Hacker News new | ask | show | jobs
by eeZah7Ux 2424 days ago
Complexity is the n.1 enemy of security and IPsec is horribly complex.

Wireguard is very lean and simple.
1 comments
kazen44 2424 days ago
ipsec is complex because it can be used in a LOT of situations.

can wireguard do tunnel state detection? Can i do a hub and spoke topology with wireguard? or auto-vpn?

ipsec is complex because it is mainly designed as a tunnel protocol with encryption. (site-to-site), compared to the "road warrior" setup wireguard seems more useful for.

link
labawi 2422 days ago
Things you can't do with wireguard (unless you use workarounds like iptables, etc):

* bind a tunnel to a certain interface/ip

* use same port for different tunnels (with same ip or separate iface/ip)

* specify a fixed peer ip/port (or network, interface to use)

* use tunnel in tunnel (with kernel implementation, unless you get creative)

link
eeZah7Ux 2423 days ago
Yes to all the questions.
link