Linux kernel included WireGuard VPN

Today Linus has moved to itself a net-next branch with VPN interfaces Wireguard. About this event reported on the WireGuard mailing list.

Currently, code collection continues for the new Linux 5.6 kernel. WireGuard is a new generation fast VPN that incorporates modern cryptography. It was originally developed as a simpler and more convenient alternative to existing VPNs. The author is Canadian information security specialist Jason A. Donenfeld. In August 2018, WireGuard praised from Linus Torvalds. Around the time, work began on incorporating a VPN into the Linux kernel. The process was a little delayed.

“I see that Jason did a pool request to include WireGuard in the core,” Linus wrote on August 2, 2018. – Can I just once again declare my love for this VPN and hope for a speedy merger? The code may not be perfect, but I looked at it, and compared to the horrors of OpenVPN and IPSec, this is a real work of art. ”

Despite the wishes of Linus, the merger dragged on for a year and a half. The main problem turned out to be tied to their own implementations of cryptographic functions, which were used to increase productivity. After lengthy negotiations in September 2019, there were compromise made translate patches to the core features of the Crypto API, which WireGuard developers have complaints about in terms of performance and general security. But they decided to wire the native WireGuard crypto functions into a separate low-level Zinc API and eventually port them to the kernel. In November, core developers kept their promise and agreed transfer part of the code from Zinc to the main core. For example, in the Crypto API included WireGuard’s fast implementation of the ChaCha20 and Poly1305 algorithms.

After all, on December 9, 2019, David S. Miller, who is responsible for the Linux kernel networking subsystem, has accepted into the net-next branch patches with the implementation of the VPN interface from the WireGuard project.

And today, January 29, 2020, the changes went to Linus for inclusion in the kernel.

The declared advantages of WireGuard over other VPN solutions:

  • Easy to use.
  • Uses modern cryptography: Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, etc.
  • Compact readable code, easier to investigate for vulnerabilities.
  • High performance.
  • Clear and elaborate specification.

All the core logic of WireGuard takes up less than 4000 lines of code, while OpenVPN and IPSec are hundreds of thousands of lines.

“WireGuard uses the concept of encryption key routing, which involves binding a private key to each network interface and using it to bind public keys. Exchange of public keys for establishing a connection is carried out by analogy with SSH. To negotiate keys and connections without starting a separate daemon in the user space, the Noise_IK mechanism from Noise protocol frameworksimilar to maintaining authorized_keys in SSH. Data is transmitted through encapsulation in UDP packets. It supports changing the IP address of the VPN server (roaming) without disconnecting the connection with automatic reconfiguration of the client, – writes Opennet

For encryption is used stream cipher ChaCha20 and message authentication algorithm (MAC) Poly1305developed by Daniel Bernstein (Daniel J. Bernstein), Tanya Lange (Tanja Lange) and Peter Schwabe (Peter Schwabe). ChaCha20 and Poly1305 are positioned as faster and safer analogues of AES-256-CTR and HMAC, the software implementation of which allows to achieve a fixed run time without involving special hardware support. To generate a shared secret key, the Diffie-Hellman protocol is used on elliptic curves in the implementation Curve25519also proposed by Daniel Bernstein. The algorithm used for hashing is BLAKE2s (RFC7693)“.

results performance tests from the official website:

Bandwidth (megabits / s)

Ping (ms)

Test configuration:

  • Intel Core i7-3820QM and Intel Core i7-5200U
  • Gigabit Intel 82579LM and Intel I218LM cards
  • Linux 4.6.1
  • WireGuard Configuration: 256-Bit ChaCha20 with Poly1305 for MAC
  • IPsec First Configuration: 256-bit ChaCha20 with Poly1305 for MAC
  • Second IPsec Configuration: AES-256-GCM-128 (with AES-NI)
  • OpenVPN Configuration: Equivalent 256-bit AES Encryption Set with HMAC-SHA2-256, UDP Mode
  • Performance was measured using iperf3, shows the average result in 30 minutes.

Theoretically, after integration into the network stack, WireGuard should work even faster. But in reality, this will not necessarily be the case due to the transition to the cryptographic functions built into the core of the Crypto API. Perhaps not all of them are still optimized to the performance level of the native WireGuard.

“In my opinion, WireGuard is generally ideal for the user. All low-level decisions are made in the specification, so the process of preparing a typical VPN infrastructure takes only a few minutes. It is almost impossible to confuse the configuration, – they wrote on Habré in 2018. – Installation process described in detail on the official website, I would like to note excellent OpenWRT support. Such ease of use and compactness of the code base was achieved due to the rejection of the distribution of keys. There is no complicated certificate system and all this corporate horror; short encryption keys are distributed approximately like SSH keys. ”

The WireGuard project has been developing since 2015, it has passed an audit and formal verification. WireGuard support is integrated into NetworkManager and systemd, and kernel patches are part of the basic distributions of Debian Unstable, Mageia, Alpine, Arch, Gentoo, OpenWrt, NixOS, Subgraph, and ALT.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *