Recently, the company I work for sent out an email which talked about the possible need to work from home. In that email they referred me to a link where I could use a program called OpenConnect as a VPN client. This got me thinking, I read an article the other day on an application called WireGuard and I was wondering are these two applications doing different things or could I use either? Apparently: "Cisco's AnyConnect Linux client is lacking" and to be honest I have never used a VPN and I don't really know what most of this jargon means.
in short, vpn clients all do more or less the same - just not in the same speed. They allow you to securely / encrypted connect to a destination - in your case your company, so that your network traffic cannot be read on the way from your client to your destination by a third party.
1 Like
VPN stands for virtual private network. The virtual means that this privacy is accomplished allthough it is by nature not private at all when you communicate over a public network - the internet. The data flows through all kinds of networks. All of them being owned and operated by someone else than you or your company, so from a privacy point of view: Those networks can not be trusted. So the virtual privacy is being achieved by strong encryption. This creates the methaphor that is a private network because only allowed people are connected or configured to enter the encrypted space.
There are lots of software packages and some different protocols that are used to operate VPNs.
The count of software packages are plenty. The protocols are relatively few, like:
- IPSec
- OpenVPN
- wiregard
- Closed source vendor specific implementations, created completely on their own or based on one of the above
The different properties of a vpn solution are:
- Manageability(Tools to manage Access and Accounts and Distribution)
- Compatibility with protocols(as shown above)
- Closed Source/Open Source
- Commercial products usally introduce their own hardware product series to be used with the VPN software
1 Like
I see, so then are both WireGuard and OpenConnect doing the same thing? I am just wondering because based on what I read on the OpenConnect homepage it seems like they have tailored their service to work with certain vendors like Cisco, which is the provider we use. I managed to get OpenConnect VPN working but I would rather use WireGuard if I can simply based on the article's description of it. So, as long as they are doing the same thing, why wouldn't I use WireGuard? Is it possible that a VPN can be tailored to work with certain vendors like Cisco? If they can, then perhaps I should be using OpenConnect.
Whether it is a good option to use wireguard or not is connected to the needs of your scenario.
In principal wireguard is a fairly new protocol and probably it isn't implemented by the big commercial software vendors right now, but it possibly will integrated in a few years.
Another point I forgot to mention is Vendor Support. If you use OpenConnect - an open source product - which can be used to connect with the proprietary Cisco AnyConnect protocoll, you do not have any support from the vendor. You can use it, but if there's any error, you're on your own.
So as always it's the way to choose:
- Choose proprietary products for optimized usability and support and good manageability for a certain price.
- Choose open source products for flexibility, saved license costs and probably increased implementation costs and costs of operation and maybe but not for sure a steeper learning curve. You may hire specialists which can support you here too.
- Sometimes different products are also a compound of a wide range different protocols.(Product X supports protocols a,b,c and d.).