Proposal must add WireGuard to Linux kernel for secure vpn tunnels

Aug

1

2018

Jason Donenfeld, the inventor of WireGuard, proposes to include his software in the Linux kernel. He describes WireGuard as a next generation kernel network tunnel that should offer a faster and simpler alternative for IPsec and OpenVPN.

In a message on the Linux kernel mailing list Donenfeld writes that his project is the result of about three years of work. He introduced WireGuard in 2016 as a new vpn tunnel. In a further explanation he writes that the commit he has added implements WireGuard as a simple network driver. There are now several clients for the software, for example for different Linux distributions, macOS and Android. An official Windows client is still missing.

In an accompanying whitepaper , he explains that WireGuard consists of approximately four thousand lines of code and that the software users must provide a virtual network interface called wg0, which can be configured via ip or ifconfig . The only thing users need to configure is to add a private key and ip’s with 32-byte public keys of peers with which communication is allowed.

The exchange of keys, the making and disconnection of connections and similar activities must take place outside the view of the user in the background. Donenfeld draws the comparison between the simplicity of configuring and setting up ssh and that of WireGuard. The small size of the software should also provide the smallest possible attack surface for attackers and facilitate the execution of an audit.

The source code of the software can be found online. On the official site Donenfeld does state that it is still a work in progress . For example, no security audits have been carried out yet and a stable 1.0 release is still underway. Linus Torvalds says in an earlier message on the mailing list that the aim should be to include WireGuard in the kernel.

Viewing:-42

In: A Technology & Gadgets Asked By: [19469 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »