Today Linus moved the net-next branch with VPN interfaces to himself . About this event on the WireGuard mailing list.
We are currently collecting code for the new Linux 5.6 kernel. WireGuard is a fast, next-generation VPN with state-of-the-art cryptography. It was originally developed as a simpler and more convenient alternative to existing VPNs. The author is Canadian information security specialist Jason A. Donenfeld. In August 2018 WireGuard by Linus Torvalds. Around that time, work began to include VPN in the Linux kernel. The process took a little longer.
βI see that Jason has made a pull request to include WireGuard in the kernel,β Linus wrote on August 2, 2018. Can I just reiterate my love for this VPN and hope for a merger soon? The code may not be perfect, but I reviewed it, and compared to the horrors of OpenVPN and IPSec, it's a true work of art."
Despite the wishes of Linus, the merger dragged on for a year and a half. The main problem turned out to be in relation to their own implementations of cryptographic functions, which were used to improve performance. After lengthy negotiations, in September 2019 it was transfer patches to the Crypto API functions available in the kernel, to which WireGuard developers have claims in the field of performance and general security. But we decided to separate the native crypto functions of WireGuard into a separate low-level Zinc API and eventually port them to the kernel. In November, the kernel developers kept their promise and move part of the code from Zinc to the main core. For example, in the Crypto API fast implementations of the ChaCha20 and Poly1305 algorithms prepared in WireGuard.
Finally, on December 9, 2019, David S. Miller, who is in charge of the networking subsystem of the Linux kernel, to the net-next branch with the implementation of the VPN interface from the WireGuard project.
And today, January 29, 2020, the changes went to Linus for inclusion in the core.
Claimed advantages of WireGuard over other VPN solutions:
- Easy to use.
- Uses modern cryptography: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, etc.
- Compact readable code, easier to investigate for vulnerabilities.
- High performance.
- Clear and crafted .
The entire core logic of WireGuard is less than 4000 lines of code, while OpenVPN and IPSec are hundreds of thousands of lines.
βWireGuard uses the concept of encryption key routing, which involves binding a private key to each network interface and using public keys to bind. The exchange of public keys to establish a connection is similar to SSH. To negotiate keys and connect without running a separate user-space daemon, the Noise_IK mechanism from , similar to maintaining authorized_keys in SSH. Data transmission is carried out through encapsulation in UDP packets. It supports changing the IP address of the VPN server (roaming) without breaking the connection with automatic client reconfiguration, β open net.
For encryption stream cipher and Message Authentication Algorithm (MAC) , designed by Daniel Bernstein (), Tanja Lange and Peter Schwabe. ChaCha20 and Poly1305 are positioned as faster and more secure analogues of AES-256-CTR and HMAC, the software implementation of which allows achieving a fixed execution time without involving special hardware support. To generate a shared secret key, the Diffie-Hellman protocol on elliptic curves is used in the implementation , also proposed by Daniel Bernstein. Algorithm used for hashing Β».
The results from the official site:
Bandwidth (Mbps)
Ping (ms)
Test configuration:
- Intel Core i7-3820QM and Intel Core i7-5200U
- Gigabit cards Intel 82579LM and Intel I218LM
- Linux 4.6.1
- WireGuard Configuration: 256-bit ChaCha20 with Poly1305 for MAC
- First IPsec configuration: 256-bit ChaCha20 with Poly1305 for MAC
- Second IPsec configuration: AES-256-GCM-128 (with AES-NI)
- OpenVPN configuration: 256-bit AES equivalent cipher suite with HMAC-SHA2-256, UDP mode
- Performance was measured using
iperf3, shows the average result over 30 minutes.
Theoretically, once integrated into the networking stack, WireGuard should be even faster. But in reality, this will not necessarily be the case due to the transition to the cryptographic functions of the Crypto API built into the kernel. Perhaps not all of them are yet optimized to the performance level of native WireGuard.
βFrom my point of view, WireGuard is generally ideal for the user. All low-level decisions are made in the specification, so the process of preparing a typical VPN infrastructure takes only a few minutes. It is almost impossible to confuse in the configuration, - on HabrΓ© in 2018. - Installation process on the official website, I would like to separately note the excellent . Such ease of use and compactness of the code base was achieved by refusing to distribute keys. There is no complex certificate system and all this corporate horror, short encryption keys are distributed approximately like SSH keys.
The WireGuard project has been developing since 2015, it has been audited and . WireGuard support is integrated into NetworkManager and systemd, and kernel patches are included in the base distributions of Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, and ALT.
Source: habr.com