Language Selection

English French German Italian Portuguese Spanish

WireGuard 1.0.0 for Linux 5.6 Released

Filed under
Linux
Security

Hi folks,

Earlier this evening, Linus released [1] Linus 5.6, which contains our
first release of WireGuard. This is quite exciting. It means that
kernels from here on out will have WireGuard built-in by default. And
for those of you who were scared away prior by the "dOnT uSe tHiS
k0de!!1!" warnings everywhere, you now have something more stable to
work with.

The last several weeks of 5.6 development and stabilization have been
exciting, with our codebase undergoing a quick security audit [3], and
some real headway in terms of getting into distributions.

We'll also continue to maintain our wireguard-linux-compat [2]
backports repo for older kernels. On the backports front, WireGuard
was backported to Ubuntu 20.04 (via wireguard-linux-compat) [4] and
Debian Buster (via a real backport to 5.5.y) [5]. I'm also maintaining
real backports, not via the compat layer, to 5.4.y [6] and 5.5.y [7],
and we'll see where those wind up; 5.4.y is an LTS release.

Meanwhile, the usual up-to-date distributions like Arch, Gentoo, and
Fedora 32 will be getting WireGuard automatically by virtue of having
5.6, and I expect these to increase in number over time.

Enjoy!
Jason

Read more

Also: WireGuard 1.0.0 Christened As A Modern Secure VPN Alternative To OpenVPN/IPsec

WireGuard VPN makes it to 1.0.0—and into the next Linux kernel

  • WireGuard VPN makes it to 1.0.0—and into the next Linux kernel

    We've been anticipating WireGuard's inclusion into the mainline Linux kernel for quite some time—but as of Sunday afternoon, it's official. Linus Torvalds released the Linux 5.6 kernel, which includes (among other things) an in-tree WireGuard. Phoronix has a great short list of the most interesting new features in the 5.6 kernel, as well as a longer "everything list" for those who want to make sure they don't miss anything.

Linux's WireGuard VPN is here and ready to protect you

  • Linux's WireGuard VPN is here and ready to protect you

    Linus Torvalds has released the newest version of the Linux 5.6. It includes many new and neat features like USB4 support, a fix for the 32-bit Epoch problem, multi-path TCP, and numerous driver patches. The biggest news of all s that Linux now has the popular open-source Virtual Private Network (VPN) WireGuard baked in.

    WireGuard is a radical new approach to VPNs. With its minimal codebase -- about 4,000 lines of code -- it's much easier to debug and secure than its rivals such as OpenVPN with its over 100,000 lines.

    Torvalds himself loves WireGuard for its simplicity. Long before he incorporated WireGuard into Linux, Tovalids said "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

Anthony Spadafora on WireGuard

  • WireGuard VPN added to Linux 5.6

    Linux users now have another choice when it comes to protecting themselves online as WireGuard VPN has been added to the Linux kernel in version 5.6.

    Up until now, the fast and flexible VPN, which was designed specifically for Linux implementations, was only available as a third-party addition. However, WireGuard VPN is now available by default with release of Linux 5.6.

    In an announcement, president and security researcher at Edge Security, Jason Donenfeld explained that future Linux kernels will have WireGuard built-in by default, saying...

EnterpriseNetworkingPlanet and Google

  • Linux 5.6 Debuts with Wireguard Secure VPN for Remote Networking

    On March 29, Linux creator Linus Torvalds released the Linux 5.6 kernel providing a long list of new features. Of particular note for networking professionals is the inclusion of WireGuard Virtual Private Network (VPN) open source technology. Work to include WireGuard directly into Linux has been ongoing since March 2019 though WireGuard development itself has been ongoing since 2015.

    At its core, WireGuard is a secure network tunnel written especially for Linux, and optimized for performance and ease of configuration.

    "It has been designed with the primary goal of being both easy to audit by virtue of being small and highly secure from a cryptography and systems security perspective," WireGuard creator Jason Donenfeld wrote in a Linux Kernel Mailing List (LKML) commit message.

    Even before WireGuard was directly integrated into Linux, it had been available in what is known as an out-of-tree module, as wall as userspace tools. By being directly integrated into Linux, WireGuard is now however even more accessible to a wider user community. In contrast with other options for VPN, WireGuard provides a very small attack surface for any potential attacker.

  • It's Looking Like Android Could Be Embracing WireGuard - "A Sane VPN"

    Following the release of Linux 5.6 and WireGuard 1.0 declared, Google has now enabled WireGuard within their Android open-source Linux kernel build.

    Android's Generic Kernel Image (GKI) now has the WireGuard support enabled as a built-in option as of yesterday. In the Git commit enabling it, Google's Greg Kroah-Hartman commented, "Add native kernel support for a sane VPN."

    The upstream WireGuard project has long offered an Android port available from the Play Store as a user-space implementation while it's promising that Google is now enabling the WireGuard support as part of the GKI kernel for Android. WireGuard was upstreamed in Linux 5.6 after years of development and working out the encryption kernel changes that previously held up its integration.

WireGuard VPN Gets Added to the Next Linux Kernel

  • WireGuard VPN Gets Added to the Next Linux Kernel

    I briefly mentioned WireGuard when I wrote of Cloudflare’s WARP beta. I think it’s something to add to your technology watch lists. It’s just not any old VPN app, it’s a VPN protocol that could very well replace current protocols like IPsec and OpenVPN, or at least be offered as an alternative.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's leftovers

  • Linux Magazine Celebrates 20 Years

    With Issue 240, Linux Magazine is celebrating its 20th year of print publication. Given the transformations that have taken place in Linux, open source, and in publishing during the past 20 years, this is a remarkable achievement. Reflecting on these changes, Linux Magazine editor-in-chief Joe Casad said, “I’m struck by how much Linux has changed since I started this job—and how much the publishing industry has itself remained in a perpetual state of reinvention. It is one thing when the subject of the magazine is continually transforming—and quite another when the very context in which you operate is a moving target.” [...] Linux Magazine has weathered the various industry shifts with consistency of vision and a small, dedicated workforce. Casad credits the internationally distributed team of professionals, “who stay calm under pressure and show up every day with ideas and good energy,” with much of the magazine’s long-running success.

  • Security updates for Thursday

    Security updates have been issued by Fedora (firefox, libproxy, mbedtls, samba, and zeromq), openSUSE (chromium and virtualbox), Red Hat (firefox and kernel), SUSE (cifs-utils, conmon, fuse-overlayfs, libcontainers-common, podman, libcdio, python-pip, samba, and wavpack), and Ubuntu (rdflib). 

  • LibreOffice Documentation Team Status

    While this progress in shortened documentation development time is fairly good, it can be substantially improved by having more contributors on the team. It would be terrific if all contributors were a skilled technical writers, but in reality anyone with a reasonable command of the English language and an eye for detail can make a valuable contribution. No contributor is expected to rewrite entire guide books, although some of our most experienced, long term contributors do exactly that. In fact nothing is expected or demanded of any contributor, other than to let other members of the team know what they what they have chosen to work on. In some cases that might be to update a chapter of an existing guide, or reviewing the work of another team member. Reviewing can take the form of proof reading, or researching the accuracy of the guide information in relation to the software’s actual operation. By identifying yourself as a Docs Team contributor does not mean you are making any permanent or long term commitment, many contributors come and go over long periods according to the demands of their “real” life.

  • Mozilla VR Blog: Firefox Reality 12

    The latest version of Firefox Reality for standalone VR headsets brings a host of long-awaited features we're excited to reveal, as well as improved stability and performance. [...] Look for Firefox Reality 12 available now in the HTC, Pico and Oculus stores. This feature-packed release of Firefox Reality will be the last major feature release for a while as we gear up for a deeper investment in Hubs. But not to worry! Firefox Reality will still be well supported and maintained on your favorite standalone VR platform.

  • Daniel Stenberg: everything curl five years

    At the time of that blog post, the book was already at 13,000 words and 115 written subsections. I still had that naive hope that I would have it nearly “complete” by the summer of 2016. Always the optimist. Today, the book is at over 72,000 words with content in 600 subsections – with just 21 subtitles noted “TBD” to signal that there’s still content to add there. The PDF version of it now clocks in at over 400 pages. I’ve come to realize and accept that it will never be “complete” and that we will just keep on working on it indefinitely since curl itself keeps changing and we keep improving and expanding texts in the book.

  • Amazon announces 'Luna', their own take on cloud game streaming

    Amazon Luna will give you access to certain Channels of games which you subscribe to. The first two announced are Amazon's own Luna+ to get access to a "growing" library and Ubisoft are also confirmed to have their own subscription channel coming to it too. The Luna+ subscription will have 100s of games from big names too like Resident Evil 7, Control, The Surge 2, A Plague Tale: Innocence and a great many more. By the time it launches, it's going to have quite a full library already.

  • How to Install Discord on Ubuntu & Linux Mint (GUI & CLI)
  • Granulate Applies AI to Linux Server Optimization

    Granulate today announced that a platform that leverages machine learning algorithms to optimize Linux server environments running on-premises or in the cloud is now generally available. [...] According to the company, more than 40,000 instances of gAgent have already been deployed by IT teams at PicsArt, Perion, AppsFlyer and Coralogix.

Programming Leftovers

  • In a world where up is down, it's heartwarming to know Internet Explorer still tops list of web dev pain points

    Web developers resent having to deal with Microsoft Internet Explorer and Apple Safari, which they cite among their top three pain points, alongside layout and styling inconsistencies among browsers. This finding comes from the Mozilla Developer Network's 2020 Browser Compatibility Report [PDF], a survey of web development concerns culled from 1,429 responses out of 3,236 – the remainder having been tossed for invalid or missing data. The purpose of the report is to alert the browser vendors to problems so they can be addressed.

  • chemfp's chemistry toolkit I/O API

    This is part of a series of essays about working with SD files at the record and simple text level. In the last two essays I showed examples of using chemfp to process SDF records and to read two record data items. In this essay I'll introduce chemfp's chemistry toolkit I/O API, which I developed to have a consistent way to handle structure input and output when working with the OEChem, RDKit, and Open Babel toolkits.

  • 10 Things We Picked Up From Code Reviewing

    Ever wondered what you could learn from a code review?

  • Mike Driscoll: CodingNomads Tech Talk Series!

    Recently CodingNomads invited me on their Tech Talk series. CodingNomads does online code camps for Python and Java. The Tech Talks are a series of videos that teach or talk about tech. In my case, I got to talk about my favorite programming language, Python!

  • Arm Begins Bringing Up Neoverse N2, Neoverse V1 Support In The GNU Toolchain

    It was just a few days ago that Arm outlined the Neoverse N2 "Perseus" design as a follow-on to the Neoverse N1 and coming concurrently to the next-generation Cortex-A. Now the company has already jumped on beginning their open-source/Linux enablement work around the Neoverse N2. There haven't been any Neoverse N2 additions yet to LLVM/Clang or GCC as the most interesting aspects where it would reveal any new instruction set extensions / capabilities not yet formally announced by Arm (there also isn't any patches out under review on that front either), but a patch out this morning adds Neoverse N2 support to the GNU Assembler (Gas).

  • autoconf-2.69c released [beta]
    We are pleased to announce beta release 2.69c of GNU Autoconf.
    
    This release includes two months of bug fixes since the previous beta,
    2.68b, and eight years of development work since the previous full
    release, 2.69.  See below for the list of significant changes since
    the previous beta.  See the NEWS file for a complete list of
    significant changes since 2.69.
    
