There's no predefined way of setting up and sharing keypairs, for one. As a company end user logging into a VPN, what you want is a place to input your username and password (and potentially 2FA credentials), not “create a keypair and give the public key to an admin”.
It's true that the WireGuard ecosystem needs these features. But it's also true that people believe VPN software needs lots of features because other VPNs are complex; people do not generally believe these things about SSH, and WireGuard makes VPN tunnels as easy to manage as SSH.
Another thing people might not realize if they haven't had to deal with lots of different VPN configurations is that most of the "user management" and "2FA" features of legacy VPNs are, as the kids say, janky "AF".
Ultimately, organizations should be tying their VPNs, like everything else, into an IdP of some sort, and most of the "user management" and "MFA" stuff belongs to the IdP, not the VPN. People will clearly get WireGuard integrated into Okta.
> Ultimately, organizations should be tying their VPNs, like everything else, into an IdP of some sort, and most of the "user management" and "MFA" stuff belongs to the IdP, not the VPN. People will clearly get WireGuard integrated into Okta.
Right, but at the moment this integration does not exist.
