Production usage of Wireguard

Production usage of Wireguard

[Ferris Ellis]

[-- Attachment #1: Type: text/plain, Size: 675 bytes --]

Hello Wireguard mailing list!

I have been very interested in the WireGuard project for a little while now
and am in the process of evaluating it. While benchmarks and code reviews
are useful, they don’t uncover many of the issues that can potentially wake
one up at 3am. I’d hunted around on the web for a while but wasn’t able to
find any articles on running WireGuard in a production environment. I know
the project is still young but was wondering if anyone on the mailing list
had started using WireGuard in production? And, if so, if they’d be willing
to share some details about their use case and experience?

Cheers,
Ferris

-- 
Ferris Ellis

[-- Attachment #2: Type: text/html, Size: 932 bytes --]

Re: Production usage of Wireguard

[Jonathon Fernyhough]

[-- Attachment #1.1: Type: text/plain, Size: 706 bytes --]

On 06/11/17 21:41, Ferris Ellis wrote:
> I know the project is still young but was
> wondering if anyone on the mailing list had started using WireGuard in
> production? And, if so, if they’d be willing to share some details about
> their use case and experience?
> 

I use on on several high-traffic web servers to secure backend
communication to a separate Redis instance.

It's configured as a mesh to remove any reliance on a single WireGuard
"server" node (that is, each server knows the endpoint and single
allowed IP of each of the others).

It has worked without issue since deployment (March 2017). It's easily
one of the most satisfying layers I've added to any stack.


J


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: Production usage of Wireguard

[Greg KH]

On Mon, Nov 06, 2017 at 09:41:18PM +0000, Ferris Ellis wrote:
> Hello Wireguard mailing list!
> 
> I have been very interested in the WireGuard project for a little while now
> and am in the process of evaluating it. While benchmarks and code reviews
> are useful, they don’t uncover many of the issues that can potentially wake
> one up at 3am. I’d hunted around on the web for a while but wasn’t able to
> find any articles on running WireGuard in a production environment. I know
> the project is still young but was wondering if anyone on the mailing list
> had started using WireGuard in production? And, if so, if they’d be willing
> to share some details about their use case and experience?

There are at least two companies offering Wireguard as a VPN service
"commercially" right now, so it is being used in that manner already.

But as "production environment" always means different things for
different people, perhaps only you can answer this question?  What would
it take for _you_ to be comfortable with it in your network environment?

thanks,

greg k-h

Re: Production usage of Wireguard

[Outback Dingo]

On Tue, Nov 7, 2017 at 10:38 AM, Greg KH <gregkh@linuxfoundation.org> wrote=
:
> On Mon, Nov 06, 2017 at 09:41:18PM +0000, Ferris Ellis wrote:
>> Hello Wireguard mailing list!
>>
>> I have been very interested in the WireGuard project for a little while =
now
>> and am in the process of evaluating it. While benchmarks and code review=
s
>> are useful, they don=E2=80=99t uncover many of the issues that can poten=
tially wake
>> one up at 3am. I=E2=80=99d hunted around on the web for a while but wasn=
=E2=80=99t able to
>> find any articles on running WireGuard in a production environment. I kn=
ow
>> the project is still young but was wondering if anyone on the mailing li=
st
>> had started using WireGuard in production? And, if so, if they=E2=80=99d=
 be willing
>> to share some details about their use case and experience?
>
> There are at least two companies offering Wireguard as a VPN service
> "commercially" right now, so it is being used in that manner already.
>
> But as "production environment" always means different things for
> different people, perhaps only you can answer this question?  What would
> it take for _you_ to be comfortable with it in your network environment?

FreeBSD kernel module :) and Im all in....

>
> thanks,
>
> greg k-h
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard

Re: Production usage of Wireguard

[Fredrik Strömberg]

On Tue, Nov 7, 2017 at 10:38 AM, Greg KH <gregkh@linuxfoundation.org> wrote=
:
> On Mon, Nov 06, 2017 at 09:41:18PM +0000, Ferris Ellis wrote:
>> Hello Wireguard mailing list!
>>
>> I have been very interested in the WireGuard project for a little while =
now
>> and am in the process of evaluating it. While benchmarks and code review=
s
>> are useful, they don=E2=80=99t uncover many of the issues that can poten=
tially wake
>> one up at 3am. I=E2=80=99d hunted around on the web for a while but wasn=
=E2=80=99t able to
>> find any articles on running WireGuard in a production environment. I kn=
ow
>> the project is still young but was wondering if anyone on the mailing li=
st
>> had started using WireGuard in production? And, if so, if they=E2=80=99d=
 be willing
>> to share some details about their use case and experience?
>
> There are at least two companies offering Wireguard as a VPN service
> "commercially" right now, so it is being used in that manner already.
>

Hi everyone,

We (Mullvad) use it in production on a bunch of our servers. Here's a
blog post I wrote about it that might be of interest to you Ferris:
https://mullvad.net/blog/2017/9/27/wireguard-future/

> But as "production environment" always means different things for
> different people, perhaps only you can answer this question?  What would
> it take for _you_ to be comfortable with it in your network environment?