    We tentatively plan to make the final release of Autoconf 2.70 at the
    end of October 2020.  Please test this beta with your autoconf
    scripts, and report any problems you find to the Savannah bug tracker:
    
       https://savannah.gnu.org/support/?func=additem&group=autoconf
    
    Please also send general comments and feedback to <autoconf@gnu.org>.
    
    Please also spread this announcement widely, so that as many Autoconf
    users as possible hear about it.
    
    Here are the compressed sources:
      https://alpha.gnu.org/gnu/autoconf/autoconf-2.69c.tar.gz   (2.0MB)
      https://alpha.gnu.org/gnu/autoconf/autoconf-2.69c.tar.xz   (1.3MB)
    
    Here are the GPG detached signatures[*]:
      https://alpha.gnu.org/gnu/autoconf/autoconf-2.69c.tar.gz.sig
      https://alpha.gnu.org/gnu/autoconf/autoconf-2.69c.tar.xz.sig
    
    Use a mirror for higher download bandwidth:
      https://www.gnu.org/order/ftp.html
    
    [*] Use a .sig file to verify that the corresponding file (without the
    .sig suffix) is intact.  First, be sure to download both the .sig file
    and the corresponding tarball.  Then, run a command like this:
    
      gpg --verify autoconf-2.69c.tar.gz.sig
    
    If that command fails because you don't have the required public key,
    then run this command to import it:
    
      gpg --keyserver keys.gnupg.net --recv-keys 384F8E68AC65B0D5
    
    and rerun the 'gpg --verify' command.
    
    This release was bootstrapped with the following tools:
      Automake 1.16.2
    
    Noteworthy changes and bug fixes since the previous beta (2.69b):
    
    * A performance regression in AC_PROG_CXX has been corrected.
      See https://savannah.gnu.org/support/index.php?110285 for details.
    
    * AC_PROG_YACC has been reverted to using ‘bison -y’.  After 2.70,
      we will instead add an AC_PROG_BISON macro for programs that
      require Bison extensions.
      See https://savannah.gnu.org/support/index.php?110266 for details.
    
    * AC_PROG_LEX no longer looks for a library providing the function
      ‘yywrap’.  LEXLIB will only be set to ‘-lfl’ or ‘-ll’ if a
      scanner that defines both ‘main’ and ‘yywrap’ itself still needs
      something else from that library.
    
      Packages should define yywrap themselves, or use %noyywrap.
    
    * When ‘$CC -E’ doesn’t run the C preprocessor, AC_PROG_CPP now looks
      in $PATH for ‘cpp’ before falling back to ‘/lib/cpp’.
    
    * AC_TYPE_PID_T now gives pid_t the correct definition on 64-bit
      native Microsoft Windows.
    
    * AC_INIT now trims extra white space from its arguments.  For instance,
    
        AC_INIT([  GNU  Hello  ], [1.0])
    
      will set PACKAGE_NAME to “GNU Hello”.
    
    * autoreconf will now run gtkdocize and intltoolize when appropriate.
    
    * autoreconf now avoids complaints from subsidiary tools about
      unknown warning categories.  For example, ‘autoreconf -Wcross’
      will no longer cause complaints from (current released versions of)
      aclocal and automake.
    
    * Generated configure scripts no longer fail catastrophically when
      stdin, stdout, or stderr is closed on startup.
    
    * Many bugs related to building Autoconf itself have been corrected.
      These mostly affected non-GNU operating systems and situations where
      optional tools are not available.
    
    * The obsolete macros AC_DIAGNOSE, AC_FATAL, AC_WARNING, and
      _AC_COMPUTE_INT are now replaced with modern equivalents by
      autoupdate.
    
    * The macro AC_OBSOLETE is obsolete.  Autoupdate will replace it with
      m4_warn([obsolete], [explanation]).  If possible, macros using
      AC_OBSOLETE should be converted to use AU_DEFUN or AU_ALIAS instead,
      which enables autoupdate to replace them, but this has to be done by
      hand and is not always possible.
    
    * AC_FC_LINE_LENGTH now documents the maximum portable length of
      "unlimited" Fortran source code lines to be 250 columns, not 254.
    
