VPNs are hitting the mainstream with the spread of work from home, caused by coronavirus. I am personally a major fan of remote work, and am glad the virus is finally pushing conservative corporations to embrace and adapt to the technology.
Stackoverflow had an interesting article on scaling their OpenVPN to embrace their masses of remote workers. You can read that here. OpenVPN is open-source, which is rather cutting edge for large companies to embrace. I however, recently adopted something even more cutting edge: Wireguard, migrating my server from using OpenVPN to this new Wireguard standard.
And is was amazing!
For starters, it only took me about two hours, start to finish, to setup a system and add clients for my phone/laptops. That starting fresh, with no initial familiarity with the software. Compare that to setting up my previous OpenVPN system, which took about 10 hours. Another critical difference is that with OpenVPN, the number of steps and options left me feeling insecure about the process, very worried about exposing insecurities. Wireguard is pretty bare-bones, and that means I have some moderate hope of understanding it (the source code has 4,000 lines of code vs 400,000 for OpenVPN, for one startling comparison). Wireguard also uses more modern and advanced security measures.
If you are a user like me, running a single VPN server with limited experience and limited use, Wireguard is very clearly the best choice to deploy.
- Easy to setup (and no doubt will only get easier as it gets more polished)
- Faster Network Traffic
- More Secure
- Integration with Linux Kernel
- Lack of functionality
- Generally newer and less mature
Fun fact, Wireguard traces its origins to a data extraction tool used in penetration testing.