 So, I'm here from Warm Systems. Why not WireGuard? This is a video that I'm going to be sharing my thoughts on WireGuard very specifically that our thoughts I've shared many times in my live streams. It's just harder to point sometimes to the two-hour live stream that I was rambling on about many different topics and answering people's questions to the part where I talked just about WireGuard. So, I want to do a dedicated video for my thoughts on WireGuard as people like to tag me on Twitter or message me. What's your thoughts on this, Tom? These are my thoughts, but they're also shared with Michael Tremor over here, which is the core developer over at IP Fire. I used to love IPCOP. That was one of the earlier software-based firewalls that I used. It became IP Fire. Haven't used it in a long time for those wondering. I don't really have any plans to, but boy, this actually is such a great article. And I'm also sharing it one year after it was written because I think that matters quite a bit due to the context of the article. And it's called Why Not WireGuard. And I'm not trying to tell you WireGuard is bad. I'm going to tell you all the shortcomings. Well, not all of them. I'm gonna leave that to Michael here in his article, but there are definitely shortcomings to WireGuard that I have reiterated many times. Now, let's jump to the highlight right here in the WireGuard white paper. WireGuard aims to replace both IPsec for most use cases as well as popular user space and TLS-based solutions like OpenVPN while being more secure, more performant, and easier to use. And of course, the biggest selling point of some new technology is that it's easy. VPNs also need to be performant and secure, but what else would they say here? And then Michael goes on to break down a lot of the problems that I absolutely agree with it. Things like protocol complexity and this one right here. The end user does not have to worry about the complexity of the protocol. Now, these are where those statements become very relative and subjective as opposed to objective. I mean, I can say, yes, WireGuard has less code. WireGuard is probably if I took two people and had to train them on either IPsec, OpenVPN, or WireGuard, the least amount of time would be spent training them on how to use WireGuard. That's an objective statement. The subjective of easier to use, lots of things are complex to use in our industry. We use them a lot, therefore, we get good at it. And why am I seeing it like that as if I'm putting down WireGuard? Because simplicity isn't exactly always the problem. Now, seeing WireGuard is simpler is also kind of misleading, because I can say it has way less lines of code and is easier than OpenVPN. Oh, cool, where's the user manager? Where's the LDAP authentication? Where's the authentication interact directory? You're going, well, it doesn't have any of those things. And I'm like, well, now we have a problem. And this is why OpenVPN is probably going to remain in similar VPNs for a long time, the popular standards. Because if you do not have some type of user integration, then you are now leaving it up to each individual vendor to take the time to rewrite their current system to integrate into it, because it wasn't handed to them. So this is going to slow down adoption. And this is right away what happened with PF Sense. Got the old sticker on this laptop. And PF Sense, everyone got excited and I did the video about WireGuard and then people started staring at it going, oh, it looks like that? I thought it was the easier and simpler to use. And I'm going, well, it is. But where's the user manager? Why doesn't it have a tie-in to the free radius built into PF Sense that you can use them? Like, because WireGuard doesn't have it. And even the team from NetGate were kind of answering questions about that, saying the same thing. So yeah, this is not the functionality we're going to write. Now, there are companies out there in Tailscale being one of them that seem to come up quite a bit because they're popular. I haven't used them. I don't really know much about the product other than what it does or claims to do, which is solve all those problems of the way you manage WireGuard users by putting a whole interface that uses WireGuard as the back-end protocol, but they write the whole front-end that allows all that user management and everything else, which is great. And I think we're going to see more companies doing that. But this is that fundamental issue with WireGuard of people thinking it's going to just solve all the problems without a full way to integrate it and a user management and everything else and the long tail of legacy. We're going to be connecting to systems that have long embedded IPsec because firewall companies are very slow to change things. They need a VPN. They're using IPsec. It's been around for a while. The VPN software writers are very familiar with it. They've integrated it well into their product. It's hard to get them to push away from it because it does work. And IPsec and WireGuard are relatively close in speed. It's not like you get 10 times as much speed with WireGuard over IPsec. It is faster, but it is not crazy faster. It's faster than open VPN, but still not like so many multipliers faster that it becomes someone really hammering away that we have to solve this VPN problem in order to get this faster. It's just not, there's not enough market push I don't feel for it. Now, where WireGuard is going to be the most popular and of course, I know this massive part of my audience is where most of these questions are coming from. The HomeLab and enthusiast market. There is probably a Venn diagram of HomeLab, enthusiasts and home users that also use privacy VPNs and it's just about a circle. And that's fine. And that's where, you know, there's reasons to use privacy-oriented VPNs and WireGuard is a win-win all the way around. Easier to set up, which means less tech support, faster. Well, we want our VPN to be as fast as possible, faster with less processing power. Well, that's a win-win for the providers of privacy-based VPNs because they're going, I can use less compute time, get my users connected faster and easier. So there's going to be less tech support. They're sold, they're cash in on this, which of course brings back the popularity of it. Now, I don't think any of that's a bad thing at all. It's just kind of being realistic of having one foot in a business market and another foot in being a huge tech enthusiast who uses these things and I get excited when new shiny things are there who poke at and play with. I'm definitely excited about it. But I wanted to have this video as kind of a response for people that keep asking me, will this replace OpenVPN? Will this replace IPsec? I mean, ideally, if I have two PF senses that I set up at each site and they're running the newest version that does have, which is not released as of yet, it's coming soon. It'll be here maybe by the time you're watching this video, but later in 2021, we will have PF sense with WireGuard built-in as many other firewalls are starting to integrate it in there. And if I have total control, yeah, sure, makes sense, I'll use WireGuard between those two sites. Unfortunately, I don't always get to pick what the other vendors using. We've done integrations with many medical facilities for our businesses that have a PF sense. And it turns out there's not a PF sense on the other end. I don't get to dictate what the other site is going to use sometimes. Therefore, I still have to have interoperability and I spend a lot of time solving firewall problems with IPsec and whatever's on the other end when we're using something like PF sense. That just happens. It's great when the vendors are the same, but even sometimes when the vendors are the same, they're still not as good as I think they could do the implementations. But I won't digress. Let's go and talk about this from a very common sense thing. It's going to be popular in a home lab. It's going to be popular for people that want a tinker that want fast VPNs. Is it going to take a realistically long time to get it into the vendor adoption, into the marketplace where you got big names like Fortinet, Juniper, Cisco just bundling in with their product, not endorsing those firewalls. I'm just saying they're the ones that dominate the market in terms of the larger scale. And what Cisco does, other people may follow. So it's kind of probably a matter of which one of those vendors decides to do it first. But I'm not going to really hold my breath on it because they're also, you know, slow to turn and change things, especially because there's a lot of security concerns when you start writing a new protocol. You got to be very careful, careful how you integrate it because even if the protocol itself is secure where a lot of the attacks occur is around the peripheral of that of the way it was implemented into a specific product. That's the first place you can poke whenever a new protocol is released is how was it integrated? It can be certified as secure. We know the math is good. The crypto is good that they built WireGuard on. The kernel integration code looks great. And then some vendor does something wrong with the way they integrated it. And that's how things get in. So it's kind of going to be a careful wait and see, watch people implement it and go from there. So these are my thoughts on the WireGuard. I still think it's good. I will leave this article that breaks things down in far greater detail than I did in this video. But it's just one of those videos I felt like making to answer the question every time someone says, what do you think? Will it replace OpenVPN? And this will be my reply. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos. They're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.