This is almost true, but not quite. WireGuard is a protocol, but it's also the Linux kernel implementation of that protocol; there are design decisions in the protocol that specifically support software security goals of the kernel implementation. For instance, it's designed to be possible to implement WireGuard without demand dynamic allocation.
zekica•24m ago
Minor nitpick: dynamic memory allocation is not used when processing packets, but is when adding/removing clients via netlink.
Cyphase•12m ago
This is why WireGuard has continued to work even when a node is otherwise unusable from low free memory. :)
viceconsole•28m ago
The post mentions the deficiencies of TCP for mobile devices over unreliable links, but I've had nothing but trouble with Wireguard when connecting from phones via mobile data.
I suspect it's due to my mobile operator doing traffic shaping / QoS that deprioritizes UDP VPN.
In contrast, connecting to OpenVPN over TCP was a huge improvement. Not at all what I expected.
Cyphase•15m ago
Counter-anecdote: I've been using WireGuard on Android for years with no particular issues to speak of. 0.0.0.0/0 to my home network. I often forget to enable WiFi at home and don't notice (I often have it disabled when out).
wakeywakeywakey•10m ago
You probably just need to lower your MTU if your phone is getting an ip6 address.
bradley13•9m ago
I suspect ya you're right - nothing to do with Wireguard. I set it up do I could VPN into my home network from my phone. More than once, I have forgotten to turn it off. Everything worked, and I only noticed days later. Very robust, in my anecdotal experience.
tptacek•40m ago
zekica•24m ago
Cyphase•12m ago