I was getting ready to say the same thing. A vpn service provider is MUST issue you a private key for your connection only (that is the only way the service works). BUT they are NEVER going to send you the private key for their server. That is exactly what we do for IRLP VPN to provide basic connectivity. We are now approaching 500 repeaters (nodes) with 44.127.x.x IP addresses.
OTOH, we use PGP to authenticate all connections in to the IRLP network and connections between repeaters (regardless of VPN use). The private key is generated during their installation of the software, but never leaves the IRLP computer. Public keys are collected and circulated throughout the network. A human reviews and authorizes a specific key be added to the public key ring. But this is completely separate from the use of a VPN.
— Dave K9DC, K9IP
On Feb 23, 2023, at 13:53, lleachii--- via 44net 44net@mailman.ampr.org wrote:
It was noted that some users would find key generation, etc. to be quite advanced/expert.
It's interesting that was noted.
A main reason I understood some commercial companies generate a private key for you - is so that they can offer you a complete Wireguard configuration file for setup purposes. They would be unable to do that via a public-key-only exchange/setup with the remote peer. 73,
- Lynwood
KB3VWG