WingNews logo WingNews
top | item 46494510

(no title)

paranoidrobot | 1 month ago

One of the major advantages for Wireguard over OpenVPN (for me) is that it's quite difficult for random port scans to detect it.

With OpenVPN it's hanging out there responding to everyone that asks nicely that yes, it's OpenVPN.

So anyone with a new exploit for OpenVPN just has to pull up Shodan and now they've got a nice list of targets that likely have access to more private networks.

Wireguard doesn't respond at all unless you've got the right keys.

Also, fwiw - we're approaching 11 years since it was announced, and 5 years since it was accepted into the Linux/BSD kernels.

discuss

order

rsyring|1 month ago

> With OpenVPN it's hanging out there responding to everyone that asks nicely that yes, it's OpenVPN.

I believe asing UDP mode and a ta.key go a long way towards making OpenVPN invisible to port scans. Double check docs for details.