WireGuard
WireGuard is a secure layer 3 communications protocol for virtual private networks (VPNs) capable of creating bridged or routed point to point connections. It has been available as a in-kernel module since Linux 5.6[1]
WireGuard is free software under the GNU GPL v2.
Performance[edit]
"I see that Jason actually made the pull request to have wireguard included in the kernel.
Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."
WireGuard runs in-kernel and it works efficiently with the Linux network sub-system. Its got support for multi-core load balancing. It should perform better than most alternatives, including OpenVPN.
The C WireGuard implementation by Jason A. Donenfeld is also very small, relatively speaking. Its 4000 lines of code makes it very small and elegant compared to OpenVPN - which weighs in at around 400,000 lines of code. The small codebase makes both performance tuning and security auditing much easier.
Jason A. Donenfeld has also made a Go implementation. Linux users should not use this; it is written with non-Linux platforms in mind[2]. Linux users should use the in-kernel module and the wg
or wg-quick
utilities.
There is also a user space WireGuard implementation by Cloudflare written in Rust available[3]
The Protocol[edit]
WireGuard uses the ChaCha20 stream cipher for encryption, Curve25519 for key exchange and Poly1305 for data authentication. Hashable keys are handled by Siphash and BLAKE2s is used for hashing.
User-space software[edit]
WireGuard is controlled by wg
[4] and wg-quick
[5].
Links[edit]
Footnotes[edit]
- ↑ git.kernel.or: net: WireGuard secure network tunnel merged 2019-12-08
- ↑ git.zx2c4.com: Go Implementation of WireGuard
- ↑ GitHub: cloudflare/boringtun
- ↑ man.linuxreviews.org: wg.8 manual
- ↑ man.linuxreviews.org: wg-quick.8 manual
Enable comment auto-refresher