Why not "Why not WireGuard?"

Avery Pennarun's blog post critiques Michael Tremer's article "Why not WireGuard?" by addressing various misconceptions and outdated information about the WireGuard VPN protocol. The post argues that Tremer's claims about WireGuard's limitations, such as its inability to support dynamic IPs and its alleged protocol complexity, are either incorrect or have been resolved with newer tools and updates. Pennarun emphasizes that WireGuard offers a simpler and more secure alternative to traditional IPsec VPNs due to its streamlined design, mandatory public-key authentication, and fewer configuration requirements, which make it easier to use without compromising security. The post also highlights that while WireGuard may not have all the features initially, its integration into the Linux kernel and its ability to operate in point-to-multipoint mode demonstrate its growing acceptance and potential as a modern VPN solution. Additionally, Pennarun notes the real-world challenges of configuring legacy IPsec systems with outdated ciphers, suggesting WireGuard as a viable future-proof alternative for secure VPN connectivity.