• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    26
    ·
    edit-2
    4 months ago

    There’s a really important reason for this! Wireguard is connectionless. The reconnection process is as simple as sending the next packet of data normally because the server will accept valid packets from anywhere. You don’t have to do some fancy re-handshake and re-authentication process every time you lose access momentarily.

    This is perfect for a device like a smartphone that might suspend network access to save battery and switch between different networks on a regular basis. The software basically does nothing in these common cases. The server couldn’t care less where the packets are coming from so long as the crypto checks out. If the device wishes to sleep, just stop sending packets. There isn’t a connection to be broken.

    Now, consider that the crypto can be handled in the kernel because the code is extremely simple and easy to maintain, which further reduces the power requirements through reducing the need to switch between privileged and unprivileged modes. The cryptography itself was designed to be easy to execute on a device where power consumption is a concern. Even if you don’t have hardware support for the operations, it executes very well on all virtually all processors.

    Wireguard is an engineering marvel. It is simple, yet robust. It is good design.