Interesting. I wonder if it re-creates the connection each time you login.
The biggest issue I have with Wireguard is that it's not set up for Roadwarriors. If you have an endpoint with a dynamic IP address (like your home router), but you give wireguard a DNS name, it doesn't store the DNS name. It only stores the resolved IP address.
The official solution is a script they have in their contrib repo that you stick in cron and it scans for changes and resets the endpoint if your DNS changes.
Wireguard also can't bind to a specific adapter on a multi adapter server. Since it doesn't respond with anything with unauthenticated packets, the official solution is that is shouldn't matter. Just iptables on everything and only accept packets on the adapter you want public.
The problem is, the egress packets will just go over the default adapter, so now you have incoming and outgoing packets taking different routes.
Overall thought, I like wireguard way more than OpenVPN. They still need to fix those and other issues though.
I setup Wireguard using Algo on a home server I kept behind a home router with no problems. It was definitely a dynamic IP because Comcast doesn't provide static IPs for residential connections.
Am I misunderstanding the limitation you're claiming?
> It was definitely a dynamic IP because Comcast doesn't provide static IPs for residential connections.
In my experience, Comcast IPs aren't contractually static, but they very rarely change. Months or years of having the same IP doesn't seem to be uncommon.
I've had the same IP address with Comcast for 5+ years. That includes moving to a different city and multiple different modems. Only thing that has stayed consistent is my router.
I think the question is — does it still work when you get a new IP from Comcast? Even if you don’t have a static IP, your Comcast IP probably doesn’t change all that often. If WG stores the resolve IP instead of a dynamic dns domain name, you’d eventually have issues.
I’m in the same boat, but my ISP almost never changes IPs.
I have configured a box with Wireguard listening on it, put a dynamic DNS updater on it, and gave it to my parents (they have a different ISP than I do). My .conf file had a DNS name as the peer, and it has worked just fine since it was installed. I don't know what issue GP is referring to; maybe an old version of wg-quick or something?
The biggest issue I have with Wireguard is that it's not set up for Roadwarriors. If you have an endpoint with a dynamic IP address (like your home router), but you give wireguard a DNS name, it doesn't store the DNS name. It only stores the resolved IP address.
The official solution is a script they have in their contrib repo that you stick in cron and it scans for changes and resets the endpoint if your DNS changes.
Wireguard also can't bind to a specific adapter on a multi adapter server. Since it doesn't respond with anything with unauthenticated packets, the official solution is that is shouldn't matter. Just iptables on everything and only accept packets on the adapter you want public.
The problem is, the egress packets will just go over the default adapter, so now you have incoming and outgoing packets taking different routes.
Overall thought, I like wireguard way more than OpenVPN. They still need to fix those and other issues though.