Hacker News new | past | comments | ask | show | jobs | submit login

I see a lot of technologies being talked about that I've not heard of - what's the difference between WireGuard and StrongSwan - do they fulfil different purposes?

Or did Algo use StrongSwan and now uses Wireguard?!




strongSwan is a mainstream IPSEC implementation.

OpenVPN is its own protocol, using TLS as a control channel.

WireGuard is also its own protocol, based on Noise.

strongSwan has cryptography designed in the 1990s. OpenVPN relies on TLS, which for all intents and purposes is also 15-20 years old. WireGuard is modern, with a design that comes from Signal Protocol's cryptographer.

strongSwan and OpenVPN have gigantic C codebases. WireGuard's kernel implementation is just 4500 lines of carefully designed code.

You should use WireGuard if you can.


Can we use WireGuard on iOS yet?

Thanks for the clarifications, by the way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: