Options
new feature - WireGuard vpn
Hello,
I've been reading about this new WireGuard vpn, which seems to be quite performante compared to other vpn types and will also be integrated in the linux kernel (if it isn't already).
Does WatchGuard have plans to integrate this new VPN type?
Thanks!
Greetings,
Thibaud
2
Sign In to comment.
Comments
Hi @Thibaud
WatchGuard is currently exploring implementing it in the future, but there hasn't been a decision made thus far.
The current SSLVPN is based on OpenVPN which is widely available and compatible with a multitude of systems.
If you have any specific use cases that you believe would benefit from this, I'd encourage you to open a support case and provide more details so that a feature request can be written around your needs.
-James Carson
WatchGuard Customer Support
Hi @James_Carson !
No specific use case.
It's just that I read a bit about this and appears to be more performant then other vpn types.
WatchGuard's current SSL VPN is actually slower than for example IKEv2 and I thought it might be an idea to have a WireGuard client instead of the SSL VPN client, so it gets more performant.
Kind regards,
Thibaud
You could always put a Pi running PiVPN or a VM behind your Watchguard device to run Wireguard VPNs until Watchguard comes around. It would be nice to see Watchguard implement it as an alternative (and not a replacement) to their OpenVPN-branded solution.
+1
I also wish to switch my mobile client to WireGuard.
Hence, please implement it.
I would not request to replace OpenVPN with WireGuard, but rather complement OpenVPN with WireGuard.
+1
This would be a very nice improvement!
WatchGuard, if you are listening. You are long overdue on adding WireGuard VPN for both Branch Office and Mobile tunnels. Its getting close to the point where I need to look at other solutions that support this.
Please implement Wireguard. Low throughput ADSL lines with 5.5Mbps throughput in downlink and 800kbps uplink if used with Watchguard SSL VPN client will top 1.4Mbps in the downlink.... That is poor efficiency.... UDP should be in favour in theses low lines ..... If you failure to replicate CISCO product behaviour that automatically switches between tcp/udp then Wireguard use of udp at blazing speeds is the only way to go.... We vote in favour of INRIA and French cryptographic product.
FYI - you can select to use UDP in SSLVPN.
If you also use any/all of these:
Management Tunnel over SSL on a hub device
BOVPN over TLS in Server mode
Access Portal
then review this:
SSL/TLS Settings Precedence and Inheritance
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/ssl_tls_settings_precedence.html
+1 Watchguard Cloud with Wireguard support for Mobile and Site2Site VPN
+1 for that
With having a lot of Linux endpoints, we would appreciate support for Wireguard. We also expect, that some common problems (like VoIP e.g.), should work more stable with Wireguard.
When is Wireguard VPN coming? The Norwegian National Cyber Security Centre (NCSC) is now recommending the end of SSL VPN connections by 2025.
_"The severity of the vulnerabilities and the repeated exploitation of this type of vulnerability by actors means that the NCSC recommends replacing solutions for secure remote access that use SSL/TLS with more secure alternatives."
Come on WatchGuard, time to get with the program!
Hello everyone,
We would be very interested to know if there are any plans to bring Wireguard VPN (BOVPN) to Watchguard Fireboxes. Is there any news?