WireGuard is in net-next

567 点作者 piliberto超过 5 年前

26 条评论

If anyone wants some more docs and examples for Wireguard usage, I made some here: <a href="https://github.com/pirate/wireguard-docs" rel="nofollow">https://github.com/pirate/wireguard-docs</a>- how it works internally- how the routing works in different topologies- a few complex and simple example setups- performance expectations- security model, key & config distribution- setting up wireguard for, or inside of docker- GUI tools and other wireguard-related software- links to other tutorials, references, guides

评论 #21746978 未加载

评论 #21759700 未加载

评论 #21751221 未加载

zx2c4超过 5 年前

Release announcements are here:<a href="https://lists.zx2c4.com/pipermail/wireguard/2019-December/004704.html" rel="nofollow">https://lists.zx2c4.com/pipermail/wireguard/2019-December/00...</a><a href="https://lists.zx2c4.com/pipermail/wireguard/2019-December/004711.html" rel="nofollow">https://lists.zx2c4.com/pipermail/wireguard/2019-December/00...</a><a href="https://lkml.org/lkml/2019/12/8/257" rel="nofollow">https://lkml.org/lkml/2019/12/8/257</a>

评论 #21743981 未加载

评论 #21744823 未加载

majewsky超过 5 年前

If I understand the kernel development process correctly, this means it's on track to land in 5.6 (since 5.4 is the current stable and the merge window for 5.5 is already closed). Correct?

评论 #21741897 未加载

samgranieri超过 5 年前

This is very welcome news! I had a seamless time using wireguard (via a streisand installation) on my honeymoon in Italy on my phone and more importantly, my wife's phone. It worked seamlessly.Next up I'd like to see this be an easy config option in Unifi's network managment tools

评论 #21743478 未加载

评论 #21742894 未加载

评论 #21747537 未加载

评论 #21746099 未加载

pedrocr超过 5 年前

I've been using tinc[1] as a way to get a mesh VPN on all my machines that works even if some of them are behind restrictive firewalls. It works really well and I've automated the setup with puppet so I just deploy it automatically any time I bring up a machine. Highly recommended.Anyone know if there has been any recent work on making wireguard cover this use case? I'm not really worried about security as I treat this overlay network as just as insecure as any other (running ssh over it) and mitigate exploits by running the tinc daemon as a normal user. But it would still be nice to get more performance and security from an in-kernel quality solution like wireguard.[1] <a href="https://tinc-vpn.org/" rel="nofollow">https://tinc-vpn.org/</a>

评论 #21747002 未加载

评论 #21745408 未加载

crawshaw超过 5 年前

If you haven't given WireGuard a try yet, now is a good time.Securely and reliably connecting all my devices with WireGuard was a big reminder to me that there's a much better internet hiding under the hub-and-spoke consumer services model. The internet can be so much more than our phones connecting to large data centers.

评论 #21742952 未加载

Havoc超过 5 年前

Yes!Hoping this will will have a pervasive effect like https in the networking world, esp for point to points that glue things together behind the scene. Encrypt all the things!

评论 #21742391 未加载

评论 #21742769 未加载

F00Fbug超过 5 年前

This is a big step forward!I'm hoping that the 1.0 release will prompt Netgate to consider inclusion in pfSense.

评论 #21744037 未加载

评论 #21744927 未加载

haywirez超过 5 年前

Great experience with WireGuard so far, but does anyone know a simpler way to use it over networks where UDP is blocked (e.g. university Wi-Fi)? I've only found this comment[1].[1] <a href="https://news.ycombinator.com/item?id=17847008" rel="nofollow">https://news.ycombinator.com/item?id=17847008</a>

评论 #21743557 未加载

评论 #21743374 未加载

loxias超过 5 年前

I'm excited by this, but I'd really love a userspace C or C++ implementation. I know that context switching syscalls take time, but I've enjoyed the trend of the last 10 years towards more userspace services, not less. (I'm particularly thinking of filesystems in userspace and block devices in userspace)Still, cool. cool, cool cool. I wonder how long until it's in debian.

评论 #21743295 未加载

评论 #21743014 未加载

评论 #21744928 未加载

fffrantz超过 5 年前

Great news. They've been hard at work for a while and it's finally come to fruition. Congrats

评论 #21741980 未加载

ralala超过 5 年前

I'm running wireguard in production on ~50 VMs for over a year (centos). Zero problems yet.

评论 #21743158 未加载

hsivonen超过 5 年前

Does there exist an effort encapsulate WireGuard in HTTP/3 or, when UDP is blocked, in HTTP/2?

7ewis超过 5 年前

Does this mean WireGuard will be moving to stable?My VPN provider has said they won't support WireGuard until it hits 1.0

评论 #21742102 未加载

评论 #21742275 未加载

评论 #21743227 未加载

评论 #21742372 未加载

novok超过 5 年前

What is the timeline for making wireguard viable for commerical VPNs?"""There's a few fundamental issues with wireguard that make it relatively unsuitable for commercial VPNs with many customers.For a start, if you want to offer customers multiple concurrent devices, each device needs it's own key, and all keys for all customers' devices need to be loaded into kernel memory and cross checked against every packet received, which as you might imagine gets incredibly unwieldy and could savagely impact the performance of PIA servers.When wireguard has the ability to hook a userspace daemon when it receives a valid-looking packet with unrecognised encryption, it'll be a lot closer to usable in commercial contexts, as the daemon could poke a database or cache to load the required keys on demand"""<a href="https://www.reddit.com/r/PrivateInternetAccess/comments/d1blo2/wireguard_update/ezk41ix/" rel="nofollow">https://www.reddit.com/r/PrivateInternetAccess/comments/d1bl...</a>

评论 #21747348 未加载

doctoboggan超过 5 年前

I recently started using OpenVPN (My router comes with it pre-installed).Does anyone know how this compares with OpenVPN? Is is worth setting up my own wiregaurd machine?

评论 #21744636 未加载

评论 #21744520 未加载

评论 #21745371 未加载

finchisko超过 5 年前

Sorry for off topic, but is there any way, how to setup wireguard (or any VPN) to be used for just single app (lets say Firefox) and not system wide on macOS? Something similar to <a href="https://github.com/darkk/redsocks" rel="nofollow">https://github.com/darkk/redsocks</a> with ssh and setting up proxy in Firefox?

评论 #21749961 未加载

_verandaguy超过 5 年前

This is great news! I've been a wg user on an EdgeRouter for a little over a year now, and the experience is always just so _seamless_. The architecture of this thing's a beaut.That news aside, this is an outstanding commit message. The kernel never disappoints on those.

funkyshit超过 5 年前

what does this mean for users of wireguard? An explanation for linux noobs?

评论 #21742005 未加载

ikeboy超过 5 年前

Is there a simple way to tunnel specific apps only through wireguard?

评论 #21743088 未加载

评论 #21743076 未加载

评论 #21743138 未加载

评论 #21743079 未加载

rswail超过 5 年前

Awesome development!

tbrock超过 5 年前

When will we see support for this built into iOS?

评论 #21743856 未加载

评论 #21746566 未加载

评论 #21743816 未加载

baybal2超过 5 年前

How it fares against IPSec?

评论 #21743235 未加载

评论 #21742052 未加载

评论 #21742172 未加载

评论 #21742671 未加载

评论 #21742068 未加载

wyldfire超过 5 年前

Next stop: NT and XNU?

mangix超过 5 年前

About time

nif2ee超过 5 年前

This will mean a lot for the future of WireGuard and VPNs if it catches Ubuntu 20.04

评论 #21743030 未加载

评论 #21742289 未加载