- 07 Jun 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
VPN :: Wireguard tab
- Updated on 07 Jun 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Wireguard VPN
Wireguard is a modern open-source VPN solution that provides point-to-point and site-to-site VPN/Overlay tunnels. The protocol is already widely adopted in Public Cloud and Kubernetes deployments and is starting to be adapted in Enterprise networks. It provides an easy-to-implement and operate VPN alternative to IPSec. Due to its modern architecture, Wireguard is the ideal VPN/Overlay network for management networks, like ZPE Systems Isolated Management Infrastructure Networks (IMI).
How this Feature could be Useful?
Overlay networks are a requirement for many branch or multi-site deployments. While the main connectivity between locations might be provided through an existing infrastructure, are looking at many customers for backup connectivity in case the main connection is interrupted. In most cases, it utilizes the backup connection via a 4G/5G connection using the Public internet. Providing a secure backup network connection via the public internet requires an enterprise-grade VPN/overlay solution that is easy to maintain and operate while supporting a wide variety of connection options and limitations, including no public IP address, carrier-grade NAT, IPv4 and IPv6 support, and OSPF or BGP support.
Feature Benefits and Advantages
- Simple to implement and Operate.
- WireGuard uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. It makes conservative and reasonable choices and has been reviewed by cryptographers.
- Minimal Attack Surface.
- High Performance: A combination of extremely high-speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed. It is suitable for both small embedded devices like smartphones and fully loaded backbone routers.
- Uses RSA keys and optional PSKs for authentication.
- Roaming of End Points is an integrated part of the solution.
- Good Client support, with native Windows, MacOS, Linux, iOS, and Android support.
- Native support for tunnel interfaces to allow for Multicast traffic.
- Support for IPv6 and IPv4 over the same interface.
- Part of the Linux kernel ensures long-term support.
- Support in Nodegrid since Version 5.2.0+