From normal Linux users to Linux creator Linus Torvalds, everyone is in awe of WireGuard. What is WireGuard and what makes it so special?
What is WireGuard?
WireGuard is an easy to configure, fast, and secure open source VPN that utilizes state-of-the-art cryptography. It’s aim is to provide a faster, simpler and leaner general purpose VPN that can be easily deployed on low-end devices like Raspberry Pi to high-end servers.
Most of the other solutions like IPsec and OpenVPN were developed decades ago. Security researcher and kernel developer Jason Donenfeld realized that they were slow and difficult to configure and manage properly.
This made him create a new open source VPN protocol and solution which is faster, secure easier to deploy and manage.
WireGuard was originally developed for Linux but it is now available for Windows, macOS, BSD, iOS and Android. It is still under heavy development.
Why is WireGuard so popular?
Apart from being a cross-platform, one of the biggest plus point for WireGuard is the ease of deployment. Configuring and deploying WireGuard is as easy as configuring and using SSH.
Look at WireGuard set up guide. You install WireGuard, generate public and private keys (like SSH), set up firewall rules and start the service. Now compare it to the OpenVPN set up guide. There are way too many things to do here.
Another good thing about WireGuard is that it has a lean codebase with just 4000 lines of code. Compare it to 100,000 lines of code of OpenVPN (another popular open source VPN). It is clearly easier to debug WireGuard.
Don’t go by its simplicity. WireGuard supports all the state-of-the-art cryptography like like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions.
Since WireGuard runs in the kernel space, it provides secure networking at a high speed.
These are some of the reasons why WireGuard has become increasingly popular. Linux creator Linus Torvalds loves WireGuard so much that he is merging it in the Linux Kernel 5.6:
Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.Linus Torvalds
If WireGuard is already available, then what’s the fuss about including it in Linux kernel?
This could be confusing to new Linux users. You know that you can install and configure a WireGuard VPN server on Linux but then you also read the news that Linux Kernel 5.6 is going to include WireGuard. Let me explain it to you.
At present, you can install WireGuard on Linux as a kernel module. Regular applications like VLC, GIMP etc are installed on top of the Linux kernel (in user space), not inside it.
When you install WireGuard as a kernel module, you are basically modifying the Linux kernel on your own and add some code to it. Starting kernel 5.6, you won’t need manually add the kernel module. It will be included in the kernel by default.
The inclusion of WireGuard in Kernel 5.6 will most likely extend the adoption of WireGuard and thus change the current VPN scene.
WireGuard is gaining popularity for the good reasons. Some of the popular privacy focused VPNs like Mullvad VPN are already using WireGuard and the adoption is likely to grow in the near future.
I hope you have a slightly better understanding of WireGuard. Your feedback is welcome, as always.