WireGuard: A Kernelspace VPN with Cutting-edge Cryptography

jason-donenfeld-photo

WireGuard is an upcoming project to replace IPSec with a newer more modern and secure VPN protocol. It lives inside the kernel and provides a very simple and novel interface for setting up secure encrypted network tunnels. All the cryptography is cutting edge — DJB’s Curve25519, ChaCha20, and Poly1305 — and deployment aims to be a model as simple as SSH’s authorized_keys file.

There are a number of interesting kernel programming techniques that have been utilized to make this extremely performant, and some interesting uses of the netdevice sub queuing system.

This talk will introduce this exciting project and I will ask for feedback from the kernel community.

Jason A. Donenfeld