PostUp/PreUp/PostDown/PreDown Dangerous?

Matthias Urlichs matthias at urlichs.de
Fri Jun 22 17:14:31 CEST 2018


On 22.06.2018 15:08, Jacob Baines wrote:
> Excuse my speaking in generalities but a majority of users aren't
> going to understand how OpenVPN works, let alone how the configuration
> file affects the program.

Fortunately, WireGuard is a lot more approachable. All you really need
is a basic understanding of PK crypto, i.e. you need a private key for
yourself and the public key of whoever you want to talk with, both of
which can be generated with very simple commands. You can learn how to
set it up in half an hour.

In contrast, understanding SSL and OpenVPN well enough to be able to
generate a config file, let alone know how to debug it, takes a day –
and then you don't know how to debug it. With WireGuard you need to
answer three questions – do the endpoints see each others' packets? do
the public keys match? are the remote IP addresses correct (plus routed
to the WG network interface, not filtered, etc.)? If "yes", it'll work.
Dead simple.

-- 
-- Matthias Urlichs



More information about the WireGuard mailing list