WireGuard VPN is a step closer to mainstream adoption
As of this morning, Linux network stack maintainer David Miller has committed the WireGuard VPN project into the Linux "net-next" source tree. Miller maintains both net and net-next—the source trees governing the current implementation of the Linux kernel networking stack and the implementation of the next Linux kernel's networking stack, respectively.
This is a major step forward for the WireGuard VPN project. Net-next gets pulled into the new Linux kernel during its two-week merge window, where it becomes net. With WireGuard already a part of net-next, this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability.
[Ed. addition] Wireguard implements a fast, modern, secure VPN tunnel. According to Wikipedia:
WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It was written by Jason A. Donenfeld and is published under the second version of the GNU General Public License (GPL).
(Score: 3, Informative) by stormwyrm on Thursday December 12 2019, @07:49AM (2 children)
Numquam ponenda est pluralitas sine necessitate.
(Score: 0) by Anonymous Coward on Thursday December 12 2019, @12:39PM
I'm not sure what is so complex about these protocols. IPsec is rather simple protocol. The problem is not in the protocol, but in the key server (CA management) and how the protocol is actually used. Saying IPsec is difficult is like saying driving is difficult because you need this license thing and follow the rules and such.
Well, some features are somewhat niche. The sad thing is that IPsec has not seen much adoption outside Windows Server where it's actually implemented well
(Score: 2) by FatPhil on Thursday December 12 2019, @03:33PM
Simple and straightforward, WireGuard is much less prone to catastrophic failure and misconfiguration than IPsec. It is important to stress, however, that
the layering of IPsec is correct and sound; everything is in the right place with IPsec, to academic perfection. But, as often happens with correctness of abstraction, there is a profound lack of usability, and a verifiably safe implementation is very difficult to achieve. WireGuard, in contrast, starts from the basis of flawed layering violations and then attempts to rectify the issues arising from this conflation using practical engineering solutions and cryptographic techniques that solve real world problems.
"""
Sounds a bit bodgy, and possibly fragile, there's a reason the layers are as they are.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves