Wireguard is a simple modern VPN protocol.

Compared to previous solutions, Wireguard was notable in being exceptionally small and simple. An elegant satisfying system :)

Linus Torvalds notably described it as a work of art compared to IPsec and OpenVPN. At the time, Wireguard was just 4000 lines of code compared to IPsec and OpenVPN which were hundreds of thousands of lines, on a good day.

As a result, it got into the kernel pretty quickly and is widely supported.

I use it to bootstrap a connection from internal headscale server out to external proxy without having to open ports.

remember: wg show` and e.g. `wg-quick down wg0

Slack Nebula is a very satisfying system. It's an overlay network written in go at Slack, and has been used heavily across their servers and infrastructure. Once setup, all devices can have an IP in t...

Tailscale is an overlay Mesh network. It relies on a central login server which then brokers wireguard connections behind the scenes. The tailscale also offers DNS, ACLs and a whole bunch of other bit...