Security of WireGuard
This may seem an off question, so I apologize if I'm showing my ignorance here.
With OpenVPN, a connection is constant once connected. With WireGuard, a handshake occurs every few minutes to establish keys.
During this handshake, is there a split second that might occur where the tunnel is no longer active and traffic might not go across the VPN?
I'm trying to optimize security here. I love WireGuard's speed, but I want to ensure that as close to 100% as possible goes across the VPN (including DNS lookups). Maybe I'm reading into the tunneling and handshakes too much.
jimp Rebel Alliance Developer Netgate last edited by
OpenVPN isn't necessarily "constant" in that way, it occasionally has to renegotiate as well.
WireGuard does not work the way you imply. It is for all intents and purposes connectionless. There may be a handshake but it's completely transparent. The VPN is always "active" and any packet that tries to use it will handle that negotiation in the background if it hasn't had a recent handshake and so on.
There isn't any sense of it being "disconnected" where traffic would take some other path.