https://arstechnica.com/gadgets/2021/03/freebsd-kernel-mode-wireguard-moves-forward-out-of-tree/

Skip to main content
 

  * Biz & IT
  * Tech
  * Science
  * Policy
  * Cars
  * Gaming & Culture
  * Store
  * Forums

Subscribe
 
[                    ]
Close
 

Navigate

  * Store
  * Subscribe
  * Videos
  * Features
  * Reviews

  * RSS Feeds
  * Mobile Site

  * About Ars
  * Staff Directory
  * Contact Us

  * Advertise with Ars
  * Reprints

Filter by topic

  * Biz & IT
  * Tech
  * Science
  * Policy
  * Cars
  * Gaming & Culture
  * Store
  * Forums

Settings

Front page layout


Grid

List

Site theme

Black on white
White on black
Sign in

Comment activity

Sign up or login to join the discussions!

[                    ] [                    ] [Submit] [ ] Stay
logged in | Having trouble? 
Sign up to comment and more Sign up

vpn in the box --

FreeBSD kernel-mode WireGuard moves forward out-of-tree

Development has been moved to Donenfeld's own zx2c4.com for the time
being.

Jim Salter - Mar 17, 2021 10:00 pm UTC

 <em>Pop</em> goes the tunnel! 
Enlarge /  Pop goes the tunnel! 
Aurich Lawson

reader comments

57 with 42 posters participating, including story author

Share this story

  * Share on Facebook
  * Share on Twitter
  * Share on Reddit

 

Further Reading

In-kernel WireGuard is on its way to FreeBSD and the pfSense router
Earlier this week, we covered progress integrating an implementation
of the WireGuard VPN protocol into the FreeBSD kernel. Two days
later, there's an update--kernel-mode WireGuard has been moved out of
FreeBSD 13 development entirely for the time being.

The change only affects kernel-mode WireGuard. User-mode WireGuard
has been available in FreeBSD since 2019 and remains unaffected. If
you pkg install wireguard, you get user-mode WireGuard, better known
as wireguard-go. Wireguard-go is potentially less performant than
kernel-mode, but it's stable and more than fast enough to keep up
with most use cases.

The removal is actually good news for FreeBSD users and WireGuard
users. Although the new kernel work done by WireGuard founder Jason
Donenfeld, FreeBSD developer Kyle Evans, and OpenBSD developer Matt
Dunwoodie represented a clear step forward, it was deemed too rushed
to go out in a production kernel. This is a decision heartily
endorsed by Donenfeld himself, who prefers a steadier development
process with more code reviews and consensus.

Advertisement

Donenfeld announced the migration of development from FreeBSD
13-CURRENT to his own git repository earlier today. The new snapshot
no longer relies on ifconfig extensions to build tunnels; it uses
wg and wg-quick commands similar to Linux, Windows, and Android
builds instead. Although the code works, Donenfeld warns that it
shouldn't be considered production-ready yet:

    At this time this code is new, unvetted, possibly buggy, and
    should be considered "experimental". It might contain security
    issues. We gladly welcome your testing and bug reports, but do
    keep in mind that this code is new, so some caution should be
    exercised at the moment for using it in mission critical
    environments.

    In my small testing so far, however, it seems to "basically
    work". And at the very least, those relying on the code that was
    prior in the FreeBSD tree now have some immediate continuity.

    Over the next days and weeks, it can be expected that this
    repository will improve and grow.

    Enjoy!

Eventually, this kernel-mode FreeBSD WireGuard should be available
from FreeBSD's ports tree. For the moment, those interested in
testing it will need to git clone it from the WireGuard repos
themselves, followed by the BSD-style make load ; make
install commands to build from source.

This is an ongoing story, and we will continue to follow events as
they develop.

reader comments

57 with 42 posters participating, including story author

Share this story

  * Share on Facebook
  * Share on Twitter
  * Share on Reddit

 
Jim Salter Jim is an author, podcaster, mercenary sysadmin, coder,
and father of three--not necessarily in that order. Email
jim.salter@arstechnica.com // Twitter @jrssnet
Advertisement

You must login or create an account to comment.

Channel Ars Technica

- Previous story Next story -

Related Stories

Sponsored Stories

Powered by

Today on Ars

  * Store
  * Subscribe
  * About Us
  * RSS Feeds
  * View Mobile Site

  * Contact Us
  * Staff
  * Advertise with us
  * Reprints

Newsletter Signup

Join the Ars Orbital Transmission mailing list to get weekly updates
delivered to your inbox.

Sign me up -
 

CNMN Collection
WIRED Media Group
(c) 2021 Conde Nast. All rights reserved. Use of and/or registration on
any portion of this site constitutes acceptance of our User Agreement
(updated 1/1/20) and Privacy Policy and Cookie Statement (updated 1/1
/20) and Ars Technica Addendum (effective 8/21/2018). Ars may earn
compensation on sales from links on this site. Read our affiliate
link policy.
Your California Privacy Rights | Do Not Sell My Personal Information
The material on this site may not be reproduced, distributed,
transmitted, cached or otherwise used, except with the prior written
permission of Conde Nast.
Ad Choices