Announcement

Collapse
No announcement yet.

WireGuard Could Be Mainlined Before Christmas

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • WireGuard Could Be Mainlined Before Christmas

    Phoronix: WireGuard Could Be Mainlined Before Christmas

    It's been a wild past few weeks for WireGuard as the secure VPN tunnel destined for the mainline Linux kernel and also supported on all other major platforms. It turns out WireGuard could quite well end up in the Linux 5.5 kernel rather than having to wait until Linux 5.6...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Merry Christmas to you and yours, Mr. Donenfeld.

    Comment


    • #3
      Don't worry about it, in the enterprise space ancient solutions that only work in conjunction with AD will continue to rule

      Comment


      • #4
        Wow, that would be great!

        Comment


        • #5
          Originally posted by bug77 View Post
          Don't worry about it, in the enterprise space ancient solutions that only work in conjunction with AD will continue to rule
          Nothing stopping you from configuring WileGuard from Active Directory... Except taste.

          Comment


          • #6
            Well, this would be great. It is time to get rid of the overly complicated and slow VPN.

            Comment


            • #7
              It would be great to have it in 5.5 because LTS and Ubuntu 20.04 etc.

              Comment


              • #8
                Why does this matter if it's in the kernel or not? Is it even a good idea to put a VPN Server in the kernel? Why shouldn't this just be a package? hmm

                Comment


                • #9
                  I can't pretend that's directly relevant to the present topic, but I've been (re)starting to look at VPNs recently for my proxying needs (with a boost from seeing that Android socks support has not improved a bit in the past years and versions).

                  I have two peculiar requirements: that the communication is over TLS; and to have chaining through an intermediate box (could be VPN > VPN, or VPN > socks).
                  What I've seen is that it seems doable with OpenVPN (but that seems to be a very isolated hack). On the other hand nothing pops up with Wireguard. I don't expect out of the box support, but I wonder about the feasability.

                  I'd love to experiment with Wireguard, TLS encapsulation and chaining by myself, but am afraid of going into a wall, so if anyone knowledgeable can give their feeling about this enterprise, I'd be very happy!
                  Last edited by bonob; 27 November 2019, 02:53 PM.

                  Comment


                  • #10
                    Originally posted by k1e0x View Post
                    Why does this matter if it's in the kernel or not? Is it even a good idea to put a VPN Server in the kernel? Why shouldn't this just be a package? hmm
                    From the Whitepaper

                    .7 Linux Kernel Implementation

                    The implementation of WireGuard inside the Linux kernel has a few goals. First, it should be short and simple, so that auditing and reviewing the code for security vulnerabilities is not only easy, but also enjoyable; WireGuard is implemented in less than 4,000 lines of code(excluding cryptographic primitives). Second, it must be extremely fast, so that it is competitive with IPsec on performance. Third, it must avoid allocations and other resource intensive allocations in response to incoming packets. Fourth, it must integrate as natively and smoothly as possible with existing kernel infrastructure and userland expectations, tools, and APIs. And fifth, it must be buildable as an external kernel module without requiring any changes to the core Linux kernel. WireGuard is not merely an academic project with never-released laboratory code, but rather a practical project aiming for production-ready implementations

                    Comment

                    Working...
                    X