Language Selection

English French German Italian Portuguese Spanish

WireGuard 1.0.0 for Linux 5.6 Released

Filed under
Linux
Security

Hi folks,

Earlier this evening, Linus released [1] Linus 5.6, which contains our
first release of WireGuard. This is quite exciting. It means that
kernels from here on out will have WireGuard built-in by default. And
for those of you who were scared away prior by the "dOnT uSe tHiS
k0de!!1!" warnings everywhere, you now have something more stable to
work with.

The last several weeks of 5.6 development and stabilization have been
exciting, with our codebase undergoing a quick security audit [3], and
some real headway in terms of getting into distributions.

We'll also continue to maintain our wireguard-linux-compat [2]
backports repo for older kernels. On the backports front, WireGuard
was backported to Ubuntu 20.04 (via wireguard-linux-compat) [4] and
Debian Buster (via a real backport to 5.5.y) [5]. I'm also maintaining
real backports, not via the compat layer, to 5.4.y [6] and 5.5.y [7],
and we'll see where those wind up; 5.4.y is an LTS release.

Meanwhile, the usual up-to-date distributions like Arch, Gentoo, and
Fedora 32 will be getting WireGuard automatically by virtue of having
5.6, and I expect these to increase in number over time.

Enjoy!
Jason

Read more

Also: WireGuard 1.0.0 Christened As A Modern Secure VPN Alternative To OpenVPN/IPsec

WireGuard VPN makes it to 1.0.0—and into the next Linux kernel

  • WireGuard VPN makes it to 1.0.0—and into the next Linux kernel

    We've been anticipating WireGuard's inclusion into the mainline Linux kernel for quite some time—but as of Sunday afternoon, it's official. Linus Torvalds released the Linux 5.6 kernel, which includes (among other things) an in-tree WireGuard. Phoronix has a great short list of the most interesting new features in the 5.6 kernel, as well as a longer "everything list" for those who want to make sure they don't miss anything.

Linux's WireGuard VPN is here and ready to protect you

  • Linux's WireGuard VPN is here and ready to protect you

    Linus Torvalds has released the newest version of the Linux 5.6. It includes many new and neat features like USB4 support, a fix for the 32-bit Epoch problem, multi-path TCP, and numerous driver patches. The biggest news of all s that Linux now has the popular open-source Virtual Private Network (VPN) WireGuard baked in.

    WireGuard is a radical new approach to VPNs. With its minimal codebase -- about 4,000 lines of code -- it's much easier to debug and secure than its rivals such as OpenVPN with its over 100,000 lines.

    Torvalds himself loves WireGuard for its simplicity. Long before he incorporated WireGuard into Linux, Tovalids said "Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

Anthony Spadafora on WireGuard

  • WireGuard VPN added to Linux 5.6

    Linux users now have another choice when it comes to protecting themselves online as WireGuard VPN has been added to the Linux kernel in version 5.6.

    Up until now, the fast and flexible VPN, which was designed specifically for Linux implementations, was only available as a third-party addition. However, WireGuard VPN is now available by default with release of Linux 5.6.

    In an announcement, president and security researcher at Edge Security, Jason Donenfeld explained that future Linux kernels will have WireGuard built-in by default, saying...

EnterpriseNetworkingPlanet and Google

  • Linux 5.6 Debuts with Wireguard Secure VPN for Remote Networking

    On March 29, Linux creator Linus Torvalds released the Linux 5.6 kernel providing a long list of new features. Of particular note for networking professionals is the inclusion of WireGuard Virtual Private Network (VPN) open source technology. Work to include WireGuard directly into Linux has been ongoing since March 2019 though WireGuard development itself has been ongoing since 2015.

    At its core, WireGuard is a secure network tunnel written especially for Linux, and optimized for performance and ease of configuration.

    "It has been designed with the primary goal of being both easy to audit by virtue of being small and highly secure from a cryptography and systems security perspective," WireGuard creator Jason Donenfeld wrote in a Linux Kernel Mailing List (LKML) commit message.

    Even before WireGuard was directly integrated into Linux, it had been available in what is known as an out-of-tree module, as wall as userspace tools. By being directly integrated into Linux, WireGuard is now however even more accessible to a wider user community. In contrast with other options for VPN, WireGuard provides a very small attack surface for any potential attacker.

