1 version=pmwiki-2.2.130 ordered=1 urlencoded=1
2 agent=Mozilla/5.0 (X11; OpenBSD amd64; rv:82.0) Gecko/20100101 Firefox/82.0
11 text=(:title IPSec, not WireGuard:)%0a%0a# OpenBSD has a native IPSec implementation: [[openbsd/iked|IKED]]. It's easy to configure%0a# Using iked will allow us to force users to import us as a certificate authority, to bypass SSL censorship%0a# WireGuard "lacks cipher and protocol agility"%0a # Many users/operating systems today lack wireguard%0a # Any users on an obsolete client will be unable to connect%0a # Unnecessarily paranoid security%0a%0a--> Imagine you have a VPN server with 200 road warrior clients somewhere out there in the world - which is a very normal use-case. If you were to change the cipher you are using from one day to the next one, you would need to upgrade your WireGuard software on all those laptops, phones, etc. at the same time. That is literally impossible. Administrators who have tried this needed months to deploy configuration changes. Sometimes even middle-sized companies need years to conduce a process like this.%0a--> Compatibility matters and although you are using some weaker cipher, for many this is no reason to shut down their business and cut off hundreds of sales people from doing their job. -- "[[https://blog.ipfire.org/post/why-not-wireguard|Why Not Wireguard]]"
13 title=IPSec, not WireGuard
14 author:1610534365=jrmu
15 diff:1610534365:1610534299:=10,11c10%0a%3c --> Imagine you have a VPN server with 200 road warrior clients somewhere out there in the world - which is a very normal use-case. If you were to change the cipher you are using from one day to the next one, you would need to upgrade your WireGuard software on all those laptops, phones, etc. at the same time. That is literally impossible. Administrators who have tried this needed months to deploy configuration changes. Sometimes even middle-sized companies need years to conduce a process like this.%0a%3c --> Compatibility matters and although you are using some weaker cipher, for many this is no reason to shut down their business and cut off hundreds of sales people from doing their job. -- "[[https://blog.ipfire.org/post/why-not-wireguard|Why Not Wireguard]]"%0a\ No newline at end of file%0a---%0a> --> Imagine you have a VPN server with 200 road warrior clients somewhere out there in the world - which is a very normal use-case. If you were to change the cipher you are using from one day to the next one, you would need to upgrade your WireGuard software on all those laptops, phones, etc. at the same time. That is literally impossible. Administrators who have tried this needed months to deploy configuration changes. Sometimes even middle-sized companies need years to conduce a process like this. -- "[[https://blog.ipfire.org/post/why-not-wireguard|Why Not Wireguard]]"%0a\ No newline at end of file%0a
16 host:1610534365=125.224.27.48
17 author:1610534299=jrmu
18 diff:1610534299:1610534284:=1,2d0%0a%3c (:title IPSec, not WireGuard:)%0a%3c %0a
19 host:1610534299=125.224.27.48
20 author:1610534284=jrmu
21 diff:1610534284:1610534284:=1,8d0%0a%3c # OpenBSD has a native IPSec implementation: [[openbsd/iked|IKED]]. It's easy to configure%0a%3c # Using iked will allow us to force users to import us as a certificate authority, to bypass SSL censorship%0a%3c # WireGuard "lacks cipher and protocol agility"%0a%3c # Many users/operating systems today lack wireguard%0a%3c # Any users on an obsolete client will be unable to connect%0a%3c # Unnecessarily paranoid security%0a%3c %0a%3c --> Imagine you have a VPN server with 200 road warrior clients somewhere out there in the world - which is a very normal use-case. If you were to change the cipher you are using from one day to the next one, you would need to upgrade your WireGuard software on all those laptops, phones, etc. at the same time. That is literally impossible. Administrators who have tried this needed months to deploy configuration changes. Sometimes even middle-sized companies need years to conduce a process like this. -- "[[https://blog.ipfire.org/post/why-not-wireguard|Why Not Wireguard]]"%0a\ No newline at end of file%0a
22 host:1610534284=125.224.27.48
