGuard is considered safe for torrenting due to its strong encryption and efficient code . Additionally, the simplicity and efficiency of WireGuard contribute to its speed, which is a significant advantage for P2P traffic. You can securely torrent using WireGuard without creating delays.

Does WireGuard encrypt all traffic?

The traffic that flows within the tunnel is of course encrypted , but it must emerge unencrypted on the other end to reach its destination.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (2024)

tptacek on Oct 4, 2019 | parent | context | favorite | on: Vulnerabilities exploited in VPN products used wor...

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer without fussy interactions with a Unix shell (that then also needs to be accounted for in a security model), has higher performance, is practically bulletproof in terms of keeping connections alive, and gets you direct access to whatever resources you've provisioned the network to provide.

I wouldn't ding someone using SSH tunnels (carefully), but in a de novo design, I would always recommend WireGuard first.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (2)

labawi on Oct 6, 2019 | next [–]

>> If all of my remote access can be done via ssh {+ local/remote forwarding}..

> WireGuard .. has higher performance ...

Note there are circ*mstances where ssh port forwarding (-L, -R, -D) is faster than any L2/L3 vpn because it breaks TCP connections in two segments, so any flaky retransmission causing issues are localized, RTTs are smaller, TCP ramp-up is faster, etc.

On the other hand, ssh tun/tap forwarding will almost certainly be slower.

If you are connecting over a flaky wifi/2g/3g connection, possibly to a flaky/distant counterpart, and have performance issues, I would recommend trying (L4 is it?) ssh/socks or even http forwarding via a stable middle host.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (3)

zokula on Oct 5, 2019 | prev | next [–]

Wireguard does not have better performance or is faster verses Openvpn in any independent Benchmark released up to now.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (4)

pm7 on Oct 5, 2019 | parent | next [–]

I was just benchmarking routers in VM. I also tested Openvpn vs Wireguard. Results:

 Openwrt 18.06.4 32-bit wireguard: 645 Mbit/s ping 1.1ms openvpn: 164 Mbit/s ping 1.2ms Openwrt 19 (snapshot r11159) 64-bit: wireguard: 1.16 Gbit/s ping 1.1ms openvpn: 230 Mbit/s ping 1.2ms pfsense 2.4.4-p3 (amd64): openvpn: 115 Mbit/s ping 1.2ms

It was tested by moving traffic between two virtual bridges, Debian>router>Debian, on KVM (libvirt), CPU E3-1270, kernel:4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64

1 core, 2GB per VM

iperf3 -t 60

 Settings: Wireguard: defaults OpenVPN: no compression, udp, tun, defaults

I would also note that I setting wg took about 5-10 minutes while setting openvpn took about an hour.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (5)

tjoff on Oct 5, 2019 | parent | prev | next [–]

Sure there are, many threads about wireguard include performance comparisons to openvpn. Most home routers that can install both see a significant increase (I saw about 3-4x if I remember correctly).

Also see the endless discussions on how to deliver 100 Mbit/s for single connections on OpenVPN. It is absolutely insane, you have to spend many hundreds of dollars on hardware to have a fighting chance. And even if you get hardware acceleration that doesn't help nearly as much as you'd expect. And aside from cost the power consumption required for such hardware is very prohibitive for most.

Meanwhile my phone (first gen. Pixel (so three generations behind)), over wifi, gets at least 60 mbit/s over wireguard to a weak home router and then out to internet.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (6)

ubercow13 on Oct 5, 2019 | parent | prev | next [–]

Do any independent benchmarks show it to be no faster?

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (7)

FDSGSG on Oct 5, 2019 | parent | prev | next [–]

Yeah, but nobody cares. OpenVPN is horribly slow and wireguard isn't, there's no point in comparing these two.

You wouldn't have an independent benchmark comparing a GTR and a semi truck.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (8)

labawi on Oct 4, 2019 | prev [–]

> WireGuard .. is practically bulletproof in terms of keeping connections alive

Try switching between IPv4 and IPv6 networks, or reaching a peer on non-default/primary network on Windows.

Not denying it would usually have better connectivity than TCP based ssh.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (9)

akerl_ on Oct 5, 2019 | parent | next [–]

As an anecdotal point, I’ve been using always-on WireGuard (using a setup that’s essentially a fork of Algo) on my iPhone, iPad, and MacBook for months, via the native clients for each. I routinely hop between countries, SIM cards, WiFi networks, etc. I hit issues with Apple’s built-in captive portal detection (which has to kick in so it gives me the captive portal outside of the always-on VPN), but the WireGuard tunnel itself has been pretty much solid.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (10)

xyzzy_plugh on Oct 4, 2019 | parent | prev [–]

Where do you encounter IPv6 in the wild?

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (11)

labawi on Oct 4, 2019 | root | parent | next [–]

There were multiple complaints on the mailing list about roaming not working on IPv4/v6 transitions. I believe it was mobile vs. wifi.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (12)

emj on Oct 5, 2019 | root | parent | prev | next [–]

I've come across it on Wifi hotspots as well for some reason, it felt like the were deployed by a telecom company (cellular being most common way for non tech people to use IPv6 on my sites).

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (13)

AceJohnny2 on Oct 5, 2019 | root | parent | prev [–]

Cellular networks.

Cellular networks abroad.

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (14)

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer... (2024)

FAQs

Yes. WireGuard is cryptographically superior to SSH, attaches at a network layer...? ›

Is WireGuard secure enough? ›