Feature Request: Wireguard
CompletedRequest the consideration of wireguard to be added to VPN options. Wireguard is far more performant and light weight on small IoT devices. Would work with Streisand to provide a complete cloud based VPN solution for privacy and security. It is extremely easy to implement.
-
I failed to understand how you used the VPN function. the VPN function is to have the Firewalla app establish a vpn tunnel to your Firewalla device. Clever feature. I thought it was for anonymity VPN service such as that provided https://www.azirevpn.com/wireguard. I still think it could be an advanced option but the boxes need to bring up the CPU a lot more if you want to run VPN throughput equivalent to your Bro throughput.
-
I was looking at the features and anti-features of Algo VPN (a cloud VPN) and noticed that they call OpenVPN a "risky server."
They use WireGuard.
Edit: Upon further investigation, WireGuard states the code is not complete yet and "has not undergone proper degrees of security auditing and the protocol is still subject to change."
It does look promising though.
-
@Wacey Wireguard still needs maturity and thorough security auditing but for basic obfuscation similar to Algo's and Streissand's business modesl, it is more then acceptable. For its performance it is very choice for this device and usage model. IPSec/L2tp would be an acceptable protocol suite for mobile devices since they typically have hardware accelerated crypto but IPSec is a nightmare and not as fast.
-
If I may make a suggestion, can we still preserve the option to choose classic OpenVPN even if you decide to switch to wireguard?
the second is definitely very interesting from a security and performance point of view but it is also so new that we might face incompatibility issues (similar to TLS 1.3) -
Might be a bit off-topic, but I just want to say that Firewalla support is absolutely fantastic. The interaction with your customers is also one I have not seen with any other security focused company. Keep it up!
Besides that: cannot wait for WG to get integrated. The minute it does I will install it on all my phones and route all traffic throug Firewalla :)
-
I like Wireguard too but keep in mind some ISPs are throttling UDP traffic that isn't DNS, like mine... I tried changing ports, eventually using a Linode to test my suspicions. Some use DPI to ensure it's not DNS traffic and still throttle. Just something to be aware of.
Aside from using port 53 for the Wireguard traffic, lol, not sure how you'd overcome that.
-
Yeah, thank you from me as well! I now use WireGuard VPN for default on all our phones too. Do not even notice it!
I did have some issues getting it to work though. For some reason the DNS server was set to a wireguard address (10.something). I could get a VPN tunnel, but no internet trough it. After changing the DNS in the WireGuard settings to my Firewall address I had no more issues. Has this been fixed, or was I the only one with this issue?
-
@Mark. Thanks for the feedback. Can you please send an email to help@firewalla.com so that we can help check if there is any misconfiguration on the wireguard server?
-
@Mark,
This maybe because the app configured WireGuard DNS server incorrectly when setting up WireGuard. Using Firewalla IP can bypass the problem.
Do you use iOS or Android?
Would you mind sending email to help@firewalla.com? we can help check the problem on the box to confirm the root cause.
Please sign in to leave a comment.
Comments
33 comments