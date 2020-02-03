Brief guide for VPN services

Whether you are in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

After years of development of WireGuard, a revolutionary approach to Virtual Private Networks (VPN) was finally accelerated to the Linux kernel. WireGuard is finally in the Linus Torvald code tree. That means that WireGuard must appear in the Linux kernel 5.6 release. This can already be in April 2020.

This has the potential to change everything about VPNs – not just in Linux, but throughout the VPN world. That’s because essentially all VPN services run on Linux servers. Some VPN services, such as StrongVPN and Mullvad VPN, have already seen writing on the wall and move their software stacks to WireGuard.

This is made easier because the WireGuard code, licensed under the open-source Gnu General Public License (GPL) version 2.0, is already available on Android, Windows, macOS, BSD Unix and iOS.

They do this because when one of the biggest fans of WireGuard – Linus Torvalds – said: “Can I just say my love for it again and hope it will be merged soon? Maybe the code is not perfect, but I skimmed it, and compared with the atrocities that are OpenVPN and IPSec, it is a work of art. ”

In more detail, WireGuard claims that “Compared to colossus such as * Swan / IPsec or OpenVPN / OpenSSL, where checking giant code bases is an overwhelming task, even for large teams of security experts, WireGuard is intended to be fully assessed by individuals ”

There is certainly something in this. The WireGuard code base has around 4,000 lines of code, while the popular OpenVPN has more than 100,000 lines. Which would you prefer to debug?

Despite this simplicity, WireGuard includes advanced cryptography technologies such as the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 and HKD. It has also been shown to be safe through an academically mechanized cryptographic proof.

While WireGuard is approaching mainstream acceptance in the Linux kernel, the maker, Jason Donenfeld, is still working on the rough side. The WireGuard site now states that “some parts of WireGuard are working on a stable 1.0 release, while others are already there”.

In a Linux Kernel Mailing List (LKML) message, Donenfeld added that he conducted multiple automated WireGuard code tests for different code structures on almost all Linux hardware architectures. And, meanwhile, “Although the CI (continuous integration) is currently focused on the Wireguard test series, it is in the habit of finding many bugs and regressions in other weird places. For example, Linux-next is currently failing in a few arches (architectures). “

There is no doubt that WireGuard, which has been under development since 2015, will be ready for prime time by the spring. By then, VPN developers already have WireGuard-powered VPN programs and services ready for both VPN service providers and end users.

This does not immediately put an end to other VPN technologies. But if WireGuard lives up to its promise, you can see the end from here. The VPN of tomorrow, on Linux and everywhere else, is based on WireGuard.

Related stories: