Today Linus moved the net-next branch with VPN interfaces to himself wire guard. About this event ΡΠΎΠΎΠ±ΡΠΈΠ»ΠΈ on the WireGuard mailing list.
We are currently collecting code for the new Linux 5.6 kernel. WireGuard is a fast, next-generation VPN with state-of-the-art cryptography. It was originally developed as a simpler and more convenient alternative to existing VPNs. The author is Canadian information security specialist Jason A. Donenfeld. In August 2018 WireGuard praised by Linus Torvalds. Around that time, work began to include VPN in the Linux kernel. The process took a little longer.
βI see that Jason has made a pull request to include WireGuard in the kernel,β Linus wrote on August 2, 2018. Can I just reiterate my love for this VPN and hope for a merger soon? The code may not be perfect, but I reviewed it, and compared to the horrors of OpenVPN and IPSec, it's a true work of art."
Despite the wishes of Linus, the merger dragged on for a year and a half. The main problem turned out to be in relation to their own implementations of cryptographic functions, which were used to improve performance. After lengthy negotiations, in September 2019 it was a compromise decision was made transfer patches to the Crypto API functions available in the kernel, to which WireGuard developers have claims in the field of performance and general security. But we decided to separate the native crypto functions of WireGuard into a separate low-level Zinc API and eventually port them to the kernel. In November, the kernel developers kept their promise and agreed move part of the code from Zinc to the main core. For example, in the Crypto API included fast implementations of the ChaCha20 and Poly1305 algorithms prepared in WireGuard.
Finally, on December 9, 2019, David S. Miller, who is in charge of the networking subsystem of the Linux kernel, accepted the to the net-next branch patches with the implementation of the VPN interface from the WireGuard project.
And today, January 29, 2020, the changes went to Linus for inclusion in the core.
Claimed advantages of WireGuard over other VPN solutions:
Easy to use.
Uses modern cryptography: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, etc.
Compact readable code, easier to investigate for vulnerabilities.
The entire core logic of WireGuard is less than 4000 lines of code, while OpenVPN and IPSec are hundreds of thousands of lines.
βWireGuard uses the concept of encryption key routing, which involves binding a private key to each network interface and using public keys to bind. The exchange of public keys to establish a connection is similar to SSH. To negotiate keys and connect without running a separate user-space daemon, the Noise_IK mechanism from Noise Protocol Framework, similar to maintaining authorized_keys in SSH. Data transmission is carried out through encapsulation in UDP packets. It supports changing the IP address of the VPN server (roaming) without breaking the connection with automatic client reconfiguration, β ΠΏΠΈΡΠ΅Ρ open net.
For encryption used stream cipher ChaCha20 and Message Authentication Algorithm (MAC) Poly1305, designed by Daniel Bernstein (Daniel J. Bernstein), Tanja Lange and Peter Schwabe. ChaCha20 and Poly1305 are positioned as faster and more secure analogues of AES-256-CTR and HMAC, the software implementation of which allows achieving a fixed execution time without involving special hardware support. To generate a shared secret key, the Diffie-Hellman protocol on elliptic curves is used in the implementation Curve25519, also proposed by Daniel Bernstein. Algorithm used for hashing BLAKE2s (RFC7693)Β».
WireGuard Configuration: 256-bit ChaCha20 with Poly1305 for MAC
First IPsec configuration: 256-bit ChaCha20 with Poly1305 for MAC
Second IPsec configuration: AES-256-GCM-128 (with AES-NI)
OpenVPN configuration: 256-bit AES equivalent cipher suite with HMAC-SHA2-256, UDP mode
Performance was measured using iperf3, shows the average result over 30 minutes.
Theoretically, once integrated into the networking stack, WireGuard should be even faster. But in reality, this will not necessarily be the case due to the transition to the cryptographic functions of the Crypto API built into the kernel. Perhaps not all of them are yet optimized to the performance level of native WireGuard.
The WireGuard project has been developing since 2015, it has been audited and formal verification. WireGuard support is integrated into NetworkManager and systemd, and kernel patches are included in the base distributions of Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, and ALT.