|
Feature |
Raw WireGuard | |
|---|---|---|
|
Network Type |
A manually configured client-server (hub-and-spoke) VPN, or a peer-to-peer mesh that requires manual setup for every node. |
An automatic peer-to-peer mesh network where every device can connect directly to every other authorized device. |
|
Setup and Keys |
Requires manually generating and distributing cryptographic keys and editing configuration files on each device. |
Automates key generation and management. Users simply install the app and log in with their existing single sign-on (SSO) provider. |
|
NAT Traversal |
Often requires manual port forwarding on routers to allow devices behind firewalls to connect. |
Automatically handles network address translation (NAT) traversal, allowing devices to connect even when both are behind different firewalls, without needing port forwarding. |
|
Authentication |
Relies solely on exchanging and distributing cryptographic keys for authentication. |
Adds a layer of identity-based authentication by integrating with SSO services like Google, Microsoft, and GitHub. |
|
Management |
Managing a network with many devices and users involves manually editing configuration files on every node. |
Provides a centralized web-based admin console to manage devices and set fine-grained access controls. |