New & Much Improved WireGuard Implementation Comes To FreeBSD
WireGuard lead developer Jason Donenfeld explained the situation today in an email, "Sometime ago, a popular firewall vendor tasked a developer with writing a WireGuard implementation for FreeBSD. They didn’t bother reaching out to the project...Then, at some point, whatever code laying around got merged into the FreeBSD tree and the developer tasked with writing it moved on."
More recently, upstream FreeBSD developers, Matt Dunwoodie who worked on WireGuard's OpenBSD port, and Donenfeld began collaborating over an improved implementation that would also be compatible with the user-space WireGuard upstream tools. Donenfeld went on to add, "the three of us dug in and completely reworked the implementation from top to bottom, each one of us pushing commits and taking passes through the code to ensure correctness. The result was [this commit]. It was an incredible effort. The collaboration was very fast paced and exciting. Matt and Kyle are terrific programmers and fun to work with too."
So FreeBSD trunk now has the latest WireGuard kernel implementation as of today. That code is much more maintainable and in a better state that jives with WireGuard on other platforms.
Unfortunately due to the timing and with FreeBSD 13.0-RELEASE slated for month's end, it doesn't look like this new WireGuard module will be enabled for the release. Likewise, given the issues with the prior WireGuard module, it will likely ship disabled in FreeBSD 13.0. It will likely be in FreeBSD 13.1 now where this new WireGuard module is ready to shine but interested users/developers should be able to back-port it for 13.0-RELEASE if they so desire.
More details on this new WireGuard port to FreeBSD via the mailing list.