Hi all, …
I would like to know if Wireguard will ever become something more than “proof of concept”?
Will we ever have a simple way to create and track users?
Will we be able to allow users other than “administrators” to establish the connection?
Will we ever be able to protect client configuration from tampering?
If all of that will not be enabled, what is the point of speed, security, simplicity and so on…
regards
Maybe wrong place to ask? See Wireguard forums and reddit community
I do not get your point… Using Wireguard for a lot of things and it works really well.
Just keep track of user and key assignment…
I agree with the general sentiment of that posting. Wireguard’s author is proud that his project “does not have the bloat” that other VPN solutions have, but unfortunately that means it also lacks a lot of the functionality, which has to be provided by additional software and tricks.
We can only hope that it either changes when wireguard gets more adoption, or there is a widely agreed second layer “on top of” wireguard that hides these issues.
(what I am referring to is not mainly the MikroTik implementation but more the general “no bloat” principle)
First and Foremast ---- WireGuard is NOT a vpn server / client system PERIOD … WireGuard is a VPN Peer to Peer Protocol without ANY oxymoronic conversions.
A 3rd Party Tool is required to accomplish points 2,3,4 … a Tool like PRO CUTODIBUS
OR if one is smart enough produce a WireGuard Management System.
Re Your Point 1 … WireGuard is a PRODUCTION PROTOCOL that works extremely well and no longer a proof of concept … Idiots can think of WireGuard as a proof of concept.4sure.
The pro cuttybus guy gives you a share of the sales?
He is well known for recurring advertisement of commercial services (including his own) on the MikroTik Forum…
I have no affiliation with PRO CUTODIBUS of what-so-ever-nature …
I do however respect PRO CUTODIBUS and their exceptional tech team especially engineer Justin Ludwig
pe1chl, please do not feed the troll znevna whenever his obvious jealousy or some personal issue rears its ugly head.
Perhaps instead of jumping on his silly bandwagon you realize that Mozerd provided:
a. a very practical and instructive message (at least for me) of what type of VPN wireguard was designed to be
AND
b. a path to solve some of the issues that the OP originally raised.
The MT rep giNormus (although I never peaked just a rumour), even stated its not a topic germane to the MT forums, and not a problem or issue of the MT wireguard functionality.
Certainly I am sure that if there are ‘useful’ additions to the wireguard protocol that the MT RoS can provide, feel free to suggest new ideas!!!
In summary I will continue take you to task for uncalled for comments because I know you are capable of better and often have great posts, as for the other guy, lost cause, head in the sand, no point!
mozerd provided nothing, as usual.
The OPs post isn’t even aimed at MikroTik.
Pro cuttygastronomicusbus has nothing to do with MikroTik, does not manage the wireguard config of RouterOS.
Please state how pro cuttybus is related in anyway to RouterOS.
I’m not a fan of advertising private wonky closed source services in these forums.
moab, cloudsomething something, cuttybus whatever.
And I’ll always mock such posts.
mozerd is a special one, please read http://forum.mikrotik.com/t/crs112-8p-4s-in-believe-it-or-not/147776/1
You continue to display a complete lack of sense and logic.
If your basis of discussion is that the orginal post is not aimed at MT, then you have no leg to stand on regarding whether or not pro… has anything to do with RoS.
Further, the OP was outlining some shortfalls in wireguard in general, Mozerd provided a path to potentially address such things, quite reasonable.
Its clear you have a petty bias that clouds your thinking. Best to quit while your only slightly behind. 
Yes, I’ll get right on it. Stay tuned!
This a case of a network protocol looking for a solution, based on buzzwords. So if we remove the buzzwords… What’s missing here is the problem with the existing solutions?
Mikrotik steers you to L2TP and SSTP (& ironically PPTP) when you check “VPN” in QuickSet – I’d take that as MT’s recommended VPN servers. While Mikrotik’s Wireguard docs has example for “site-to-site”, this forum is replete with examples of Wireguard being “useful”. Similarly WG isn’t as useful if you need to bridge L2, why RouterOS has many protocols to solve various needs (L2TP, ZeroTier, MPLS, etc).
The simple fact is Wireguard, by design, does not concern itself with users, only keys. How someone/something want to manage the key is NOT WG’s concern/design. That’s not a defect in Wireguard, it’s a strength – it allow a variety of architectures to uses a secure efficient L3 tunnels in variety of ways, VPN client/server being one possibility. @mozard has suggested a few commercial services that make WG at least more “user friendly”, and that’s the idea behind the separation of tunnel+key from “use cases”: you can use WG as protocol anywhere, but without some layer ON TOP of WG, a “VPN client user” is dealing with keys to setup a tunnel. That may or may not work for some cases.
Hi Normis,
as for the windows client, you are right, but I believe that a lot of things could be solved in ROS.
regards
try to create 200 accounts for remote users and manage them on daily basis…
and then try the same with…PPTP, or L2TP… and you will understand
…thanks for the sympathy…
first and foremost - The first sentence on “www.wireguard.com” reads: “WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography”
so it is not intended for me to decide whether it is vpn or not
as for 2,3,4 I would expect some simple tools in ROS and Do not want any third party tool
And about point 1… i don’t know you personally and i don’t know if you’re an idiot or not but it certainly takes one to know one ..
thanks for your useless answer
exactly
thanks
Satman1w
You need to read better as well.
Mozerd did not say wireguard is no vpn, he said its not a client server model.
Everything is a peer.
I largely agree with most of your concerns but do not agree it only needs to be solved by Mikrotik/ROS.
How long did it take to have a decent windows ovpn client ?
There are even vpns existing for years were you still today need to modify registry on win to get it working.
Give it some time.
Those things will come.
I don’t know how arguing that wireguard isn’t server/client helped anyone.
Yes we know that wireguard only has peers, but some of us still think of the peer behind a cgnat or nat or double/triple nat as a “client”, and the peer to which it connects as a “server” (the one with at least a nice shiny udp port forwarded to it).
This solves nothing.
I don’t know if the wireguard config from RouterOS is completly exposed via API? I never touched that.
Because if it is, a tool could be written for this, an open source tool, just for managing wireguard.