Wireguard had no user management (or rather, some kind of identity you can cancel). This is not useable in an entreprise environment without some kind of complicated backend. Something like tailwind.
I live WG though, a magical product.
Same for openVPN, though there are some extending that help.
Compare this with a commercial VPN that will directly plug into your identity system.
Wireguard layer-3 tunneling identity (public key) is for machines, not human users. Rolling out Wireguard in an "enterprise environment" for over 600 user laptops and desktops (mix of Linux and some macOS* and Windows*) with our existing configuration management (SaltStack/GitOps) was extremely easy to do.
Where additional layer-3 tunnels that were user or group specific were necessary, we did some very light scripting that any sophomore-level Sys Admin can handle.
We already have BeyondCorp / ZeroTrust for any layer-4 and above authentication.
>> Compare this with a commercial VPN that will directly plug into your identity system.
This would be something out of the clicky-clicky industrial complex.
unknown|1 year ago
[deleted]
BrandoElFollito|1 year ago
I live WG though, a magical product.
Same for openVPN, though there are some extending that help.
Compare this with a commercial VPN that will directly plug into your identity system.
commercialnix|1 year ago
Where additional layer-3 tunnels that were user or group specific were necessary, we did some very light scripting that any sophomore-level Sys Admin can handle.
We already have BeyondCorp / ZeroTrust for any layer-4 and above authentication.
>> Compare this with a commercial VPN that will directly plug into your identity system.
This would be something out of the clicky-clicky industrial complex.