What is WireGuard, is it a new protocol? Or a new algorithm for implementing an existing thing? (Or something else)

wireguard is a VPN technology that is now integrated into the Linux kernel, and is available on all major platforms.

It distinguishes itself from other VPNs by not having knobs to twiddle. Should a security issue arise, it will be necessary to replace it with a wireguard2 or such. This also means that it's very hard to get it wrong in config; either it works or it doesn't, and if it doesn't, you haven't got it working yet.

It's very fast and very nice to work with.

Sesse__

Wireguard is pretty much half of what you'd expect from a VPN. It does the low-level part (encryption, packetization, session setup, NAT traversal, etc. -- the “actual VPN”) brilliantly, but everything around key distribution is left to external systems. (Tailscale is a popular choice, but by no means the only one.) E.g., you can't connect to vpn.example.com with user foo and password bar and that's it; there needs to be an Ed25519 public/private keypair set up on both sides, an IP address range (essentially a routing table), and so on.

Of course, if you want to connect two static networks, wg-quick is all you need. But for the typical “remote worker VPN”, it's pretty much a (great) building block.

nemosaltat

I’ve been begrudgingly using Tailscale because it’s so damn simple, but hate that I have to authenticate through Google. I recently noticed they’ve added a “sign in with GitHub option,” but I don’t see any easy way to migrate my account (and nodes). Many of the clients are PiHoles I’ve sent off to my family as gifts, so physical access is a PITA. The only way I’ve found to reliably clear the Tailscale settings is to `apt purge Tailscale`, which would cause me to lose Tailscale SSH access. Looking at the hassle of the remote reinstall- I’m thinking to SSH in with Tailscale, then establish a reverse SSH tunnel to maintain remote access - I think I may finally give Innernet [0] a go.

[0] https://github.com/tonarino/innernet