Hacker News new | past | comments | ask | show | jobs | submit login

It's also way easier to setup, and it covers all basic VPN needs for almost all home-VPN use cases.

I remember spending a whole day configuring OpenVPN, lots of packages, certificates, key files, no clue what half of the things I was doing were for. I also didn't particularly like the OpenVPN iOS client. Setting up WireGuard took less than an hour, every step of the process made sense, and it allowed me to remove a whole lot of cruft from my server.




I have the opposite experience. Setting up OpenVPN is as easy as:

wget https://git.io/vpn -O vpn.sh

* inspect the file manually for malware etc.*

sudo bash ./vpn.sh

You enter your IP, port, protocol, client name and it generates a .ovpn file that you import into any client and it just works.

If you need to revoke a client or add another one, re-run the script and it will ask you what to do. It can also uninstall itself safely.

I still haven't managed to setup WireGuard.

OpenVPN gets about 40 Mbps for me on the Pi, but my upload is less, so I don't need more. On a VPS, it gets about 90 Mbps.


For things that run on my home server I like to at least have the impression I know what I'm installing and how it is configured, so a magic script like you referred to is not really an option.

I used this guide to configure OpenVPN [1], which you could almost publish as a paperback ;-)

[1] https://www.digitalocean.com/community/tutorials/how-to-set-...


Well, you could always open the script.

It's magic in that it does everything itself, it's not a black box.

It's only 460 lines with whitespace and comments, including the files it's writing to the filesystem.


I agree that setting up OpenVPN for the first time might be quite messy, so such script can be useful - it is quite simple and lets you do standard setup.

What I am wondering - it is using a pregenerated dh param file (I can understsand why - to make the initial process faster). I am not much into crypto, with all the other elements being created during the setup process, how big no-no is having a predefined dh file?


For me OpenVPN server was not that hard to manually set up, but clients were really messy. I had various problems with both OpenVPN for Android and Tunnelblick (for macOS), where the latter were problematic enough for me to switch to WireGuard with no regret.


I had no problems with OpenVPN Connect which is the "official" client for Android. For a short time I used Mac OS X (before rebranding), Tunnelblick never worked properly. I forgot the exact problems, but mainly crashing of the software that locks up all network interfaces until reboot, constant disconnecting, and one text field which was unfillable.


Would you have a link to a good reference/tutorial for Wireguard?


These are pretty easy to follow (if you don't use something like dietPi):

https://github.com/adrianmihalko/raspberrypiwireguard

https://grh.am/2018/wireguard-setup-guide-for-ios/


Note https://github.com/adrianmihalko/raspberrypiwireguard has some outdated script responses in it. I learned this the hard way.


Are you able to submit a PR with the updated information? Thanks!


The "Unofficial Wireguard Documentation" was good when I went through it: https://github.com/pirate/wireguard-docs

https://news.ycombinator.com/item?id=20036194


See trailofbits algo. If you can setup using that, things are super easy to get working after that.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: