DEV Community

Cover image for Why you should not use WireGuard
jdrch
jdrch

Posted on

Why you should not use WireGuard

I'll keep this simple:

WireGuard doesn't support private hostname resolution out of the box 🤯🥴🤡

Supporting it - if possible at all - is pretty involved if you already have a working Pi-hole DNS + DHCP setup.

What this means is WireGuard forces you to use IP addresses, e.g. 192.168.0.25 to reach machines on the network you're VPNing into instead of being able to use the hostname, e.g. DellOptiPlex. This is a significant UX regression (vs. other solutions such as OpenVPN, which support private hostname resolution out of the box), as the entire point of hostnames is to avoid the need to remember IP addresses or keep track of which corresponds to which machine.

While I don't doubt WireGuard's value for P2P VPN setups, I strongly believe the above limitation makes it poorly suited for conventional centralized setups.

Unfortunately, this doesn't seem to have dampened the spirits of WireGuard's numerous self-anointed online evangelists who think it's the 2nd coming of the remote access Messiah and recommend it for every VPN use case.

Unless your bandwidth requirements are super high, OpenVPN works just fine out of the box. WireGuard is one of the rare times I agree with the Unix graybeard wariness of technological shiny object syndrome.

Top comments (0)