Announcement

**mazumoto** · 02 August 2021, 02:55 PM

Does this have the blessing of Microsoft? Will this be integrated into Windows or will it be an installable third party component (is that even possible)? Or is it similar to the btrfs driver for windows that requires special installation and disablement of some security guards?

**zx2c4** · 02 August 2021, 03:05 PM

You'll be able to use this by downloading the WireGuard client from the usual webpage. Nothing fancy is required. You can read about this on the actual announcement: https://lists.zx2c4.com/pipermail/wi...st/006887.html

**Nille** · 02 August 2021, 04:21 PM

Originally posted by zx2c4 View Post

You'll be able to use this by downloading the WireGuard client from the usual webpage. Nothing fancy is required. You can read about this on the actual announcement: https://lists.zx2c4.com/pipermail/wi...st/006887.html

i cant find the hint to it in the message. Is the Driver signed by Microsoft that it can run without disable secure boot or driver signing in general?

**numacross** · 02 August 2021, 04:43 PM

Originally posted by Nille View Post

i cant find the hint to it in the message. Is the Driver signed by Microsoft that it can run without disable secure boot or driver signing in general?

Yes it is. wireguard.sys that's embedded into the new wireguard.dll is signed by "Microsoft Windows Hardware Compatibility Publisher", and the .dll itself is signed by "WireGuard LLC" code signing cert. You can extract the .sys from .dll with 7-zip in the "#" mode.

**birdie** · 02 August 2021, 06:40 PM

Originally posted by mazumoto View Post

Does this have the blessing of Microsoft? Will this be integrated into Windows or will it be an installable third party component (is that even possible)? Or is it similar to the btrfs driver for windows that requires special installation and disablement of some security guards?

Blessing? All you need is to pay Microsoft some money to digitally sign a driver.

**indepe** · 02 August 2021, 06:48 PM

I was wondering if Wireguard can be used instead of ssh tunnel, as I am not sure how a "VPN" network might be different from that. If that is possible, how does it compare? And is it more difficult to set up a VPN than ssh tunnels?

**birdie** · 02 August 2021, 06:58 PM

Originally posted by indepe View Post

I was wondering if Wireguard can be used instead of ssh tunnel, as I am not sure how a "VPN" network might be different from that. If that is possible, how does it compare? And is it more difficult to set up a VPN than ssh tunnels?

A tad more difficult since SSH basically requires no configuration whatsoever.

Quick Start - WireGuard

https://www.wireguard.com/quickstart/

**linner** · 02 August 2021, 07:22 PM

There us just something about a product like WireGuard being built in to the kernel that makes me uneasy. At least OpenVPN can run as "nobody".

An exploit in WG could mean remote root access, no? :/

**aspen** · 02 August 2021, 07:28 PM

Originally posted by linner View Post

There us just something about a product like WireGuard being built in to the kernel that makes me uneasy. At least OpenVPN can run as "nobody".

An exploit in WG could mean remote root access, no? :/

The entire implementation of WireGuard isn't in the kernel. It's just that context switching between kernelspace and userspace is expensive, and therefore it's more performant to offload some of it to kernelspace.

Announcement

WireGuard Sees Native, High-Performance Port To The Windows Kernel

WireGuard Sees Native, High-Performance Port To The Windows Kernel

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment