WireGuard in FreeBSD kernel mode exits the tree

by



[ad_1]

♫ <em> Pop </em> go into the tunnel! ♫ “/><figcaption class=
Enlarge /Pop go into the tunnel! ♫

Aurich Lawson

Earlier this week, we covered the progress of integrating a WireGuard VPN protocol implementation into the FreeBSD kernel. Two days later there is an update – WireGuard in kernel mode has been completely moved from FreeBSD 13 development for now.

The change only affects WireGuard in kernel mode. WireGuard User Mode has been available in FreeBSD since 2019 and remains unchanged. If you pkg install wireguard, you get WireGuard in user mode, better known as wireguard-go. Wireguard-go is potentially less powerful than kernel mode, but it’s stable and more than fast enough to handle most use cases.

The removal is actually good news for FreeBSD and WireGuard users. While the new kernel work done by WireGuard founder Jason Donenfeld, FreeBSD developer Kyle Evans, and OpenBSD developer Matt Dunwoodie represented a clear step forward, it was deemed too rushed to release in a production kernel. This is a decision fully endorsed by Donenfeld himself, who prefers a more regular development process with more code reviews and consensus.

Donenfeld announced the migration of FreeBSD 13-CURRENT development to his own git repository earlier today. The new snapshot is no longer based on ifconfig extensions to build tunnels; he uses wg and wg-quick commands similar to Linux, Windows, and Android versions instead. While the code is working, Donenfeld cautions that it shouldn’t be considered production ready yet:

At the moment, this code is new, unverified, possibly buggy, and should be considered “experimental”. It may contain security issues. We welcome your testing and bug reports, but keep in mind that this code is new, so some caution should be exercised at this time when using it in critical environments.

In my little testing so far, however, it seems to “basically work”. And at the very least, those that relied on code that was previously in the FreeBSD tree now have immediate continuity.

Over the next few days and weeks, we can expect this baseline to improve and expand.

Enjoy!

Finally, this FreeBSD WireGuard in kernel mode should be available in the FreeBSD ports tree. For now, those who wish to test it will have to git clone it from the WireGuard sits, followed by the BSD style make load ; make install commands to build from source.

It’s an ongoing story, and we’ll continue to follow events as they develop.

[ad_2]

Source link