Announcement

Collapse
No announcement yet.

WireGuard Now Under Review, First Step Towards Getting Included In The Linux Kernel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • WireGuard Now Under Review, First Step Towards Getting Included In The Linux Kernel

    Phoronix: WireGuard Now Under Review, First Step Towards Getting Included In The Linux Kernel

    After being in development the past few years, the first version of WireGuard has hit the kernel mailing list for review on its path to being included in the mainline Linux kernel...

    http://www.phoronix.com/scan.php?pag...uard-V1-Review

  • #2
    This is good news and I hope everything goes smoothly. I can't wait for wireguard to be every where so we have access to a secure and easy to use VPN. OpenVPN is also ok.

    Comment


    • #3
      I'm very much looking forward to this. Mobile devices don't get along well with current VPNs, and I've been spoiled by Mosh connectivity. Having the ability to switch WiFi access points and to/from LTE without losing VPN connectivity would be awesome.

      Comment


      • #4
        Really looking forward to this being a standard module everywhere! Vendors like Mikrotik will hopefully start looking at picking it up once it goes mainline.

        Comment


        • #5
          I hope windows client will come sooner than later. Getting all the home network into a single vpn that is so easy to deploy would be insanely awesome.

          Comment


          • #6
            Originally posted by bitman View Post
            I hope windows client will come sooner than later. Getting all the home network into a single vpn that is so easy to deploy would be insanely awesome.
            There is a closed source one, but personally I'm not okay with that. I think there were efforts to get the official go client working on Windows.

            Comment


            • #7
              Great! Just a question: why don't you use AES-GCM? It should be faster than ChaCha20/ChaCha20Poly1305 on current CPUs with AES and CLMUL acceleration.
              Also: what about adding (lz4?) compression?
              Thanks.
              Last edited by oibaf; 01 August 2018, 05:18 AM.

              Comment


              • #8
                The crypto bit for wireguard also seems interesting
                https://marc.info/?l=linux-netdev&m=153306437408074&w=2

                Comment


                • #9
                  This is quite the good news.

                  It's been quite a while we're using WireGuard in production, as it actually saves us a lot of headaches about tunneling anything via TLS/ssh (and no, I don't care if anyone calls me a shill).
                  Any unencrypted service can be safely used in a WireGuard network, starting from the guinness world record of deprecation: telnet.

                  You can add a virtual WireGuard network on any existing network, as long as some host can receive/send UDP packets.

                  I think things like "WireGuard client for Windows" are less important than securing servers services. I foresee people stupidly blabbering about WireGuard as if existing TLS/ssh/certificates/etc infrastructures were suddenly deemed obsolete. If you have a bunch of servers and services/microservices and someone told you to "secure them ASAP", throwing in a WireGuard will free you from adding SSL support to anything.

                  TL,DR: if wireguard and systemd were invented 20 years ago... well, better late than never!

                  Comment


                  • #10
                    what's the rationale of including everything in kernel space these days, instead of keeping the kernel small and implementing functionality like this in userspace? Just performance?

                    Comment

                    Working...
                    X