Announcement

Collapse
No announcement yet.

Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than Later

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than Later

    Phoronix: Linus Torvalds Is Hoping WireGuard Will Be Merged Sooner Rather Than Later

    While the WireGuard secure VPN tunnel was just sent out this week for review as the first formal step towards getting it mainlined in the Linux kernel, Linus Torvalds is already looking forward to it...

    http://www.phoronix.com/scan.php?pag...ikes-WireGuard

  • #2
    compared to the horrors that are OpenVPN and IPSec, [WireGuard is] a work of art.
    Do you think he's talking about the potocol/design or their implementation in Linux? Or maybe both.

    From the full quote I sense he is talking about the implementations.

    Comment


    • #3
      Just noticed that Arch picked up wireguard using DKMS: https://www.archlinux.org/packages/?q=wireguard

      Edit: Noticed it's in Debian Sid as well, and has been for quite a while. https://packages.debian.org/sid/wireguard
      Last edited by Brisse; 08-03-2018, 07:30 AM.

      Comment


      • #4
        Originally posted by cybertraveler View Post
        Do you think he's talking about the potocol/design or their implementation in Linux? Or maybe both.

        From the full quote I sense he is talking about the implementations.
        He is very likely talking about the code. Not that the protocol itself is amazing, but OpenVPN and IPSec are commonly bashed for their code bloat and large size, which is not what you want in anything working with security.

        Comment


        • #5
          Originally posted by starshipeleven View Post
          He is very likely talking about the code. Not that the protocol itself is amazing, but OpenVPN and IPSec are commonly bashed for their code bloat and large size, which is not what you want in anything working with security.
          OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

          Which is a better idea for security imho.

          Comment


          • #6
            Originally posted by Britoid View Post
            OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

            Which is a better idea for security imho.
            I think "10x functionality" is not the best way to express the difference.

            They have more not-so-often used features and quite a bit of legacy features for compatibility.

            I agree that it is better to keep extra features as a plugin where possible.

            Comment


            • #7
              Originally posted by Britoid View Post

              OpenVPN and IPSec have about 10x the functionality of Wireguard, however the idea with Wireguard is that you build the extra functionality separately on top rather than have it baked into the software and protocol itself.

              Which is a better idea for security imho.
              Actually, Wireguard has more usable functionality for modern environments in its support for mobile connectivity, similar to mosh. With Wireguard, you can hop from access point to access point to LTE and back, while maintaining connectivity. This prevents the "drop/reconnect/oops it failed" that currents VPNs experience for mobile devices.

              Comment


              • #8
                Just leaving this random comment here, sent through a WireGuard VPN connection, just for the fun of it

                Comment


                • #9
                  Originally posted by macemoneta View Post

                  Actually, Wireguard has more usable functionality for modern environments in its support for mobile connectivity, similar to mosh. With Wireguard, you can hop from access point to access point to LTE and back, while maintaining connectivity. This prevents the "drop/reconnect/oops it failed" that currents VPNs experience for mobile devices.
                  Should also be much better for battery life.

                  Comment


                  • #10
                    I am a big fan of tinc, which has somewhat similar design to WireGuard; it is user-space and uses a traditional, unimpressive cryptography, but has a built-in mesh routing, so one can do cool things like NAT traversal or redundant gateway severs. These are possible with WG, but not without additional tools and cumbersome configuration...

                    Comment

                    Working...
                    X