Earlier this week, we covered the unified progress of the implementation of the Wireguard VPN protocol in the FreeBSD kernel. Two days later, there’s an update – the kernel-mode wireguard has been moved out of FreeBSD13 development for the time being.
The change only affects kernel-mode wireguards. User-status Wireguard is available in FreeBSD from 2019 and is outstanding, not affected. If you pkg install wireguard
, You get the user-status wireguard, which is better known wireguard-go
. Wireguard-Go is potentially less efficient than kernel-mode, but it’s stable and fast enough to keep up with most use cases.
Removal is really good news for FreeBSD users and Wireguard users. Although Wireguard founder Jason Donfeld, FreeBSD developer Kyle Evans and OpenBSD developer Matt Dunwoody presented a new kernel work step by step, it was believed that he was also preparing to move into a production kernel. This decision is backed by Donenfeld himself, who prefers a stable development process with more code reviews and consent.
Donfeld announced the shift of development to their own from FreeBSD 13-Currant git
Treasures early today. The new snapshot is no longer dependent ifconfig
Tunnel extensions; Uses it wg
And wg-quick
Similar commands for Linux, Windows and Android builds instead. Although the code works, Donfeld warns that it should not yet be considered product-ready:
This code is new, unwritten, possibly corrupt at the moment and should be considered “experimental”. It may have security issues. We welcome your testing and bug reports, but keep in mind that this code is new, so it is important to be a little more careful at the moment to use it in a mission critical environment.
In my small test so far, however, it seems to “work by default”. And at the very least, it depends on the code that was in the FreeBSD tree before, now there is a bit of immediate continuity.
In the following days and weeks, it can be expected that these reserves will improve and grow.
Enjoy!
Finally, this kernel mode should be available from the ports of FreeBSD Wireguard FreeBSD. For the moment, those interested in that test will need this git clone
He brings himself from the wireguard, then comes the BSD-style make load ; make install
Commands to build from source.
This is an ongoing story and we will continue to follow it as events unfold.