WireGuard is a new and performant VPN written by Jason A. Donenfeld. In the past, VPNs have been incredibly cumbersome to install and configure - speaking from personal experience, setting up even...
WireGuard is a new and performant VPN written by Jason A. Donenfeld. In the past, VPNs have been incredibly cumbersome to install and configure - speaking from personal experience, setting up even OpenVPN can be a bit of a nightmare between setting up config files, certificates, various packages and multitudes of config files.
WireGuard not only makes a VPN a joy to set up and use, it does so with an extremely small code base (~5000 LOC). It also outperforms classic VPNs - see https://www.wireguard.com/performance/ for details. The ip tool may be used to configure WireGuard interfaces on Linux in conjunction with the separately packaged wg (and optional wg-quick) tools. Configuration for WireGuard is not unlike SSH.
I'm extremely excited for Jason and everybody else that has been involved in WireGuard's development. For the code-inclined, I encourage you to review WireGuard's many different source repositories at https://git.zx2c4.com - it's extremely well written and serves as a source of inspiration, personally.
I'm extremely happy that I won't need to do sudo dnf remove wireguard-dkms && sudo dnf install wireguard-dkms anymore (My dkms stuff just stopped rebuilding for some reason and I never had the...
I'm extremely happy that I won't need to do sudo dnf remove wireguard-dkms && sudo dnf install wireguard-dkms anymore (My dkms stuff just stopped rebuilding for some reason and I never had the energy to figure out why. Well, I did figure it out once, but then it broke again after a few updates, and it was easier for me to just remove-install the whole thing)
I guess it depends on the repo you got it from. I was using a COPR repo (I assume you use fedora) and had this issue, but then wireguard got included in rpmfusion and never looked back.
I guess it depends on the repo you got it from. I was using a COPR repo (I assume you use fedora) and had this issue, but then wireguard got included in rpmfusion and never looked back.
I used instructions from Wireguard's site and then never checked them again. I see now that COPR is suggested for Fedora ≤31 and for 32 and higher it's included in the default repo. Thanks for the tip
I used instructions from Wireguard's site and then never checked them again. I see now that COPR is suggested for Fedora ≤31 and for 32 and higher it's included in the default repo. Thanks for the tip
Yeah... Anyway, it will be included in the 5.6 kernel, so you won't have to bother too much after that. It's really a great step for wireguard and easy VPN configuration for a lot of people. I...
Yeah... Anyway, it will be included in the 5.6 kernel, so you won't have to bother too much after that. It's really a great step for wireguard and easy VPN configuration for a lot of people. I have three of four VPN connections at work for various purposes and Cisco AnyConnect is one of the worst to configure - we use the openconnect implementation and had to ask the admins to try to not complicate the server config so it could work with it.
WireGuard's website used to have a disclaimer stating it is not audited for security purposes and should not be meant for production use. Did this change recently?
WireGuard's website used to have a disclaimer stating it is not audited for security purposes and should not be meant for production use. Did this change recently?
I found a StackExchange answer that quoted the previous disclaimer, which appears to be from 2018: And the current disclaimer: So it sounds like the 1.x versions (which I assume is what got merged...
I found a StackExchange answer that quoted the previous disclaimer, which appears to be from 2018:
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We're working toward a stable 1.0 release, but that time has not yet come. There are experimental snapshots tagged with "0.0.YYYYMMDD", but these should not be considered real releases and they may contain security vulnerabilities (which would not be eligible for CVEs, since this is pre-release snapshot software). If you are packaging WireGuard, you must keep up to date with the snapshots.
However, if you're interested in helping out, we could really use your help and we readily welcome any form of feedback and review. There's currently quite a bit of work to do on the project todo list, and the more folks testing this out, the better.
And the current disclaimer:
Some parts of WireGuard are working toward a stable 1.0 release, while others are already there. Current snapshots are generally versioned "0.0.YYYYMMDD" or "0.0.V", but these should not be considered real releases and they may contain security quirks (which would not be eligible for CVEs, since this is pre-release snapshot software). Current releases are generally versioned "1.x.YYYYMMDD".
So it sounds like the 1.x versions (which I assume is what got merged into the main Linux tree) are considered stable and ready for production use.
Ubuntu 20.04 LTS is likely shipping with a 5.5 kernel, but they've backported WireGuard into their kernel, so it'll be available for everyone running the new LTS without extra steps.
WireGuard is a new and performant VPN written by Jason A. Donenfeld. In the past, VPNs have been incredibly cumbersome to install and configure - speaking from personal experience, setting up even OpenVPN can be a bit of a nightmare between setting up config files, certificates, various packages and multitudes of config files.
WireGuard not only makes a VPN a joy to set up and use, it does so with an extremely small code base (~5000 LOC). It also outperforms classic VPNs - see https://www.wireguard.com/performance/ for details. The
iptool may be used to configure WireGuard interfaces on Linux in conjunction with the separately packagedwg(and optionalwg-quick) tools. Configuration for WireGuard is not unlike SSH.I'm extremely excited for Jason and everybody else that has been involved in WireGuard's development. For the code-inclined, I encourage you to review WireGuard's many different source repositories at https://git.zx2c4.com - it's extremely well written and serves as a source of inspiration, personally.
Here's an article posted today about how you can use WireGuard to set up a VPN through a Raspberry Pi: https://snikt.net/blog/2020/01/29/building-a-simple-vpn-with-wireguard-with-a-raspberry-pi-as-server/
I'm extremely happy that I won't need to do
sudo dnf remove wireguard-dkms && sudo dnf install wireguard-dkmsanymore (My dkms stuff just stopped rebuilding for some reason and I never had the energy to figure out why. Well, I did figure it out once, but then it broke again after a few updates, and it was easier for me to just remove-install the whole thing)I guess it depends on the repo you got it from. I was using a COPR repo (I assume you use fedora) and had this issue, but then wireguard got included in rpmfusion and never looked back.
I used instructions from Wireguard's site and then never checked them again. I see now that COPR is suggested for Fedora ≤31 and for 32 and higher it's included in the default repo. Thanks for the tip
Yeah... Anyway, it will be included in the 5.6 kernel, so you won't have to bother too much after that. It's really a great step for wireguard and easy VPN configuration for a lot of people. I have three of four VPN connections at work for various purposes and Cisco AnyConnect is one of the worst to configure - we use the openconnect implementation and had to ask the admins to try to not complicate the server config so it could work with it.
WireGuard's website used to have a disclaimer stating it is not audited for security purposes and should not be meant for production use. Did this change recently?
I found a StackExchange answer that quoted the previous disclaimer, which appears to be from 2018:
And the current disclaimer:
So it sounds like the 1.x versions (which I assume is what got merged into the main Linux tree) are considered stable and ready for production use.
Ubuntu 20.04 LTS is likely shipping with a 5.5 kernel, but they've backported WireGuard into their kernel, so it'll be available for everyone running the new LTS without extra steps.