Google adds WireGuard VPN to Android 12’s Linux Kernel
With remote work becoming the norm at many businesses thanks to COVID-19, it’s more important than ever to secure network connections with a virtual private network, or VPN. There are multiple VPN tunneling protocols that services can make use of, but a relatively new implementation called WireGuard has taken the tech world by storm. As we’ve explained before, WireGuard is a next-gen VPN protocol that embraces modern cryptography standards and has a secure, auditable code base. After its inclusion in Linux Kernel 5.6, Google is now adding support for the protocol to Android 12’s Linux Kernel 5.4 tree.
Google forks each Linux Kernel release to include “patches of interest to the Android community that haven’t been merged onto mainline or Long Term Supported (LTS) kernels.” These kernels are called Android Common Kernels and they form the basis of the Linux kernel release that ships on each and every Android device on the market today. For each Android release, Google supports a handful of Linux kernel releases; for Android 11, that’s currently Linux Kernel versions 4.14 and 4.19, while for Android 12, it’ll be versions 4.19 and 5.4.
The typical flagship Android device today runs on top of a fork of Linux Kernel 4.19, but that’s expected to change once new silicon from Qualcomm and other SoC vendors ships on next-gen Android devices. Many of these upcoming devices will be running the next version of Android—Android 12—in late 2021 on top of Linux Kernel 5.4, and these devices may be the first to natively support WireGuard VPN on Android.
Earlier today, we spotted a flurry of new commits to the android12-5.4 tree of the Android Common Kernel. Among these new commits was the WireGuard VPN protocol itself, alongside a config option enabling this on Android kernels. This was added by veteran stable kernel developer Greg KH, who described the change as, “add[ing] native kernel support for a sane VPN.”
Before users can natively enable a VPN using the WireGuard protocol on Android 12, though, Google needs to add APIs to interface with the kernel module. One might expect that that’s exactly what Google will be working on next, and we’ll be keeping an eye out on AOSP to track the progress of WireGuard support in next year’s Android release.
Interested Pixel users can take advantage of this kernel acceleration right now by rooting their device and installing the prebuilt kernel module. On other devices, you can flash a custom kernel that advertises WireGuard support from the XDA forums. For users without root, the WireGuard app still works great and remains the fastest VPN out there. To learn more, download the WireGuard app from Google Play on your Android smartphone or Android TV device. And if you’re interested in contributing to the project, you can reach out to the WireGuard development team—they’re actively seeking a new maintainer for the Android app.
Update 1: Enabled in android-4.19-stable tree
WireGuard VPN will be supported by all Linux kernel versions supported by Android 12. Following its merger to the android12-5.4 tree of the Android Common Kernel, native kernel support for WireGuard has been added to the android-4.19-stable tree. This means that kernel acceleration for WireGuard will be supported in Android 12 on devices with Linux Kernel 4.19 as well as 5.4, though it remains to be seen whether or not Google will add APIs to interface with the kernel module in time for the stable release of Android 12.