Wireguard prepares to join Linux kernel in version 5.6
WireGuard is a new, simple, secure and fast way to set up a point-to-point VPN between two machines. Cryptography naturally adds an overhead to the communication, so it is important its implementation is as fast as possible. After a long time, it is finally time for Wireguard to be merged into Linux.
WireGuard is a layer 3 secure networking tunnel made specifically for the kernel, that aims to be much simpler and easier to audit than IPsec. Extensive documentation and description of the protocol and considerations, along with formal proofs of the cryptography, are available at:
Wireguard is a point-to-point VPN software. Although it is a relatively new software it has earned the praise of none other than Linus Torvlads who stated: “Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.”
WireGuard currently works as a Kernel module to provide faster performance compared to more popular solutions such as OpenVPN. While it has started as a Linux project, Wireguard is now available for many operating systems including BSD, Windows, MacOS, Android and iOS.
Wireguard is getting ready for Linux 5.6
This commit from net-next leaves almost no doubt. After missing Linux 5.5 deadline, Wireguard will probably be merged in Linux 5.6, due in January/February 2020.
The thing that blocked Wireguard merger into Linux is its Zinc API, a crypto API developed and used by Wireguard. Although Wireguard developers were willing to adapt it to Linux crypto API, the latter decided to adopt some concepts from Zinc. These changes were merged in Linux 5.5, paving the way for Wireguard merger.
Although Linux 5.6 is due in a few months, Wireguard already works as a DKMS in an excellent way, here’s a tutorial.