| > just add performant TCP support to Wireguard But IP over TCP is in principle non-performant. There's no (non-evil) magic Wireguard could perform to get around that. Adding TCP support to Wireguard would add a whole bunch of complexity that it doesn't need – for a very niche use case (i.e. where you absolutely have to get an IP VPN to work over a restrictive firewall). > Wireguard won't do it directly, but there's hacks involving udp2raw. Which significantly does not do UDP over TCP in the problematic sense (it just masquerades UDP as TCP, without providing a second set of TCP control loops on top of the first one). > AWS killed all internet access on the instance with zero warning and sent us an email indicating that they suspected the instance was compromised and being used as part of a DDOS attack. It makes no sense for that to be due to Wireguard usage, though (not saying I don't believe you that it happened, just their explanation or your assumption of their motivation seems strange). Things like Tailscale use Wireguard and should be common enough for AWS to know about them by now, I'd assume? |
No it's not. In principle it risks meltdown, which is different. A link that occasionally breaks can be performant while it's working.