Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> It is recommended to use official WireGuard software whenever possible.

I don't agree with his sentiment at all. With OpenVPN Viscosity is by far the best OpenVPN client and both the 'official' client (OpenVPN) and the open source alternative (Tunnelblick) are buggy and have crappy UI. I'm hoping Sparklabs either repurpose Viscosity to include WireGuard as well, or write a new client specifically for WireGuard (which I'd happily buy).

Edit: wow, what the hell. I guess HN hates improved clients with a violent passion.



All of the "clients" you mentioned are just "frontends". They all just produce openvpn configuration files and run the official OpenVPN client. Some of them (Viscosity) use the remote control daemon protocol, to more directly integrate with the openvpn client, but it's still the standard openvpn client doing the bulk of the work. These frontends are just UIs, not full fledged clients.


I obviously mean the clients as in the GUI clients, not the core binary. For OpenVPN that would be OpenVPN-GUI[0]

[0] https://openvpn.net/community-downloads/


Some of the clients mentioned, for example TunSafe, are not GUIs for Wireguard but rather their own third-party implementations of a client to the Wireguard protocol.

In context of the linked text, it was not in fact obvious what you meant.


What does OpenVPN having a shitty official client have to do with wireguard?


Both the iOS and macOS Wireguard client are functional but they aren't shining examples of great UI, UX or feature richness. Often 3rd party clients (as happened with OpenVPN) will fill that gap.


Hmm, I can't say I've noticed much UI/UX issue with the MacOS wireguard client; it seems very straight forward to me. As for feature richness, wireguard not having a bunch of knobs and buttons to tweak is one of its nicer features I think.


I think it's less about openvpn and more about having the protocol integrated with existing enterprise products/infrastructure/paradigms.


Imagine having WireGuard wrapped up in PulseSecure or one of the other 'enterprise' solutions. We'd see silly exploits in no-time. Not that WireGuard in itself is perfect, but those enterprise products have not shown any benefit over 'the rest' so far. (except more money moving around and giving sales people jobs)

It's often not the protocol that has the problem, as with OpenVPN, it's whatever gets layered around it usually causes the issues (as was with those 'SSL VPN' solutions and stuff like Citrix).


It's almost beside the point. Enterprises want to pay someone for support (and, more importantly, someone to blame when things go wrong) rather than (rightfully) attempt to put something together with duct tape and bailing wire.


The point was that 'enterprise' is not any less 'duct tape and bailing wire'.

Unless you get value out of shifting blame to a vendor or some contract thing, there really isn't much use throwing money at it. In some sectors that's probably still a requirement. I hope I never get to the point where I have to go back to that.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: