Hacker News new | past | comments | ask | show | jobs | submit login

Have you considered moving from tinc to Wireguard?



Yes, I've been meaning to give it a go for a while now. Couldn't use it initially because of (then) lack of availability on BSD.


I use both, and one thing I found that is sucky about WG is that it does not work well with the Windows firewall. I need to give full permission to an app to be able to access ip addresses routed by WG. Tinc does not have this problem.


WG also doesn't do dynamic mesh routing. With tinc, I can have a network path down, and my mesh will find it's way around it. Tinc is slower than WG, but I will take that hit for the benefit of availability. (my preference anyway)

One thing I noticed with tinc is that it does not take advantage of sysctl network tuning. I had to increase the network buffers for that dynamic routing to not make as much of a noticeable slowdown.

    Cipher = aes-128-cbc
    ClampMSS = yes
    UDPRcvBuf = 81920000
    UDPSndBuf = 81920000
    Compression = 0




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: