WireGuard keeps breaking it, now it's OpenBSD who adopts the protocol


Jason A. Donenfeld, author of VPN WireGuard, announced the adoption of OpenBSD's main "wg" driver for the protocol WireGuard, the implementation of a specific network interface, and changes to the tools that work in the user space.

Thus, OpenBSD is positioned as the second operating system after Linux with complete and integrated WireGuard support.

The patches include a driver for the OpenBSD kernel, changes to the ifconfig and tcpdump utilities with support for the WireGuard functionality, documentation, and minor changes to integrate WireGuard with the rest of the system. WireGuard is expected to be included in the OpenBSD 6.8 release.

Let us remember that in the last quarter of last year the author of the protocol was the one who also announced the acceptance and introduction of the code in the Linux Kernel network stack and later it was Linus Torvalds himself who accepted the code.

Based on project discussions, although there is still testing to be done, it should be released in the next major version of the Linux kernel, version 5.6, in the first or second quarter of 2020, as WireGuard received approval from Linus Torvalds to integrate into Linux.

About WireGuard

The controller uses its own implementation of the algorithms blake2s, hchacha20 and curve25519, as well as the SipHash implementation already present in the OpenBSD kernel.

The implementation is compatible with all official WireGuard clients for Linux, Windows, macOS, * BSD, iOS and Android.

Performance tests on the developer's laptop (Lenovo x230) showed a bandwidth of 750 mbit / s. To compare isakmpd with the basic configuration, ike psk provides a bandwidth of 380 mbit / s.

Matt Dunwoodie and I have been working on this for quite some time. Now, with some point, Matt has even shown up on my doorstep in Paris to push the effort further. This marks the culmination of quite a bit of effort, and certainly a multi-year project for Matt.

I should also note that the OpenBSD upload process was extremely pleasant.

We did three patch reviews, with helpful feedback on each one and a very supportive community.

I imagine this job will ship with OpenBSD 6.8.

When developing a controller for the core of OpenBSD, some architectural solutions similar to Linux driver selected, but the driver was developed primarily for OpenBSD, taking into account the specifics of this system and taking into account the experience gained when creating the driver for Linux.

With the consent of the original WireGuard author, the code for the new controller is fully distributed under a free ISC license.

The controller tightly integrates with the OpenBSD networking stack and it uses existing subsystems, which makes the code very compact (around 3.000 lines of code).

Of the differencesAlso a separation of non-Linux driver components is observed: OpenBSD specific interfaces are moved to "if_wg. * »Files, the DoS protection code is in« wg_cookie. * ", And the connection negotiation and encryption logic is in" wg_noise. *

Finally, it seems that the efforts made by the WireGuard team in making a large number of changes within the application code they have borne fruit.

And is that unlike its old rivals, which is intended to replace, its code is much cleaner and simpler. According to the project specifications, WireGuard works by encapsulating IP packets securely over UDP. Its authentication and interface design have more to do with Secure Shell (SSH) than other VPNs.

It must be taken into account that is still in full developmentBut it could already be considered the safest, easiest to use, and simplest VPN solution in the industry. It is a secure Layer 3 VPN solution.

If you are interested in knowing more about the news, you can check the messages within the mailing lists de wire guard y openbsd.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published.



  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.