I think you might be surprised how straightforward an app like this would be for Wireguard, and, unlike OpenVPN, for which there are a zillion wrapper options, Wireguard really needs some non-shell-user UX love right now.
Have you considered doing a version of this for Wireguard? It's much, much better than OpenVPN.
Just skimming wireguard as this is the first I've heard of it. I haven't got time to read the entire spec tonight as it is late where I am. I see it uses a custom protocol over UDP. Do you know if this is detectable? One of the major advantages of openvpn is the ability to host an sslvpn on port 443 to not have to face any problems with filtering..just wonder if anyone knows if/how wireguard addresses this?
This comment is inexplicably downvoted; if you're going to set up a VPN for the first time and don't want to get sysadmin-level intimate with Linux networking to boot up Wireguard (surprisingly easy!), Algo is your best bet.
I feel like "here's a similar tutorial for algo, which has these advantages ..." would have received upvotes. This just looks like it's pissing on the efforts of the actual post.
This looks interesting, and I'm going to try it. Alternatively if you want something a little more lightweight but less-feature packed, there's http://www.pivpn.io
Looks cool, but FYI for those trying to remove themselves from the Google surveillance ecosystem... Outline was created by Jigsaw, an Alphabet/Google owned subsidiary. Outline could very well have the best intentions, and they likely do based on Jigsaw’s mission, but the link to Alphabet/Google should caution some people.
I had an OpenVPN server setup for the first time yesterday with a docker container, in about five minutes. This thread's app is probably very useful but I figured someone in here might be interested in the docker container. I found it at the top of google with "openvpn docker." I ended up using the thread on HN yesterday to setup wireguard instead, though. I used the ansible setup and it was a breeze as well.
Sorry for not staying on topic. VPNHome looks nifty.
Looks great, but I prefer to use native Cisco IPSec[1] so I don't have to install 3rd party applications. Works out of the box with macOS, iOS, and Android. Non-technical users can follow a tutorial and setup on their devices. It does lack some nice-to-haves such as two-factor authentication though.
Wireguard is great, but is not supported on many devices, and does not auto provision configuration files for all your devices. Please look into algo, it really is the best solution for 99% of people.
IPSEC and OpenVPN are far more dangerous than Wireguard is, so while it might be simpler for some kinds of users to boot up an OpenVPN connection, that doesn't necessarily make it the "best solution".
OpenVPN depends on TLS and basically all the code in openssl (many lines of code, not possible to audit by one person).
In a version I used, after TLS handshake it used a custom bulk data protocol and defaulted to blowfish for the crypto (these defaults might have changed since).
It runs in userspace so the speed is not good.
IPSec has better performance because it runs in the kernel, but the protocol is bad and the amount of code in the kernel is enormous, as much as all of openssl, and this cannot be audited by a single person.
Wireguard has good performance, has only ~4000 lines of code that need to be audited (designed to be audited by a single person) and uses very modern crypto.
It's pretty terrible advice for anyone who isn't running Linux on their endpoints, or non-technical users accustom to an openvpn-as or other web-bootstrapped vpn client.
While admittedly it's been a few months since I tried out the Golang userland client on OSX, the last time I did, it suffered from strange latency spikes and packet loss. I've only had luck with the Linux kernel implementation. (Which works swimmingly on my Linux and Android (self-maintained Lineage build) devices.
Wireguard is a great VPN protocol. At this point in time it is a lousy VPN solution for all but the most basic uses. Given time the necessary infrastructure to make it a great VPN solution will develop.
What's a common-case VPN problem, the kind that (say) 3 out of 5 company or personal VPN users would have, that aren't well addressed by Wireguard, other than lack of Windows support?
My two cents... (with my only experience being installing Wireguard on a RPi to get a VPN connection back to my home).
I think the biggest problem is the lack of a simple GUI process to manage the connection.
I have scripts setup to run `wg-quick up` or down hanging out in my menubar (Mac), but that's not something that I'd expect everyone to be able to do or setup themselves. However, a "Enterprise" managed environment might be able to come up with something that works. This is something that the community could fix independently.
However, (at least for Macs) the install process requires installing Homebrew, installing a package at the command line, editing a config file with strange keys, etc... This could all be GUI-fied and made less intimidating.
But, the other (probably bigger) thing for corporate use is having a company behind the protocol to be able to buy products, support contracts, etc... I mean, a company isn't going to switch from an SSL VPN to Wireguard if you can't have an outside entity to sue if things go wrong. This is something that will just take time to build up the comfort and scale.
The VPN is self-hosted, so:
1) technically yes, you can install it on your laptop and deploy VPN to any Linux or OpenBSD host
2) legally, I have no idea if your government allows you to use a VPN
A good friend is working on a similar idea, and live-streaming his process on Twitch, and doing this as a SaaS. He's calling it Ghostifi, more info below.
He's charging for this because he has some nice convenience features (like auto-rebuild server every day, week, etc), and then managing the VPS integration to make it one click rebuild anywhere in the world, etc.
Been using it for ~7-10 days and getting amazing speeds on my iPhone/Mac. Well worth the small fee he's charging for a dedicated VPN point that I can rebuild whenever on a different location.
Have you considered doing a version of this for Wireguard? It's much, much better than OpenVPN.