I couldn't find any information on whether or not this uses wireguard-go internally? Or maybe even the Rust implementation?
p.s. the snow on https://data.zx2c4.com/wireguard-for-macos-screenshots-febru... is pretty hilarious
[1] https://cixtor.com/?christmas
true punk!
Comic Sans MS, we meet again!
(Happy WireGuard user; using the go version on macOS for ages, using wg-quick, using the EdgeOS port on my Ubiquity router, and using the Android userspace version. Roaming simply works. Only thing which sucks is on Android the VPN gets lost when you update the software.)
How have you set it up on your phone?
EDIT: note I am interested in doing this but I'm on Android, I was under the impression you would need to root the device
This is the one you need. You only need root if you want to install the (Linux) Kernel Mod for better performance. If this isn't present the app will automatically use the Go (Userspace) implementation.
Although slower than the kernelspace implementation it's still faster and better than OpenVPN.
If you want to install the kernel mod yourself checkout this XDA thread: https://forum.xda-developers.com/android/development/wiregua...
Therefore it will become unviable for 99% of apps to be distributed outside the app store, so they won't.
I distribute an app outside the app store. It's free and open source, but not meant to be for technical users (it's art-related). I like people being able to use it, because I am a nice guy, but I also don't want to pay Apple $100/year and go through the hassle of putting it in the app store, if that would even work. My users are not going to disable SIP so if Apple continues in this way I really will be forced to put it in the app store (or more likely, abandon OSX).
Personally I'm happy to see WireGuard in the App Store, but would be concerned if Apple indeed limits the API to it. Could you elaborate on if distribution outside of the App Store is impossible?
Is there any way around this for a user? What if SIP is off?
If there's no workaround, that makes me quite uncomfortable.
I totally understand that if Apple builds and maintains a PKI-based security model, they are going to want to check your stuff before allowing you in. If, on the other hand, the user doesn't care, they can simply turn off the security model or adjust it.
A few rendering issues from the move to Metal but no KPs or major incompatibilities.
Sooner or later, things stop running. On the iOS side, I was surprised to learn you can’t run Netflix on an iOS 9 device.
I think the days of hanging on to old system versions are over.
"Extended support ends in September 2019. iTunes, in August 2020" [1]
And while High Sierra (10.13) had its quirks [for which I could understand your response, plus all non Retina only work with 10.13 as latest, officially), Mojave (10.14) has been smooth. If not only for the dark mode (finally!).
Windows 7 is currently under extended support (i.e.: critical security updates only) and that extended support ends as of January 2020. In other words: Standard end users have 11 months to migrate away from Windows 7 entirely.
There is a horrifically expensive option to purchase even further extended support from Microsoft, which a few large companies may do.
WireGuard's creator discussing OpenVPN's TUN/TAP driver and a possible alternative back in 2017[0]: The OpenVPN Windows kernel TUN/TAP driver is really super scary. That alone has a larger code base than all of WireGuard...
Key management and PKI in particular, not bulk encryption, is the hard part of IPSec (in so far as its hard), and Wireguard doesn't actually solve that. I wouldn't be surprised if someone eventually hacked Wireguard configuration management into an existing IKE daemon.
I'm looking forward to the Windows version. Thank you for taking the long and careful route with it.
I certainly hope that there are still viable workarounds at this point. But this is a step in a very dangerous direction.
[1]:https://lists.zx2c4.com/pipermail/wireguard/2019-January/003...
What WireGuard does get you is a much simpler configuration format for VPNs (IPsec is notoriously overcomplicated) and a modern set of cryptography choices (most other VPN techologies are old and come with legacy baggage, or strange TLS-like connection setup that then becomes its own thing like OpenVPN).
Wireguard is the protocol/tech, not a VPN Service Provider.
With Streisand, I only needed to choose some options and input a few credentials. 20 minutes later, Streisand had created a locked-down, self-updating box dedicated to hosting nothing but Wireguard. I deployed to a $5/month Digital Ocean droplet.
[1]: https://github.com/StreisandEffect/streisand
Streisand previously on HN: https://news.ycombinator.com/item?id=18903780, https://news.ycombinator.com/item?id=8082444
Recent enhancements to Streisand include automatic updates for Wireguard: https://github.com/StreisandEffect/streisand/issues/513#issu....
Streisand automatically installs Ubuntu security and other updates using the "unattended-upgrades" package: https://help.ubuntu.com/community/AutomaticSecurityUpdates.
Streisand's unattended-upgrades config https://github.com/StreisandEffect/streisand/blob/master/pla...
Which hosting provider is recommended for running your own wireguard server? I have tried various cloud providers like (digital ocean, google, aws etc) I noticed that Apple ID and app store does not work when traffic exits via these cloud instances. Has anyone else faced this issue? Any solutions?
It's also great if your government is spying on you.
Otherwise you just delegate the privacy issues from your ISP to the ISP of your output server.
Personally, there is no reason to run a VPN all time from your home connection.
(I also thought about setting something up for others, but this is currently 100% vapourware: http://digitalsnorkel.net/)
Downloaded the TunSafe Client and the very same config files work perfectly. Obviously I'd prefer to use the WireGuard app though, but I cannot get it to work at all sadly.
FWIW, I've tested the UI, and I very much like it, except that the whole public and private key are visible on the screen. The Android version only shows it partly (could be my resolution).
also: i do have connect on demand on.
apologies if stupid question
https://data.zx2c4.com/wireguard-for-macos-screenshots-febru...
Brings me back to the days of JavaScript Kit and Dynamic Drive
I wonder if I could use WireGuard to do the same, it appears to be much easier to set up.
https://github.com/coreos/flannel/blob/master/dist/extension...
A minor annoyance, right now the usual option that allows to forward all traffic through the vpn is missing (the os and others put everything in an advance options pane accessible via button on the main screen) and route have to be configured manually each time... please keep this in mind for the next release ;)
Edit: Very easy, you just scan the QR!
