[datenwolf]

One would wish so!

I recently had to start using PulseSecure. For authentication that damn thing loads a full blown webpage in the background, actually executes the JavaScript therein, fills some forms and submits that via POST. There's a PulseSecure module for openconnect, but it's unable to send the keepalive reauthentications, because it's unable to correctly associate the presented form inputs with the credential fields, so I'd have enter them manually, on each keepalive.

I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there, and then desintegrates their heads, too, just to be sure.

But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.

[api]

I can tell you that as long as the crypto in WireGuard is DJB stuff that can't be FIPS certified, Cisco and Juniper and such will still do a strong VPN business and you will rarely see it in BigCo, at least in the US.

Security is largely about checking boxes to reduce liability, and FIPS is a checkbox.

Corporate IT is unbelievably conservative. It's all still about Active Directory, Windows domains, and SSL VPNs with FIPS certification and AD support.

[mschuster91]

Corp IT is still on AD as AD is literally the foundation of everything MS based. No matter if Exchange, workstations, file servers, even Office 365 - all is stored in Active Directory. Even their cloud services, even Microsoft Partner Program, it's all AD under the hood.

Sure you can use Samba / OpenLDAP / half a dozen of IMAP/SMTP servers for groupware but holy hell administering it is an utter hellhole of a mess compared to the MS offerings.

Corp IT cares about two things: retraining costs for employees and admins, and efficiency. And Apache Directory Studio just doesn't cut it compared with AD Editor.

[kazen44]

Also, AD is probably one of microsoft's best products.

It's actually rather stable, and can integrate with nearly everything.

[duelingjello]

Fun ancient fact from AD administration c. Win2k3:

AD can optionally replicate by sending email (SMTP) between sites.

[kazen44]

as far as i know this is still supported.

i know this option has existed till atleast 2008.

[samgranieri]

Humor me: What would prevent DJB's crypto from being certified by FIPS?

[tptacek]

Convincing the USG to raise Chapoly to the level of AES, thus essentially defeating the purpose of standardizing AES in the first place.

The more productive approach is to work on convincing stodgy enterprises that FIPS is a bad thing (which it is).

[api]

Bureaucratic inertia. I've been hoping for years that it'll be certified. They've talked about Curve25519 and Curve448 for a while but no movement so far. My insider sources tell me there's opposition, but I have no clue why... either the NSA prefers weaker crypto or (more likely) industry wants the status quo because they fear competition from open source superior products like WireGuard among many others.

[tptacek]

I feel like having a restricted set of algorithms in FIPS 140-2 is kind of the whole point of having things like AES in the first place. First you get everyone to agree on an algorithm, then you mandate that algorithm for your own applications. I don't expect them to budge from that, and I don't think it has anything to do with quality. At the point NIST certifies XSalsa20 as FIPS-compliant, they might as well rename it AESbis.

Industry prefers FIPS 140-2 because cryptographic expertise is extremely scarce and, prior to AES, commercial products were choc-a-bloc with broken hand-rolled cryptography. It's a rational decision to delegate selection of primitives to NIST.

I think FIPS 140-2 is aging poorly, but I think that's in part because all cryptographic standards are aging poorly; like, the whole concept: top-down standardization efforts with whole cryptosystems designed by committee have a very poor track record, and probably aren't the right vehicle to improve cryptographic soundness in the industry.

[wolf550e]

NIST FIPS 186-5 (Draft) has Ed25519.

https://csrc.nist.gov/publications/detail/fips/186/5/draft

NIST SP 800-186 (Draft) has the curve definitions. But says only for Ed25519, not for X25519. They have a Weierstrass curve W-25519 that is isomorphic to Curve25519 that might allow using X25519 code, but that's way above my ability to judge. 'tptacek or 'jedisct1 or others will know.

https://csrc.nist.gov/publications/detail/sp/800-186/draft

[tptacek]

I will definitely not know! :)

[loeg]

NIST doesn't like non-NIST ciphers.

[BrandoElFollito]

One of the reasons it is still AD is that the management of users and computers is simplified. You have several layers of admin access etc.

I use Linux since 1993 and love it. All my servers are on Linux. Managing them as a group is a nightmare. I would love to have an umbrella à la AD to have all servers and users unified inside.

[xorcist]

People regularly manage thousands of servers using Puppet or Ansible and version control. The structured text configuration files all UNIX-like software utilize makes this trivial.

The strengths of AD are more related to client software, where many of them uses the policy mechanisms therein for management. Maintaining servers isn't what it does best.

This is a large part of the reason why "the cloud" is pretty much Linux native.

[BrandoElFollito]

I use ansible and salt to provision servers. It works great.

It has limited to no use to manage users and their passwords or authorizations, their control over machines, remote access to a share and zillons other usages you need specialized software for. AD has it all natively.

[xorcist]

People with large environments that needs to be managed homogenously would beg to differ. How else would people manage these things large scale? It's exactly the kind of functionality that this software provides. Expressing rules in code might be radically different to someone used to a product like AD, but the learning curve is pretty quick and it is inherently more powerful.

[BrandoElFollito]

I do not know about products for large environments. Our is arguably medium (around 10,000 servers) and we use solutions where each does its thing, without any reasonable cooperation between the solutions:

- users management? NIS

- configuration management? ansible / salt

- machines management? none (we use a homebrew system based off salt)

- shared storage? NFS

- policies? salt or ansible if they are common to groups of machines, or NIS if for people

etc.

I would love to have a unified tool (similar to what Zen was trying to do 20 years ago) but I do not know any. What AD does for Windows is nice (though I do not use Windows servers but I see their management from the side), Linux was intended to be standalone and this is what there are so many specialized, but disconnected management systems.

[thequailman]

WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.

If security companies adopt WireGuard, expect things like PulseSecure to remain as a wrapper around WireGuard. They'll at least standardize on a performant and verifiable VPN solution.

[datenwolf]

There are (at least) two pieces to WireGuard. The wireguard "wire" protocol itself, which is implemented in the kernel. And the authentication and key exchange, that are done by userspace tools.

Right now there exist the "default" tools, which require a manual exchange of key pairs and do only very rudimentary user mapping and authorization.

However: It is perfectly possible to implement much more complex authorization schemes, with all the two step auth, logging, etc. you desire. Somebody has to write the tools for that, still. But the nice thing is, that this is a pretty much independent task, which you could do over any transport/protocol you desire (HTTPS, SSH, custom made, etc.).

An idea I've had for a longer time, but don't have the time to actually invest developing it, is using wireguard for a pure IPv6 mesh VPN.

- The ULA network part would be the key-id (lower bits) of the mesh public key (i.e. with knowledge of the mesh private key you can join the mesh), used for the mesh setup.

- The Host part would be each individual host's key-id (again lower bits of the public key).

Since wireguard uses Cryptokey Routing (https://www.wireguard.com/#cryptokey-routing) this would directly map.

[flas9sd]

If you haven't already, you should give Yggdrasil (https://github.com/yggdrasil-network/yggdrasil-go/blob/maste...) a read.

> IP addresses are derived from cryptographic keys, to reduce the need for public key infrastructure

[inetknght]

> WireGuard is actually pretty awful from an IT security org perspective. There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures. Additionally, there is no concept of two step auth, so if your key is compromised, anyone can connect without anyone knowing about the compromise.

WireGuard's open source. Also you should bring these points up on the mailing lists. Even if you're not the one who writes it, mentioning it should put it on peoples' radar.

[vetinari]

As you noted, Wireguard is only a part of what makes the current VPN solutions.

But that does not mean that it will stay that way. There's already effort at wg-dynamic, for dynamic allocation of ip addresses (as opposed to static allocation, which is current status quo in wireguard).

Later, it might be worth of effort to try running 802.1x over wireguard for authentication and accounting.

[ssebastianj]

> There are no logs when someone connects or is trying to connect, so auditing or troubleshooting becomes extremely difficult short of packet captures.

I'm wondering if this would be a use case for eBPF

[olah_1]

See this comment here https://news.ycombinator.com/item?id=21742178

[samgranieri]

Apologies for sounding flippant: this sounds like a good opportunity for someone to build tools that use wireguard as a foundation to achieve what you want.

[fairramone]

I tend to agree with this statement. I have been tracking WireGuard as a potential replacement for PulseSecure and it's a far ways off. We need 2FA and SAML support along with dynamic address assignment and logging before we can make the case to replace PulseSecure.

[viraptor]

> I can only hope that WireGuard is going to drive a solid piece of hardwood through every "commercial grade" VPN appliance out there

I'm not sure that will happen. I mean, we had multiple solutions very close to what wg provides already. They're not as trivial to configure, but it would definitely be easier than creating a custom java applet instead.

Whatever makes enterprise VPN so bad, it doesn't seem to be the availability of better tech.

[Hikikomori]

Currently looking at new vpn solutions where I work. Would like to use WG but it's just not suitable for a corporate environment (and neither is openvpn really, though we use it today), and it likely never will be because of how its designed (not a bad thing).

I've used it privately for a while and it is much better than anything else.

[close04]

> But given the inertia of big orgs, and the that public and governmental institutions for one reason or another seem to trust "BIG" names with "BIG" (i.e. bloated) products and marketing more, than small, easily auditable stuff, I don't see it happening… sadly.

This might quite literally be F5’s reasoning behind their BIG-IP Edge VPN client. :)