Closed elimisteve closed 1 year ago
llebout
commented
3 years ago Protocol wise it seems it's a basic VPN over DTLS (TLS over UDP) with WolfSSL, cipher suites are listed here https://github.com/expressvpn/lightway-core/blob/8e9ad458e25aff593d0be7e65be151ca7f3df72d/src/he/ssl_ctx.c#L187-L195 Sounds OK but Wireguard is definitely better suited to the task and has better tooling.
pachainti
commented
3 years ago 
expressvpn-pete-m
commented
3 years ago @elimisteve thanks for opening this issue! We'll be adding documentation in this area shortly and expect to iterate and improve on it over time. The ultimate goal is to end up with a technical manual that will help everyone get the best out of Lightway.
We use WolfSSL to handle the crypto side of things, and use standard protocols from the TLS/1.3 and DTLS/1.2 standards as @leo-lb has pointed out. Although it is being described as "basic", I think of it instead as simple. With something security and privacy focused, you want the simplest possible system as keeping things simple helps to keep them secure.
Lightway has been audited (thanks @pachainti) but we have not attempted to derive a formal proof. This is because we use the open standards TLS and DTLS to provide the security layer and use a certified SSL library (in this case WolfSSL) as the implementation. In other words, as we didn't roll our own crypto, attempting a formal proof of it doesn't add much value.
All that said, some areas where Lightway holds its own are:
I hope this helps and I'm looking forward to sharing more content with you soon!
pachainti
commented
3 years ago Thank you for the reply. Right, you reused well known encryption protocols and so the formal proof is not very important as for a new encryption scheme, but it will still good to have a formal documentation about how the protocol works. In order to be fair, wireguard limitations that you reported are well known and documented.
Deep Packet Inspection WireGuard does not focus on obfuscation. Obfuscation, rather, should happen at a layer above WireGuard, with WireGuard focused on providing solid crypto with a simple implementation. It is quite possible to plug in various forms of obfuscation, however.
TCP Mode WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.
Moreover, wireguard is integrated into linux kernel v5.6+. Linus Torvalds: "Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art." Hence, at least on GNU/linux and android, wireguard works in kernel space.
In my opinion, it would be great to have a fair comparison in terms of performance as this one.
llebout
commented
3 years ago Although it is being described as "basic", I think of it instead as simple. With something security and privacy focused, you want the simplest possible system as keeping things simple helps to keep them secure.
@expressvpn-pete-m That's good, I was more making a reference to lack of integration or tooling like Wireguard with "basic".
expressvpn-pete-m
commented
3 years ago @pachainti I agree completely about more formal documentation on how the protocol works. That will be shared soon. For the Wireguard comparison, I agree that they're well documented and well known. It is perfectly reasonable for Wireguard to only use UDP as TCP in TCP has clear issues. However, we have a significant number of customers who depend on our TCP support to connect, and so for us TCP is essential.
The same holds for the DPI. Wireguard holds that they should focus on solid crypto with a simple implementation. That makes perfect sense. However, adding obfuscation to kernel based code with deep integration (and then being able to do that with millions of customers) and doing it with high iteration speed would be a challenge, especially with all the different implementations out there. Lightway provides common hook points to make this easier because this is something we depend on.
Our intent is to highlight that our needs are quite different from what Wireguard was designed for. That doesn't make Wireguard any less awesome at what it does, it just means it's not ideal for us. As it's not perfect for us, it stands to reason that it might not be for others too and so Lightway contributes another option to the mix.
Some performance benchmarks would definitely be nice, and it's on the to-do list. Of course we'd love to accept contributions so if anyone would like to work on this aspect, we'd be happy to look at a PR :)
@leo-lb I agree a more formal set of documentation is desirable. We've just added some initial docs here:
With an API reference here:
https://lightway.com/doxygen/annotated.html
Again, there's much more to come, but as you can see, work is under way to improve it.
llebout
commented
3 years ago @expressvpn-pete-m You keep talking about DPI, if the reason of existence of Lightway is making it easy to do DPI (Deep Packet Inspection?) then it's quite harmful. What privacy-respecting non-censoring use case of DPI do you have in mind? I am not sure what you need to do here but probably the privacy-respecting non-censoring way of achieving that is not DPI. You use the term "DPI protection", I think there's something wrong with the word "protection" here, DPI is spying/surveillance or censoring.
expressvpn-pete-m
commented
3 years ago @leo-lb I think there is a misunderstanding here. When I said DPI protection, I meant that Lightway protects the user against DPI. In other words, Lightway makes it very easy to add obfuscation on top of the protocol through a simple plugin interface.
This is important because users often have to deal with throttling ISPs and overly zealous corporate firewalls. Being able to adapt quickly and easily to new DPI technologies is thus very important for a consumer VPN platform and hence Lightway makes it clean and easy. Wireguard however does not support obfuscation for the reasons the Wireguard project has already stated. Again, this is not a criticism, we simply have different use cases.
To be very clear then - DPI Protection means to protect users from DPI.
pachainti
commented
2 years ago Any update?
expressvpn-pete-m
commented
2 years ago Not at the moment.
The actual performance you get is very much dependent on how you integrate the library. CNET just updated their review which discusses how Lightway performs for them on our platform: https://www.cnet.com/tech/services-and-software/expressvpn-review-pricey-but-speedy-and-great-for-streaming/
This will most likely be revisited when we release a successor to our test client (lightway laser) but that might not be until next year.
expressvpn-pete-m
commented
1 year ago I'm closing this issue for now as we're working on a higher performance version that will have better tooling for client and servers. This will not only bring greater performance but also make it easier to benchmark and test.
elimisteve
commented
1 year ago I'm closing this issue for now as we're working on a higher performance version that will have better tooling for client and servers
Does the new version's docs contain a comparison to WireGuard?
expressvpn-pete-m
commented
1 year ago Yes, the new implementation will have a client and server that we expect people would be able to use as an alternative to OpenVPN or Wireguard. As it will be a complete solution, a side to side comparison will be much more useful.
This comparison with Wireguard (and OpenVPN) could include: security considerations (attack surface, cryptographic primitives used), ease of use, ease of getting started, and OS support (desktop and mobile).
Context
I'm comparing this project to other options and I'd appreciate it if your docs would help with that!