Having played with Wireguard I think that it is very good underlying
technology to implement VPN.  It seems to be very robust and tolerates
roaming (client's IP address changing) very well.  But there are missing
pieces before it is ready for mainstream adoption.

The biggest issue that I see is that client IP addresses (whether IPv4 or
IPv6) needed to be managed manually.... if you have a dozen clients
connecting in to the one server, each of these clients must have an IP
address manually assigned and configured at the client, and the server
needs to know what IP address was assigned and if there are any conflicts
(two clients use the same IP address) then I guess the results are
"undefined".  Right now there is no way to have the server manage a pool of
IP addresses and push out to the client a IP address when it connects,
whether that IP is dynamically determined by the server or manually
configured for each client on the server.  Wireguard could never be
deployed on a large scale without this.

Managing IP addresses should not be a kernel task.  So I suspect the raw
VPN technology will get embedded into the kernel and solving IP address
management will be left to some user space utility.  I just don't know if
it will require some supporting capability in the kernel or not.

David



On Sun, Dec 3, 2017 at 3:44 PM, Michael Knill <
michael.kn...@ipcsolutions.com.au> wrote:

> Great thanks Lonnie. Im looking forward to it. Very cool!
>
> Regards
> Michael Knill
>
> -----Original Message-----
> From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Date: Monday, 4 December 2017 at 1:39 am
> To: AstLinux List <astlinux-users@lists.sourceforge.net>
> Subject: Re: [Astlinux-users] AstLinux Pre-Release:
> astlinux-1.3-3534-c5e366
>
> Hi Michael,
>
> > Wow (WireGuard) looks super easy to set up.
>
> Indeed, the easiest VPN you ever have setup, particularly for site-to-stie
> scenarios routing networks across the VPN.
>
>
> > So is it ready for production?
>
> I have had in production a remote AstLinux box (SIP / HTTPS) over
> WireGuard for a few weeks now ... works perfectly, never missed a beat,
> different ISP at each end.
>
> Officially, I would look for a 1.0.0 release and acceptance into the
> mainline Linux kernel as milestones indicating WireGuard's
> production-readyness ... should happen soon, but not yet.
>
> Definitely worth testing now.
>
> Lonnie
>
>
>
> On Dec 2, 2017, at 10:26 PM, Michael Knill <michael.knill@ipcsolutions.
> com.au> wrote:
>
> > Wow looks super easy to set up. So is it ready for production?
> >
> > Regards
> > Michael Knill
> >
> > -----Original Message-----
> > From: Lonnie Abelbeck <li...@lonnie.abelbeck.com>
> > Reply-To: AstLinux Developers Mailing List <astlinux-devel@lists.
> sourceforge.net>
> > Date: Sunday, 3 December 2017 at 10:13 am
> > To: AstLinux List <astlinux-users@lists.sourceforge.net>
> > Cc: AstLinux Developers Mailing List <astlinux-devel@lists.
> sourceforge.net>
> > Subject: [Astlinux-devel] AstLinux Pre-Release: astlinux-1.3-3534-c5e366
> >
> > Announcing Pre-Release Version: astlinux-1.3-3534-c5e366
> >
> > Particularly notable is the addition of the WireGuard VPN.
> >
> > The AstLinux Team is regularly upgrading packages containing security
> and bug fixes as well as adding new features of our own.
> >
> > -- WireGuard VPN, new package; an extremely simple yet fast and modern
> VPN that utilizes state-of-the-art cryptography.
> > http://doc.astlinux-project.org/userdoc:tt_wireguard_vpn
> >
> > -- Asterisk 13 version bump to 13.18.3
> >
> > These pre-release images are for those who would like to take advantage
> of the AstLinux development before the next official release, as well as
> providing testing for the project.
> >
> > The "AstLinux Pre-Release ChangeLog" and "Repository URL" entries can be
> found under the "Development" tab of the AstLinux Project web site ...
> >
> > AstLinux Project -> Development
> > http://www.astlinux-project.org/dev.html
> >
> > While these images are considered 'stable', the lack of testing will not
> make these images suitable for critical production systems.
> >
> > If you should come across an issue, please report back here.
> >
> > AstLinux Team
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Astlinux-users mailing list
> Astlinux-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/astlinux-users
>
> Donations to support AstLinux are graciously accepted via PayPal to
> pay...@krisk.org.
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to