Okay, how about a different analogy then. Seatbelts.
Wireguard is a seatbelt where you plug the latch plate into the buckle, it lets out an audible "click" and you're secured. If you fail to secure it properly, the latch plate will not be held by the buckle and will retract. It will be immediately obvious that you aren't secured and the car will refuse to move until the problem is resolved.
IPSec is a seatbelt where the process of putting the latch plate into the buckle requires adjusting several knobs on the buckle to the correct setting depending on your specific size and weight and then placing the latch plate into the buckle at the _exact_ right angle. The settings of these knobs and the angle required differs slightly or significantly between manufacturers as well as model years.
With the IPSec seatbelt, failing to perform these steps correctly often results in the buckle failing to engage and the car failing to start. But sometimes it also results in the buckle letting out a "click" and appearing to be latched while not being properly engaged and able to protect you in a crash. This counts as buckled as far as the car is concerned though and it's happy to let you drive this way.
Well what if I _want_ to drive around with only the appearance of a seatbelt without the safety of it, huh? Wireguard won't let me do that!
Sure, there are _very_ specific situations where IPSec is the only option to implement what we need. Great, I'm glad it exists to cover off those use cases.
But when everyone's getting the common case wrong in subtle and dangerous ways, the answer isn't "well, it's as complicated as brain surgery get good scrub" (I can't imagine how you think that's a defense of IPSec.). It's possible to design a system that allows a secure tunnel _without_ the complexity and massive number of footguns (see: wireguard). For most use cases, that makes IPSec defective by design.
If GM designed their cars to have as many buttons and knobs as a 747 cockpit, they would never make it to market. Manufacturers have been forced to recall vehicles for much less[0].
By all means, continue to use it, but expecting people to learn brain surgery to set up a secure tunnel is and should be a non-starter.
Wireguard is a seatbelt where you plug the latch plate into the buckle, it lets out an audible "click" and you're secured. If you fail to secure it properly, the latch plate will not be held by the buckle and will retract. It will be immediately obvious that you aren't secured and the car will refuse to move until the problem is resolved.
IPSec is a seatbelt where the process of putting the latch plate into the buckle requires adjusting several knobs on the buckle to the correct setting depending on your specific size and weight and then placing the latch plate into the buckle at the _exact_ right angle. The settings of these knobs and the angle required differs slightly or significantly between manufacturers as well as model years.
With the IPSec seatbelt, failing to perform these steps correctly often results in the buckle failing to engage and the car failing to start. But sometimes it also results in the buckle letting out a "click" and appearing to be latched while not being properly engaged and able to protect you in a crash. This counts as buckled as far as the car is concerned though and it's happy to let you drive this way.
Well what if I _want_ to drive around with only the appearance of a seatbelt without the safety of it, huh? Wireguard won't let me do that!
Sure, there are _very_ specific situations where IPSec is the only option to implement what we need. Great, I'm glad it exists to cover off those use cases.
But when everyone's getting the common case wrong in subtle and dangerous ways, the answer isn't "well, it's as complicated as brain surgery get good scrub" (I can't imagine how you think that's a defense of IPSec.). It's possible to design a system that allows a secure tunnel _without_ the complexity and massive number of footguns (see: wireguard). For most use cases, that makes IPSec defective by design.
If GM designed their cars to have as many buttons and knobs as a 747 cockpit, they would never make it to market. Manufacturers have been forced to recall vehicles for much less[0].
By all means, continue to use it, but expecting people to learn brain surgery to set up a secure tunnel is and should be a non-starter.
[0] https://www.consumerreports.org/car-safety/fca-recalls-confu...