My point was that Wireguard gives no user feedback if it fails to connect for one reason or another. It leaves the end user having to figure out on his own why the tunnel won't go up. Is it a misconfigured AllowedIP? The remote peer not being reachable? A mismatched private/public key? You are left guessing, while with another traditionnal VPN solution, you can have a quick glance at a log, which will tell you what is failing.The thing is though that you don't actually *need* to debug the kernel module, unless you're actually doing development on it.
It might be superior if the goal is to have a permanent tunnel between two sites. But if you have an on-demand tunnel (like a VPN connection with a VPN provider which you might want to start/stop on demand), it becomes unintuitive.This is also a feature. Wireguard has built in roaming support. There is no concept of disconnecting. As long as there's internet connectivity between the 2 ends, packets will flow. As long as you've bound an application to an interface or ip, or as long as you're routing there via other means (eg namespaces) there's no chance of a leak. The interface will not go down, and once your internet connectivity to the other end is restored, packets will begin to flow as normal. This is superior design
I disagree. It might be a good design for some type of uses, but for other uses it's no replacement to an existing technology like IPSEC or OpenVPN. For the goal of having an on-demand tunnel with a VPN provider, it's a clunky solution.Seriously though, wireguard is the future,
No, the fact that it was merged in is proof that it has enough uses to be worth merging into mainline kernel. That does not mean it's a panacea to replace every existing VPN technologies. The fact that reiserfs was merged into the kernel never meant it was the future of filesystems, for example. And for a home router, with the hardware involved and the typical use case involved, wireguard is not the best option for end users to use.The fact that it has been merged natively into the linux kernel is proof of that