Today we're going to talk about a cool subject. A hint: it's about IPv6. Another hint: it's about enabling IPv6. Can you guess?
Yes, we're going to talk about our VPN. More specifically, we'll share our take on two different VPNs out there. Both are open source, and both support IPv6, and we have used them both: OpenVPN, and WireGuard.
Many of you might have already heard of OpenVPN, it's been around for more than a decade and has been regarded as the industry standard (Cisco might disagree with us, but then again, we often disagree with Cisco, so we are square).
OpenVPN
On the other hand, WireGuard is quite new and fresh, and in our opinion, more modern.
WireGuard
- Currently working toward a stable 1.0 release
- Written in: C, GO
- Encryption: ChaCha20
- Tamarin proof available (!)
How we started with OpenVPN
The beginning of our VPN was from our own need for running our Data Center Light with remote working team. Although our servers are all in Glarus Süd, Switzerland, our team is spread everywhere in the world from west Switzerland to South Korea, and to let everyone reach our servers from the world we needed a VPN, so we started to use OpenVPN.
Soon afterwards we received requests from customers who wanted to use Samba over the Internet to access their data. Because SMB (Server Message Block, a protocol used in Samba) is not encrypted, we offered IPv6 VPNs to our customers. So the development of ungleich VPN was an organic flow, starting from our internal need and soon serving customer need. If you want to know more about the history of our IPv6 deployment here is a blog post on our IPv6 log.
Bringing IPv6 to people
As many of you already know, we've been openly advocating IPv6 at ungleich and have launched IPv6onlyhosting in 2018, at which we give significant discounts for IPv6 VPS. The ground for discounts is that IPv6 is sustainable (and no, IPv4 CGNAT isn't), and it allows everyone to do much more without having to depend on third party providers.
While running IPv6onlyhosting we have noticed that many customers actually quit the VPS service because their ISPs (Internet Service Provider) didn't support IPv6, so they couldn't even reach the VPS. Somebody had to do something here! To enable our users to use our services, we started to give free VPN for all our customers.
The problems with OpenVPN
Although our OpenVPN is still running on our servers to this day, there were some things that made us look for an alternative. Update 2019-09-09: Our OpenVPN installation has been decommissioned! The biggest drawback of OpenVPN is that it has no support for IPv6 only tunnels. This is a major turn-off for us because it means our engineers have to pull their hair thinking in IPv4 when using OpenVPN. That's why we wanted to offer new customers a pure IPv6 VPN, with no IPv4 legacy, which creates so much headache. Besides that, managing X.509 certificates is never fun.
Introduction of WireGuard
That's when we discovered WireGuard. We learnt that WireGuard is much easier to setup than OpenVPN and supports IPv6-only networks. We gave it a try and in a short time our new IPv6 wireguard VPN was born.
Tested worldwide, including China (!)
Not only our team but also our customers are all over the world. Our first WireGuard VPN routed directly to Spain. As our customer base grew further, our VPN also reached far and wide. From Switzerland to as far as China (This has been admittedly a fascinating usecase), it's been tested and been supporting people with IPv6.
The world map of ungleich VPN
So whether you are thinking about running your own VPN service or if you are interested in an IPv6 VPN, we really like to encourage you to give Wireguard a try.
You have some experience with WireGuard or OpenVPN? Feel free to share your ideas on our IPv6 chat! It's open for everyone who wants to talk about IPv6.