WireGuard has finally landed in FreeBSD

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Wireguard Openbsd wireguard-vpn Edgeos Ubiquiti

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • src

    Read-only git conversion of OpenBSD's official CVS src repository. Pull requests not accepted - send diffs to the tech@ mailing list.

    • I think the claim might be related to openbsd's claim on their website:

    > Only two remote holes in the default install, in a heck of a long time!

    https://www.openbsd.org/

    I remember a time when it was zero, not two.

  • wireguard-vyatta-ubnt

    WireGuard for Ubiquiti Devices

    • I have a hard time understanding your argument.

    First, there isn't even anything to configure in WireGuard where Ubuntu's defaults could be better than anyone else's (https://www.wireguard.com/), so it can't be that.

    It sounds to me like you think that there is an OS that has "open CVEs" against their default install of WireGuard. Could you mention which one it is? There were issues with the old (unofficial) FreeBSD implementation, sure. But that's the only out of the many OSs supported by WireGuard. All the others weren't affected, so it doesn't make Ubuntu special. Especially so, since Ubuntu's WireGuard is the one included in the Linux kernel. Every other Linux distro is using the same.

    Also, what does "open CVE" mean?

    Does it mean that there is a CVE, but no patch has been released? It can't mean that, since there aren't any CVEs for any WireGuard related things that don't have a patch (https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=wireguard).

    In the above link you can see that there are no CVEs affecting official WireGuard implementations. There was CVE-2019-9461, which affected all VPNs on Linux (https://seclists.org/oss-sec/2019/q4/122). But if you count that as an issue in WireGuard, "no open CVE" can't mean that there's no CVE at all for the WireGuard implementation that Ubuntu uses.

    I really don't get what you're trying to say. It might be that Ubuntu has awesome defaults. But "there are no open CVEs against the default install of WireGuard on Ubuntu" is not an argument that makes Ubuntu stand out or for what Canonical did anything special.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • src

    Automatic conversion of the NetBSD src CVS module, use with care. Please submit bugs/changes via https://gnats.netbsd.org (by NetBSD)

    • If anyone wants to review the NetBSD implementation, see:

    https://github.com/NetBSD/src/blob/trunk/sys/net/if_wg.c

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts