Add WireGuard Support

With WireGuard having been merged into v5.6 of the Linux Kernel in March 2020, it would be great to see this added as a VPN option for Peplink router products. The current OpenVPN and L2TP options work well but require a “hub and spoke” model with traffic being routed through a VPN concentrator. This can reduce throughput and requires management of the concentrator (e.g. OpenVPN server or similar).

WireGuard uses direct peer to peer connections, removing the need to manage a concentrator and improving throughput on connections (don’t need to route through the concentrator). With WireGuard, customers could link Peplink routers and any other WireGuard-enabled endpoints into a peer to peer mesh network and manage it privately.

One example of how this would be useful is for customers whose fleets include a mix of Peplink and non-Peplink products. Routers in the fleet that support WireGuard could form a high-speed peer to peer mesh network directly on the routers themselves. It is possible today to connect mixed fleets using OpenVPN, but with the drawbacks associated with needing a VPN concentrator.

For more info on WireGuard: https://www.wireguard.com

15 Likes

i brought this up around 18 months ago and it went nowhere.

2 Likes

That’s too bad, hope it gets picked up here.

1 Like

Another big advantage to WireGuard is that it requires less computational horsepower. I recently did some tests on a low end router that includes both an OpenVPN and Wireguard client, and found that WireGuard connections ran about 7 times faster. Not extensive testing, but illustrative nonetheless.

3 Likes

I would like to see this as well. I would like it under the “Remote User Access” so that I can use WireGuard to connect to my home network via SpeedFusion Hub from my laptop. WireGuard is much more modern with better and more performant encryption and doesn’t come with the baggage of IPsec.

I think this would be an amazing addition to peplink!!!

1 Like

+1 - requested via support ticket, too

1 Like

I’m curious… How does Wireguard compare to PepVPN wrt to throughput and other metrics? Is there a chance that Pep would be embarrassed with the comparison?
(btw, PepVPN has been very reliable for me - a thumbs up solution so far!)

Peer to peer or fully meshed networking is possible today with PepVPN.

Since PepVPN is based on IPSEC and there is lots of evidence to say that wireguard is faster than IPSEC we can only assume wireguard based VPN would be faster.

Peplink are never embarrassed by any comparison in my experience. Instead they learn from it, and adapt and build bigger better faster things.

I wouldn’t be surprised if PepVPN / SpeedFusion adopts wireguard in the future, but I’m happy with the current IPSEC based VPN for the moment - after all, the speed isn’t the isn’t the clever bit about PepVPN, its what Peplink does to traffic flowing over those tunnels that matters (FEC, bonding, traffic flows, OSPF) and how easy they make it to deploy.

I still think PepVPN is one of the easiest VPNs to set up and use, easier than wireguard even which is lauded for its simplicity also.

4 Likes

I have 12 pepwave device and it would be really nice have them connected to wireguard vpn. It would be a really good feature

Perhaps. I don’t know anything about PepVPN (yet), but I do know this: If Peplink modems supported WG in client mode, I could…

  • Fire up a WG server on an inexpensive virtual server
  • Create a persistent connection from the Peplink modem to that WG server

Then I’d always have a persistent, known private VPN to which I could connect so I could always look into customers’ networks in case something went bump in the night–using the same VPN tools on desktop, laptop, and mobile devices I use already, for other purposes.

1 Like

This is exactly what many Peplink users do using FusionHub Solo which is a free virtual appliance on Vultr for $5/month.

Further, those that don’t want to do that can now use SpeedFusion Cloud to create persistent connections between devices also and just pay for the VPN bandwidth.
There is also InTouch which is a reverse proxy based solution that gives you access to selected LAN side devices without the need for any persistent VPN at all (its built on demand).

But yes I can see the value of Wireguard integration for the ability to use one VPN client everywhere and extend your enterprise network into other security domains and servers.

Integration is mostly doable now of course with a little thought. You could just host a WG exit node next to a FusionHub and pretty much achieve what you’re asking.

Lets see what FW 9 brings…

3 Likes

This would be a great addition to Peplink if they offered support for WireGuard - v9 firmware maybe? (fingers crossed). WireGuard is much more efficient than OpenVPN is. It uses a lot less processing power, which would actually compliment Peplinks current hardware more.

1 Like

We are looking into this and will likely available in v9 firmware.

7 Likes

Alex,

Thank you for sharing that information with us. That’s really great to hear.

Great! Ready to try it if needed. Is there any roadmap?

Regards,

i could honestly use 4 vpn connections, i’d love to see this as a option.

As v8.3 was just released several months ago, v9 will be released…?

Replying to a 15 month old message as well

2 Likes

yes, please add wireguard support. maybe to choose between openvpn and wireguard?

+1! This is a big deal in the remote connectivity industry given its lower cpu utilization and connection standup speeds…