    * Warnings about obsolete constructs are now on by default.
      They can be turned off with '-Wno-obsolete'.
    
    * autoconf will now issue warnings (in the ‘syntax’ category) if the
      input file is missing a call to AC_INIT and/or AC_OUTPUT.
    
    * AC_INIT will now issue warnings (in the “syntax” category) for a
      non-literal URL argument, and for a TARNAME argument which is either
      non-literal or contains characters that should not be used in file
      names (e.g. ‘*’).
    

JDK 16: What’s coming in Java 16

Although not due to arrive until March 2021, Java Development Kit (JDK) 16 has begun to take shape, with proposed features including concurrent thread-stack processing for garbage collection, support for C++ 14 language features, and an “elastic metaspace” capability to more quickly return unused class metadata memory to the OS. JDK 16 will be the reference implementation of the version of standard Java set to follow JDK 15, which arrived September 15. The six-month release cadence for standard Java would have JDK 16 arriving next March. Read more

Linux Kernel Latest Developments and New Linux Foundation Report

  • AMD Ryzen 9 3900XT CPUFreq Governor Comparison With Linux 5.9

    One of the most frequent questions received at Phoronix in recent times is whether the "schedutil" governor is ready for widespread use and if it can compare in performance to, well, the "performance" governor on AMD Linux systems. Here are some benchmarks of an AMD Ryzen 9 3900XT using the latest Linux 5.9 development kernel in looking at the performance differences between the CPUFreq governor options of Ondemand, Powersave, Performance, and Schedutil.

  • Intel Engineers Begin Landing Open-Source Support For TDX, Intel Key Locker

    Last month Intel published a whitepaper on TDX as Trust Domain Extensions as a means of better securing virtual machines. TDX allows for isolating VMs from the hypervisor and other non-VMM system software. Intel TDX builds off other recent work around MKTME memory encryption and other features. We are now beginning to see that software side support roll-out along with the also-new Key Locker instructions.

  • HPE Preparing SGI UV5 Support For The Linux Kernel

    Recent hardware enablement work on the Linux kernel is HPE bringing up UV5 support. Succeeding the SGI UV4 support is now UV5 under the ownership of HPE. UV5 is the latest iteration of their x86_64 based supercomputer architecture.

  • Linux 5.10 To Support Nitro Enclaves For Security-Critical Applications

    The kernel support for Nitro Enclaves landed this week in char-misc-next ahead of the Linux 5.10 cycle kicking off next month. Nitro Enclaves is a capability of Amazon AWS' EC2 cloud for protecting highly sensitive data. Nitro Enclaves provide additional isolation and security by punting the sensitive work/data off to an isolated virtual machine without persistent storage access and other reductions to possible attack surfaces while also providing cryptographic attestation for ensuring only trusted/authorized code is running.

  • Linux Foundation Adds Entry-Level Certification

    The Linux Foundation has announced the development of a new entry-level certification exam to complement their existing Linux Foundation Certified Sysadmin (LFCS) and Linux Foundation Certified Engineer (LFCE) exams. This new certification, the Linux Foundation Certified IT Associate (LFCA), targets people just moving into systems administration.

  • How open-source software transformed the business world [Ed: Today ZDNet deletes GNU and Free software from history, citing this 'report' from LF (made using proprietary software)]

    The Linux Foundation goes into many examples, but I'm going to focus on telecommunications and networking since it's a field I know well. 

  • Software-defined vertical industries: transformation through open source

    What do some of the world’s largest, most regulated, complex, centuries-old industries such as banking, telecommunications, and energy have in common with rapid development, bleeding-edge innovative, creative industries such as the motion pictures industry? They’re all dependent on open source software.  That would be a great answer and correct, but it doesn’t tell the whole story. A complete answer is these industries not only depend on open source, but they’re building open source into the fabric of their R&D and development models. They are all dependent on the speed of innovation that collaborating in open source enables.