For reference, I've never seen the built-in Windows VPN protocols exceed ~70 Mbps in any scenario. Maybe it's possible with a crossover cable between two Mellanox 100 Gbps NICs, using water-cooled and overclocked CPUs, but not over ordinary networks with ordinary servers.<p>I have gigabit wired Internet to a site with gigabit Internet. Typical performance of SSTP or IKEv2 is 15-30 Mbps. That's 1.5% to 3% max utilisation of the available bandwidth, which is just... sad.<p>It's not the specific site either, other vendor VPNs can easily achieve > 300 Mbps over the same path.<p>It's a year and a half into the pandemic, there are record numbers of people working from home, and Microsoft is the world's second biggest company right now.<p>Meanwhile, <i>volunteers</i> put together a protocol in their <i>spare time</i> that is not only more secure but can also easily do 7.5 Gbps!<p>That needs to be repeated: At least ONE HUNDRED TIMES faster than the "best" Microsoft can offer to their hundreds of millions of enterprise customers that are working from home.<p>Someone from Microsoft's networking team needs to read this, and then watch Casey Muratori's rant about Microsoft's poor track record with performance: <a href="https://www.youtube.com/watch?v=99dKzubvpKE" rel="nofollow">https://www.youtube.com/watch?v=99dKzubvpKE</a>
Very impressive performance:<p>> While performance is quite good right now (~7.5Gbps TX on my small test box),
not a lot of effort has yet been spent on optimizing it<p>> Jonathan Tooker reported to me that, on his system with an Intel AC9560 WiFi card, he gets
~600Mbps without WireGuard, ~600Mbps with wireguard-go/Wintun over Ethernet,
~95Mbps with wireguard-go/Wintun over WiFi, and ~600Mbps with WireGuardNT over
WiFi.<p>Congratulations to Simon and Jason! Very happy WireGuard user here.
The Wireguard team are simply brilliant. It's incredible how they have developed low-level, cross-platform solutions across Linux, OpenBSD, FreeBSD and now Windows.<p>I think they are truly exceptional programmers. It's hard to think of people who have come anywhere close to such an achievement.
This is exciting to me. I have tripped over every VPN technology listed on Wikipedia at one point or another during my career. Always open to something better.<p>I think IPSec or OpenVPN are probably the opposite of what WG is offering here... Microsoft's SSTP offering is actually not causing me any major frustration at the moment. I <i>almost</i> like using it. But, seeing these other comments telling tales of 600 megabit VPN wifi experiences... I'll check it out for sure.
On one hand I'm super excited for the performance and convenience of in-kernel WireGuard (huray!)<p>On the other I'm sad that once it's accepted into kernel, it won't be possible to add interesting changes (e.g. obfuscation, forward erasure correction, etc).<p>I'm torn apart :P
Will it be possible to fall back to the userspace implementation to use obfuscation software like shadowsocks? Or will it be deprecated?<p>Unfortunately the recent popularity means that almost all DPI software recognize the wireguard handshake.
While the driver can be licensed under GPLv2 (all kernel drivers needs to be signed by Microsoft*, and VirtIO is a precedent¤ that you can do it), I'm not sure if the header should be licensed under GPLv2, mainly because it would stifle Wireguard adoption.<p>* In ordinary conditions. Test-sign mode does exist.<p>¤ ... for example, these Red Hat versions: <a href="https://www.catalog.update.microsoft.com/Search.aspx?q=Red%20Hat" rel="nofollow">https://www.catalog.update.microsoft.com/Search.aspx?q=Red%2...</a>