![]() ![]() As of writing, there is not an overwhelming amount of dedicated hardware support for it, though this is changing. WireGuard uses ChaCha20Poly1305, which is extremely fast in software on virtually all general purpose CPUs. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw. WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. It is quite possible to plug in various forms of obfuscation, however. Obfuscation, rather, should happen at a layer above WireGuard, with WireGuard focused on providing solid crypto with a simple implementation. This page summarizes known limitations due to these trade-offs. WireGuard is a protocol that, like all protocols, makes necessary trade-offs.
0 Comments
Leave a Reply. |