Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Security of WireGuard

    WireGuard
    2
    2
    141
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      ericnix last edited by

      This may seem an off question, so I apologize if I'm showing my ignorance here.

      With OpenVPN, a connection is constant once connected. With WireGuard, a handshake occurs every few minutes to establish keys.

      During this handshake, is there a split second that might occur where the tunnel is no longer active and traffic might not go across the VPN?

      I'm trying to optimize security here. I love WireGuard's speed, but I want to ensure that as close to 100% as possible goes across the VPN (including DNS lookups). Maybe I'm reading into the tunneling and handshakes too much.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        OpenVPN isn't necessarily "constant" in that way, it occasionally has to renegotiate as well.

        WireGuard does not work the way you imply. It is for all intents and purposes connectionless. There may be a handshake but it's completely transparent. The VPN is always "active" and any packet that tries to use it will handle that negotiation in the background if it hasn't had a recent handshake and so on.

        There isn't any sense of it being "disconnected" where traffic would take some other path.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 4
        • First post
          Last post