Development discussion of WireGuard
 help / color / mirror / Atom feed
* Is there a way to use wireguard as a non-encrypted VPN?
@ 2020-04-11 19:13 mike
  2020-04-14  8:53 ` Fredrik Strömberg
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: mike @ 2020-04-11 19:13 UTC (permalink / raw)
  To: wireguard

I have some older routers that run OpenWRT just fine, but are a bit slow at
Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
playing HD movies.
For these routers/uses I don't care about security, I just want a VPN to
tunnel (thru Comcast, and other ISPs that block lots of ports.)
If there was a way to use Wiireguard with encryption disabled, I'm pretty
sure my performance would be closer to 20-50 MB/s which would be more than
adequate.
Thanks.
Mike Farmwald




^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is there a way to use wireguard as a non-encrypted VPN?
  2020-04-11 19:13 Is there a way to use wireguard as a non-encrypted VPN? mike
@ 2020-04-14  8:53 ` Fredrik Strömberg
  2020-04-14  9:16 ` Mike O'Connor
  2020-04-14 15:02 ` ajs124
  2 siblings, 0 replies; 5+ messages in thread
From: Fredrik Strömberg @ 2020-04-14  8:53 UTC (permalink / raw)
  To: WireGuard mailing list

On Tue, Apr 14, 2020 at 10:30 AM <mike@pmfarmwald.com> wrote:
>
> I have some older routers that run OpenWRT just fine, but are a bit slow at
> Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> playing HD movies.
> For these routers/uses I don't care about security, I just want a VPN to
> tunnel (thru Comcast, and other ISPs that block lots of ports.)
> If there was a way to use Wiireguard with encryption disabled, I'm pretty
> sure my performance would be closer to 20-50 MB/s which would be more than
> adequate.
> Thanks.
> Mike Farmwald
>

Hi Mike,

No, WireGuard does not and will never support your use case of
disabling encryption.

If you are able to, buy a router that is powerful enough to do
WireGuard at your preferred throughput. Otherwise you would need to
use other encapsulation methods. OpenVPN with hardware AES
acceleration might work (if your routers support that). However
OpenVPN lives in userspace so it needs to do a memory copy from kernel
to userspace for each packet. I'm not sure how the performance will
work out in practice.

If you look at other methods you might want to consider the state of
its maintenance. PPTP code is likely to be very old and unmaintained
for instance. Your router might very well end up hacked.

Cheers,
Fredrik Stromberg

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is there a way to use wireguard as a non-encrypted VPN?
  2020-04-11 19:13 Is there a way to use wireguard as a non-encrypted VPN? mike
  2020-04-14  8:53 ` Fredrik Strömberg
@ 2020-04-14  9:16 ` Mike O'Connor
  2020-04-14 15:02 ` ajs124
  2 siblings, 0 replies; 5+ messages in thread
From: Mike O'Connor @ 2020-04-14  9:16 UTC (permalink / raw)
  To: mike, wireguard

On 12/4/20 4:43 am, mike@pmfarmwald.com wrote:
> I have some older routers that run OpenWRT just fine, but are a bit slow at
> Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> playing HD movies.
> For these routers/uses I don't care about security, I just want a VPN to
> tunnel (thru Comcast, and other ISPs that block lots of ports.)
> If there was a way to use Wiireguard�with encryption disabled, I'm pretty
> sure my performance would be closer to 20-50 MB/s which would be more than
> adequate.
> Thanks.
> Mike Farmwald
>
>
>
I suggest that your use a GRE tunnel connection.

Mike


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is there a way to use wireguard as a non-encrypted VPN?
  2020-04-11 19:13 Is there a way to use wireguard as a non-encrypted VPN? mike
  2020-04-14  8:53 ` Fredrik Strömberg
  2020-04-14  9:16 ` Mike O'Connor
@ 2020-04-14 15:02 ` ajs124
  2020-04-14 15:16   ` Roman Mamedov
  2 siblings, 1 reply; 5+ messages in thread
From: ajs124 @ 2020-04-14 15:02 UTC (permalink / raw)
  To: mike; +Cc: wireguard

On Sat, 11 Apr 2020 12:13:36 -0700
<mike@pmfarmwald.com> wrote:

> I have some older routers that run OpenWRT just fine, but are a bit slow at
> Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> playing HD movies.
> For these routers/uses I don't care about security, I just want a VPN to
> tunnel (thru Comcast, and other ISPs that block lots of ports.)
> If there was a way to use Wiireguard with encryption disabled, I'm pretty
> sure my performance would be closer to 20-50 MB/s which would be more than
> adequate.
> Thanks.
> Mike Farmwald
> 

If you're actually just looking for an unencrypted tunnel, there is some standardized stuff like GRE[1] or IP in IP[2] out there.

The Linux Kernel supports both of those natively and it looks to me like OpenWRT should be able to configure at least one of them through its interface.

1: https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation
2: https://en.wikipedia.org/wiki/IP_in_IP

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Is there a way to use wireguard as a non-encrypted VPN?
  2020-04-14 15:02 ` ajs124
@ 2020-04-14 15:16   ` Roman Mamedov
  0 siblings, 0 replies; 5+ messages in thread
From: Roman Mamedov @ 2020-04-14 15:16 UTC (permalink / raw)
  To: ajs124; +Cc: mike, wireguard

On Tue, 14 Apr 2020 17:02:41 +0200
ajs124 <wireguard@ajs124.de> wrote:

> On Sat, 11 Apr 2020 12:13:36 -0700
> <mike@pmfarmwald.com> wrote:
> 
> > I have some older routers that run OpenWRT just fine, but are a bit slow at
> > Wireguard (3-5 MBytes/s for SMB transfers) and which are too slow for
> > playing HD movies.
> > For these routers/uses I don't care about security, I just want a VPN to
> > tunnel (thru Comcast, and other ISPs that block lots of ports.)
> > If there was a way to use Wiireguard with encryption disabled, I'm pretty
> > sure my performance would be closer to 20-50 MB/s which would be more than
> > adequate.
> > Thanks.
> > Mike Farmwald
> > 
> 
> If you're actually just looking for an unencrypted tunnel, there is some standardized stuff like GRE[1] or IP in IP[2] out there.
> 
> The Linux Kernel supports both of those natively and it looks to me like OpenWRT should be able to configure at least one of them through its interface.
> 
> 1: https://en.wikipedia.org/wiki/Generic_Routing_Encapsulation
> 2: https://en.wikipedia.org/wiki/IP_in_IP

Those both require dedicated IP on both ends of the connection, which is not
always the case on residential ISPs' IPv4 now.

I'd suggest to check out L2TP instead, which doesn't, and can be used without
encryption too, that one can work.

Or PPTP as mentioned, but it's more complex (separate signaling and data
protocols) for no good reason and has more issues traversing NATs/firewalls.

-- 
With respect,
Roman

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2020-05-04 23:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-11 19:13 Is there a way to use wireguard as a non-encrypted VPN? mike
2020-04-14  8:53 ` Fredrik Strömberg
2020-04-14  9:16 ` Mike O'Connor
2020-04-14 15:02 ` ajs124
2020-04-14 15:16   ` Roman Mamedov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).