| ▲ | tetha 5 days ago | |
Having run servers on OpenVPN, IPSec and Wireguard.. Wireguard is very mundane software. I still get the chills at the deep and arcane configuration litanies you have to dictate over calls to get a tunnel configured. And sometimes, if you had to integrate different implementations of IPSec with each other, it just wouldn't work and eventually you'd figure out that one or two parameters on one side are just wrong. And if you don't want to manage IPTables/nftables manually to firewall the traffic from the VPN (which is ugly, I agree), ufw or firewalld introduced forwarding rule management (route, and policies) recently. | ||
| ▲ | throitallaway 5 days ago | parent | next [-] | |
Yes, the initial setup and troubleshooting of IPSec can be a nightmare. I've spent hours on bridges with people getting it up and running properly. Wireguard is a damn simple breath of fresh air. There's so little to configure and go wrong. The mental model took a little bit of time click for me (every endpoint is a peer, it's not client/server) but after that it was a breeze. | ||
| ▲ | icedchai 5 days ago | parent | prev [-] | |
Wireguard is so much simpler than those other options. IPSec is a mess. | ||