Next-Generation Secure Network Tunnel Announced For The Linux Kernel

Written by Michael Larabel in Linux Kernel on 28 June 2016 at 12:14 PM EDT. 42 Comments
Jason Donenfeld announced today WireGuard, what he describes as a next-generation secure network tunnel for the Linux kernel.

Donenfeld explained to us in a briefing last week about WireGuard, "IPsec is overly complex and impossible to actually use in a secure manner, but it's the fastest thing out there for VPN and secure tunneling. OpenVPN is very popular, but it's super slow, by virtue of being in userspace, and contains a whole buggy SSL/x509 stack. I've started from scratch, and written an extremely simple, yet powerful and cryptographically secure, replacement, in around 4000 lines of code, called WireGuard...It's much simpler than anything before it, with peers exchanging short Curve25519 public keys just like in SSH. Secure network interfaces can be added and removed using the usual 'ip-link' and 'ip-address' tools. From there, everything is easily taken care of by the kernel, and secure tunnels are made quite simple. Not only that, but the performance is in fact better than IPsec, which is quite the accomplishment."

Via this kernel mailing list post he went on to describe WireGuard in much greater detail. He has also launched if you are looking at learning more about this proposal for the Linux kernel.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week