Hoping this will will have a pervasive effect like https in the networking world, esp for point to points that glue things together behind the scene. Encrypt all the things!
I recently had to start using PulseSecure. For authentication that damn thing loads a full blown webpage in the background, actually executes the JavaScript therein, fills some forms and submits that via POST. There's a PulseSecure module for openconnect, but it's unable to send the keepalive reauthentications, because it's unable to correctly associate the presented form inputs with the credential fields, so I'd have enter them manually, on each keepalive.
I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there, and then desintegrates their heads, too, just to be sure.
But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.
I can tell you that as long as the crypto in WireGuard is DJB stuff that can't be FIPS certified, Cisco and Juniper and such will still do a strong VPN business and you will rarely see it in BigCo, at least in the US.
Security is largely about checking boxes to reduce liability, and FIPS is a checkbox.
Corporate IT is unbelievably conservative. It's all still about Active Directory, Windows domains, and SSL VPNs with FIPS certification and AD support.
Corp IT is still on AD as AD is literally the foundation of everything MS based. No matter if Exchange, workstations, file servers, even Office 365 - all is stored in Active Directory. Even their cloud services, even Microsoft Partner Program, it's all AD under the hood.
Sure you can use Samba / OpenLDAP / half a dozen of IMAP/SMTP servers for groupware but holy hell administering it is an utter hellhole of a mess compared to the MS offerings.
Corp IT cares about two things: retraining costs for employees and admins, and efficiency. And Apache Directory Studio just doesn't cut it compared with AD Editor.
Bureaucratic inertia. I've been hoping for years that it'll be certified. They've talked about Curve25519 and Curve448 for a while but no movement so far. My insider sources tell me there's opposition, but I have no clue why... either the NSA prefers weaker crypto or (more likely) industry wants the status quo because they fear competition from open source superior products like WireGuard among many others.
I feel like having a restricted set of algorithms in FIPS 140-2 is kind of the whole point of having things like AES in the first place. First you get everyone to agree on an algorithm, then you mandate that algorithm for your own applications. I don't expect them to budge from that, and I don't think it has anything to do with quality. At the point NIST certifies XSalsa20 as FIPS-compliant, they might as well rename it AESbis.
Industry prefers FIPS 140-2 because cryptographic expertise is extremely scarce and, prior to AES, commercial products were choc-a-bloc with broken hand-rolled cryptography. It's a rational decision to delegate selection of primitives to NIST.
I think FIPS 140-2 is aging poorly, but I think that's in part because all cryptographic standards are aging poorly; like, the whole concept: top-down standardization efforts with whole cryptosystems designed by committee have a very poor track record, and probably aren't the right vehicle to improve cryptographic soundness in the industry.
NIST SP 800-186 (Draft) has the curve definitions. But says only for Ed25519, not for X25519. They have a Weierstrass curve W-25519 that is isomorphic to Curve25519 that might allow using X25519 code, but that's way above my ability to judge. 'tptacek or 'jedisct1 or others will know.
One of the reasons it is still AD is that the management of users and computers is simplified. You have several layers of admin access etc.
I use Linux since 1993 and love it. All my servers are on Linux. Managing them as a group is a nightmare. I would love to have an umbrella à la AD to have all servers and users unified inside.
People regularly manage thousands of servers using Puppet or Ansible and version control. The structured text configuration files all UNIX-like software utilize makes this trivial.
The strengths of AD are more related to client software, where many of them uses the policy mechanisms therein for management. Maintaining servers isn't what it does best.
This is a large part of the reason why "the cloud" is pretty much Linux native.
I use ansible and salt to provision servers. It works great.
It has limited to no use to manage users and their passwords or authorizations, their control over machines, remote access to a share and zillons other usages you need specialized software for. AD has it all natively.
People with large environments that needs to be managed homogenously would beg to differ. How else would people manage these things large scale? It's exactly the kind of functionality that this software provides. Expressing rules in code might be radically different to someone used to a product like AD, but the learning curve is pretty quick and it is inherently more powerful.
WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.
If security companies adopt WireGuard, expect things like PulseSecure to remain as a wrapper around WireGuard. They'll at least standardize on a performant and verifiable VPN solution.
There are (at least) two pieces to WireGuard. The wireguard "wire" protocol itself, which is implemented in the kernel. And the authentication and key exchange, that are done by userspace tools.
Right now there exist the "default" tools, which require a manual exchange of key pairs and do only very rudimentary user mapping and authorization.
However: It is perfectly possible to implement much more complex authorization schemes, with all the two step auth, logging, etc. you desire. Somebody has to write the tools for that, still. But the nice thing is, that this is a pretty much independent task, which you could do over any transport/protocol you desire (HTTPS, SSH, custom made, etc.).
An idea I've had for a longer time, but don't have the time to actually invest developing it, is using wireguard for a pure IPv6 mesh VPN.
- The ULA network part would be the key-id (lower bits) of the mesh public key (i.e. with knowledge of the mesh private key you can join the mesh), used for the mesh setup.
- The Host part would be each individual host's key-id (again lower bits of the public key).
> WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.
WireGuard's open source. Also you should bring these points up on the mailing lists. Even if you're not the one who writes it, mentioning it should put it on peoples' radar.
As you noted, Wireguard is only a part of what makes the current VPN solutions.
But that does not mean that it will stay that way. There's already effort at wg-dynamic, for dynamic allocation of ip addresses (as opposed to static allocation, which is current status quo in wireguard).
Later, it might be worth of effort to try running 802.1x over wireguard for authentication and accounting.
> There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures.
I'm wondering if this would be a use case for eBPF
Apologies for sounding flippant: this sounds like a good opportunity for someone to build tools that use wireguard as a foundation to achieve what you want.
I tend to agree with this statement. I have been tracking WireGuard as a potential replacement for PulseSecure and it's a far ways off. We need 2FA and SAML support along with dynamic address assignment and logging before we can make the case to replace PulseSecure.
> I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there
I'm not sure that will happen. I mean, we had multiple solutions very close to what wg provides already. They're not as trivial to configure, but it would definitely be easier than creating a custom java applet instead.
Whatever makes enterprise VPN so bad, it doesn't seem to be the availability of better tech.
Currently looking at new vpn solutions where I work. Would like to use WG but it's just not suitable for a corporate environment (and neither is openvpn really, though we use it today), and it likely never will be because of how its designed (not a bad thing).
I've used it privately for a while and it is much better than anything else.
> But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.
This might quite literally be F5’s reasoning behind their BIG-IP Edge VPN client. :)
But outside of DNS (and agree that’s a big outside), aren’t pretty much all major protocols already encrypted these days? SMB2 was the last big one I could think to but SMB3 has (optional) encryption.
Apart from DNS, the destination address on each packet leaks a lot of information about which online properties you are accessing. A determined attacker may even be able to figure out exactly which webpage you are on, based on the size of the packets and the order in which you connect to various addresses. Using a good VPN helps obfuscate a lot of that metadata.
Whether you can actually trust an HTTPS site or an IMAP connection when you're in a hotel in China is another problem that a VPN can solve. The CA infrastructure is ridiculously fragile, especially now that HPKP is dead in the water.
You should encrypt DNS. DPRIVE standardised DNS over HTTPS or if wrapping yet more things inside HTTP makes you want to vomit DNS over TLS directly. You can use it today.
I recently had to start using PulseSecure. For authentication that damn thing loads a full blown webpage in the background, actually executes the JavaScript therein, fills some forms and submits that via POST. There's a PulseSecure module for openconnect, but it's unable to send the keepalive reauthentications, because it's unable to correctly associate the presented form inputs with the credential fields, so I'd have enter them manually, on each keepalive.
I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there, and then desintegrates their heads, too, just to be sure.
But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.