SoylentNews is people
SoylentNews
WireGuard VPN is a step closer to mainstream adoption
As of this morning, Linux network stack maintainer David Miller has committed the WireGuard VPN project into the Linux "net-next" source tree. Miller maintains both net and net-next—the source trees governing the current implementation of the Linux kernel networking stack and the implementation of the next Linux kernel's networking stack, respectively.
This is a major step forward for the WireGuard VPN project. Net-next gets pulled into the new Linux kernel during its two-week merge window, where it becomes net. With WireGuard already a part of net-next, this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability.
[Ed. addition] Wireguard implements a fast, modern, secure VPN tunnel. According to Wikipedia:
WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It was written by Jason A. Donenfeld and is published under the second version of the GNU General Public License (GPL).
(Score: 5, Informative) by Anonymous Coward on Thursday December 12 2019, @07:09AM (2 children)
The kernel has multiple trees available from www.kernel.org and their git system. The big three are "torvalds," "stable," and "next." Each of those gets their content from other trees. "next" is basically what is aimed to be in the next official merge window for release. It, in turn, gets its patches signed off from the maintainers responsible for the subsystems. "next-net" is David Miller's tree that contains all the network related code included in the next tree (see here [kernel.org]). Inclusion in the next-net tree means that when the next merge window opens on the "torvalds" tree, there is a very good chance Linus will merge it in, if he likes it. Basically it is the last step before Linus personally decides if it is included in the official release.
Wireguard itself is very well-regarded in the network community. In addition to simplifying a bunch of stuff and being super fast, it has been formally verified [wireguard.com] along with many parts of the primitives, which basically means the code does exactly what it is designed to do in its specification. As long as the specification is correct, the implementation is too. And that means you don't get all sorts of security leaks and programming bugs, such as overflows, timing attacks, memory errors, etc. The only real problem is that not all of the primitives and interfaces have been verified, but they are in the process of doing that as well as getting the specifications and other code audited.
And yes, I know a grossly oversimplified formal verification and kernel development, so pendantic soylentils feel free to chime in.
(Score: 2, Flamebait) by FatPhil on Thursday December 12 2019, @03:19PM (1 child)
Anyone who's never heard of Dave Miller can be safely ignored when it comes to anything kernel dev related. And I mean ignored. Not corrected, or insulted, just ignored. And modded -1 Troll.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by aristarchus on Friday December 13 2019, @12:42AM
Why, Thank you, Mr. Fat, you have almost answered my question!!
And more thanks to other Soylentils of dubious credentials below, who have brought up many interesting points.