I second Greg's question. What are your criteria?

Cheers,
Fredrik Str=C3=B6mberg

Re: Production usage of Wireguard

[William Öling]

Hello,

We run WireGuard in production for a sizable user base. We've had no proble=
ms with it at all so far. However, we'd like to create problems as a means =
of finding any latent bugs, so yesterday we opened up our service for free,=
 so we can get more people toasting our servers.

Check out https://www.azirevpn.com/wireguard if anybody wants to put some b=
andwidth through our pipes.

Br,
William, AzireVPN

----- Original Message -----
From: "Ferris Ellis" <ferris@ferrisellis.com>
To: wireguard@lists.zx2c4.com
Sent: Monday, November 6, 2017 10:41:18 PM
Subject: Production usage of Wireguard

Hello Wireguard mailing list!=20

I have been very interested in the WireGuard project for a little while now=
 and am in the process of evaluating it. While benchmarks and code reviews =
are useful, they don=E2=80=99t uncover many of the issues that can potentia=
lly wake one up at 3am. I=E2=80=99d hunted around on the web for a while bu=
t wasn=E2=80=99t able to find any articles on running WireGuard in a produc=
tion environment. I know the project is still young but was wondering if an=
yone on the mailing list had started using WireGuard in production? And, if=
 so, if they=E2=80=99d be willing to share some details about their use cas=
e and experience?=20

Cheers,=20
Ferris=20

--=20
Ferris Ellis=20

_______________________________________________=20
WireGuard mailing list=20
WireGuard@lists.zx2c4.com=20
https://lists.zx2c4.com/mailman/listinfo/wireguard=20

Re: Production usage of Wireguard

[Reuben Martin]

[-- Attachment #1: Type: text/plain, Size: 1308 bytes --]

On Nov 6, 2017 3:41 PM, "Ferris Ellis" <ferris@ferrisellis.com> wrote:

> Hello Wireguard mailing list!
>
> I have been very interested in the WireGuard project for a little while
> now and am in the process of evaluating it. While benchmarks and code
> reviews are useful, they don’t uncover many of the issues that can
> potentially wake one up at 3am. I’d hunted around on the web for a while
> but wasn’t able to find any articles on running WireGuard in a production
> environment. I know the project is still young but was wondering if anyone
> on the mailing list had started using WireGuard in production? And, if so,
> if they’d be willing to share some details about their use case and
> experience.
>

I've been using it for about 6 months to tie together remote video
streaming servers in a star pattern with a vxlan overlay running on top of
the wireguard connections. I mostly push low latency video over the
connections.

I've only had an issue once which was a bug resulting from some refactoring
work, and Jason immediately pounced on it and had a fixed release out
within a few hours. Honestly, a project with a maintainer that takes
ownership of the code base like that imparts much more cred than any
"stable" or "production ready" label does.

-Reuben

[-- Attachment #2: Type: text/html, Size: 1844 bytes --]

Re: Production usage of Wireguard

[Ryan Whelan]

[-- Attachment #1: Type: text/plain, Size: 1576 bytes --]

On Tue, Nov 7, 2017 at 8:27 AM, Reuben Martin <reuben.m.work@gmail.com>
wrote:

> On Nov 6, 2017 3:41 PM, "Ferris Ellis" <ferris@ferrisellis.com> wrote:
>
>> Hello Wireguard mailing list!
>>
>> I have been very interested in the WireGuard project for a little while
>> now and am in the process of evaluating it. While benchmarks and code
>> reviews are useful, they don’t uncover many of the issues that can
>> potentially wake one up at 3am. I’d hunted around on the web for a while
>> but wasn’t able to find any articles on running WireGuard in a production
>> environment. I know the project is still young but was wondering if anyone
>> on the mailing list had started using WireGuard in production? And, if so,
>> if they’d be willing to share some details about their use case and
>> experience.
>>
>
> I've been using it for about 6 months to tie together remote video
> streaming servers in a star pattern with a vxlan overlay running on top of
> the wireguard connections. I mostly push low latency video over the
> connections.
>
> I've only had an issue once which was a bug resulting from some
> refactoring work, and Jason immediately pounced on it and had a fixed
> release out within a few hours. Honestly, a project with a maintainer that
> takes ownership of the code base like that imparts much more cred than any
> "stable" or "production ready" label does.
>
> -Reuben
>

I'll second that.  I've never seen a developer / maintainer thats as
engaged and responsive as Jason.

...And he sends out free stickers!

[-- Attachment #2: Type: text/html, Size: 2494 bytes --]

Re: Production usage of Wireguard

[Ferris Ellis]

[-- Attachment #1: Type: text/plain, Size: 269 bytes --]

Wow, this was an awesome amount of response to get from the community :D
also definitely gives me confidence to start moving stuff to WireGuard.
Thanks to everyone for the comments and thanks to Jason for making this
project a reality!

Cheers,
Ferris
-- 
Ferris Ellis

[-- Attachment #2: Type: text/html, Size: 493 bytes --]