[twarge]

wireguard on windows and linux are extraordinarily solid at my org.

However, we have a lot of difficulty with macOS, seemingly with rather basic OS-level bugs that don't seem to be their fault: the big one is that a wireguard profile distributed by MDM for a system seems to work for the logged in user, but not for any other user. Seems to be a keychain issue.

While I don't expect any support, there does not seem to be a system to support getting pull requests reviewed and mainlined (including a PR that might address my need). Even tried IRC.

[ekropotin]

Interestingly enough, Tailscale, that is build on top of Wireguard, work flawlessly on Mac.

[simfree]

Not really, I always have to choose an exit node for Tailscale to allow me internet access on Mac while connected to a Tailnet on cellular.

[Incipient]

Do you deploy a script per-user with mdm/intune to set up the wireguard tunnel whenever someone initially logs into a laptop?

I've investigated a few options for non-admin wireguard on Windows and it's all pretty messy.