WireGuard VPN protocol makes its way to Linux Kernel 5.6
Virtual Private Networks, or VPNs, can be an essential tool in the digital age. Due to growing privacy concerns or simple geolocation barriers, more and more users are taking advantage of the increased privacy and versatility afforded by VPNs that they trust. With COVID-19 forcing millions of workers to stay at home, many are forced to use company-owned VPNs to work remotely. In the last few years, a new VPN implementation has taken root among tech enthusiasts, and it’s finally going to become accessible to millions of users in the near future. The name of that new implementation is WireGuard, developed by Jason Donenfeld, who goes by the username zx2c4 on our forums. Yesterday, he announced that WireGuard version 1.0 is a part of Linux Kernel 5.6 (via ArsTechnica).
In comparison to OpenVPN, IPSec, and other popular VPN implementations, WireGuard has a considerably smaller codebase, which reduces the attack surface. It is easy to configure and has faster connection negotiations than OpenVPN. There are also performance and power efficiency improvements. There are some limitations to the protocol, however. Still, because of the benefits that it brings, the Linux Kernel community has come around to supporting it. After getting the crypto implementation into the kernel, WireGuard is now available in-tree with Linux Kernel 5.6. Any user running a distribution with Linux Kernel 5.6 can get started with a WireGuard client. While bleeding-edge distributions like Arch and Gentoo will quickly upgrade to Linux Kernel 5.6, other distributions that focus on stability like Ubuntu or Debian will take some time to make the upgrade. Mr. Donenfeld, however, states that WireGuard has been backported to Ubuntu 20.04 “Focal Fossa” and Debian Buster and that he is also maintaining backports to Linux Kernel version 5.4.y and 5.5.y.
As for Android, most users will have to wait a bit before they can use WireGuard VPN tunnels. Even though Android is built on top of the Linux kernel, the kernel running on most Android devices is fairly out of date. For example, my Pixel 3 running Android 11 is built on top of Linux Kernel 4.9, released back in 2016. Vendors can backport the kernel patches needed for WireGuard into the device’s older kernel tree, but there’s no telling if that’ll actually happen. Most likely we’ll have to wait for Google to start a new Android Common Kernel branch for the latest Linux kernel release followed by silicon manufacturers productizing new SoCs based on the newer release, but this may take some time to happen. Meanwhile, expect to see WireGuard grow in popularity among custom kernels on our forums.
Though the integration of WireGuard into the mainline Linux Kernel is definitely a welcome move that will excite many sysadmins and some users, we hope to see the new VPN protocol make its way to more platforms. As of now, the Windows version of WireGuard sits at 0.1.0 beta. Since its initial preview release, WireGuard 0.1.0 for Windows has made major improvements to performance and stability, so we should hopefully see a stable release in the near future.