  • It's Looking Like Android Could Be Embracing WireGuard - "A Sane VPN"

    Following the release of Linux 5.6 and WireGuard 1.0 declared, Google has now enabled WireGuard within their Android open-source Linux kernel build.

    Android's Generic Kernel Image (GKI) now has the WireGuard support enabled as a built-in option as of yesterday. In the Git commit enabling it, Google's Greg Kroah-Hartman commented, "Add native kernel support for a sane VPN."

    The upstream WireGuard project has long offered an Android port available from the Play Store as a user-space implementation while it's promising that Google is now enabling the WireGuard support as part of the GKI kernel for Android. WireGuard was upstreamed in Linux 5.6 after years of development and working out the encryption kernel changes that previously held up its integration.

WireGuard VPN Gets Added to the Next Linux Kernel

  • WireGuard VPN Gets Added to the Next Linux Kernel

    I briefly mentioned WireGuard when I wrote of Cloudflare’s WARP beta. I think it’s something to add to your technology watch lists. It’s just not any old VPN app, it’s a VPN protocol that could very well replace current protocols like IPsec and OpenVPN, or at least be offered as an alternative.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Kernel Work and Graphics

  • Reiser5 File-System Working On New Features Like Data Tiering, Burst Buffers

    Reiser5 was announced back on New Year's Eve with support for local volumes and supporting parallel scaling out and other improvements over the long-in-development but never mainlined Reiser4. While Reiser5 was not met with enthusiasm, Edward Shishkin has continued working on this next-generation file-system and today announced the latest round of improvements. Shishkin announced today with support for dumping peaks of I/O load to a proxy device with Reiser5, "Now you can add a small high-performance block device to your large logical volume composed of relatively slow commodity disks and get an impression that the whole your volume has throughput which is as high, as the one of that "proxy" device!"

  • Steam Beta adds Vulkan shader processing

    Valve has enabled the next step towards making Steam games on Linux run smoother in the latest Steam Beta release. This is something Valve has been working towards for some time now, as the Steam Client has been able to download pre-compiled GPU shaders, which you might have seen when something pops up in your Steam Downloads with an OpenGL and Vulkan icon below. [...] It doesn't just do it for installed games, it will do it as you're downloading them too, so by the time you've finished downloading it might even be all ready.

  • Adaptive-Sync/VRR Seeing Port To xf86-video-modesetting Driver

    Currently if wanting to use Adaptive-Sync/FreeSync variable refresh rate support of the AMDGPU DRM kernel driver you need to be using the xf86-video-amdgpu X.Org driver for proper handling as well, but a port of the DDX bits to the generic xf86-video-modesetting driver is in the works. This is still obviously contingent upon the DRM kernel-side support in the AMDGPU DC code, but for those using this generic DDX driver, it at least allows the Adaptive-Sync/VRR handling there.

Plasma Mobile update: April-May 2020

It’s been a while since the last status update on Plasma Mobile, so let’s take a look at what happened since then. To assist new people in contributing, we organized a virtual mini Plasma Mobile sprint in April. During the three days, we discussed many things, including our current tasks, the websites and documentation, our apps and many other topics. Most of our important tasks have been asigned to people, many of them have been implemented already. On Saturday, there was a training day, with four training sessions on the technology behind Plasma Mobile... Read more

GNU/Linux and Arduino in Devices/Embedded and Open Hardware

  • ODYSSEY expandable mini PC supports Win10, Linux and Arduino

    A versatile new mini PC is now available to order in the form of the ODYSSEY X86J4105864, offering an easy way to build Edge Computing applications with powerful CPU and rich communication interfaces, say its developers. The ODYSSEY X86J4105 mini PC is based on Intel Celeron J4105, is a Quad-Core 1.5GHz CPU that bursts up to 2.5GHz. There is also an onboard ATSAMD21 Core, an ARM Cortex-M0+ MCU that allows you to program Arduino on the x86 platform.

  • What is ESP32 and Why Is It Best for IoT Projects?

    ESP32 is a low-powered, low-cost microcontroller (MCU) board, with both Wi-Fi and Bluetooth built in, and is based on a dual-core processor mechanism. The first one is a powerful processor, such as a Xtensa LX6 (~240 MHz) with 512 KiB memory and the second an ultra-low coprocessor (ULP) with only 8 KiB memory designed to run when ESP32 is in deep-sleep mode. Other components include around 48 I/O pins (variable); an array of peripheral interfaces including temperature, hall effect, and capacitive touch sensors; and an 8-centimeter LCD panel, prominently visible here in an ESP32-WROVER board by Espressif Systems. [...] In fact, it runs on FreeRTOS, a leading operating system supported by Arduino. A big advantage of ESP32 is that it is readily supported by Arduino IDE as a “shield” which can be accessed from Board Manager. One can easily use functions from the FreeRTOS libraries when coding for the ESP32 within the Arduino IDE. Considering the scale of ESP32 applications which could be tiny, coin cell devices, it is better to use a predictable memory OS such as FreeRTOS rather than have its own complete OS, which is supported by Raspberry Pi, for example.

  • Kiwi TCMS is partnering up with Pionir

    We are happy to announce that Kiwi TCMS is going to partner with Pionir on the development of open source hardware for testers! Pionir is a free school focused on creating a new generation of digital leaders, an exponential culture and solving challenges using technology. They are located in Kikinda, Serbia. [...] Pionir will be developing hardware black boxes for teaching exploratory testing in cooperation with Kiwi TCMS. We have dedicated €2000 from our bounty program for students of the free school towards completing this project.

    The goal of the project is to produce at least 3 boxes and reference designs that will serve as a didactic tool for teaching, but also be free and open hardware, and as such, available to everyone to build from source. This project will be trusted to the students of the free school who will get opportunity to take part in the challenging process of building a digital appliance, from designing the machine logic, to develop and prototype hardware.

    The project includes designing, assembling, programming, documenting and delivering this hardware to us! Everything is expected to be open source: list of components, assembly instructions, 3D design files, source code, documentation and instructions! Our goal is that this will be relatively cheap and easy to build so everyone else can build their own boxes. During the next several months there will be new repositories created under https://github.com/kiwitcms to host the various boxes.

WWW: Curl, Mozilla Phoning Home, LMS for WordPress and Libre Graphic Meeting/Webstream

  • Daniel Stenberg: curl ootw: –socks5

    --socks5 was added to curl back in 7.18.0. It takes an argument and that argument is the host name (and port number) of your SOCKS5 proxy server. There is no short option version.

  • How does the Glean SDK send gzipped pings

    Within the Glean SDK, the glean-core Rust component does not provide any specific implementation to perform the upload of pings. This means that either the language bindings (e.g. Glean APIs for Android in Kotlin) or the product itself (e.g. Fenix) have to provide a way to transport data from the client to the telemetry endpoint. Before our recent changes (by Beatriz Rizental and Jan-Erik) to the ping upload system, the language bindings needed to understand the format with which pings were persisted to disk in order to read and finally upload them. This is not the case anymore: glean-core will provide language bindings with the headers and the data (ping payload!) of the request they need to upload. The new upload API empowers the SDK to provide a single place in which to compress the payload to be uploaded: glean-core, right before serving upload requests to the language bindings.

  • Create interactive content in WordPress with the H5P plugin

    WordPress is best known as a website content management system, but it also a great learning management system (LMS) for delivering online courses. If that is what you are looking for out of WordPress, then H5P should be the top plugin on your list. H5P is a way to create and share interactive HTML5 content, including presentations, games, quizzes, forms, and more, in a browser. You can download a wide variety of content types from H5P's Examples and Downloads page, or you can create unique content to embed in your WordPress site. H5P provides plugins and integrations for WordPress, Moodle, Drupal, Canvas, Brightspace, Blackboard, and more. In this article, I will show how to use H5P in WordPress to create a reading comprehension quiz for students.

  • Libre Graphic Meeting online 2020 Livestream

    After Canada, Germany, Spain, Brazil and more; the famous Libre Graphic Meeting 2020 was finally happening in France! But unfortunately, due to the worldwide pandemic, the in real life event was canceled. The event was then converted into an online event and I decided to contribute with offering a livestreaming session: a Krita digital painting workshop. I'll share on this one some step by step for my speedpainting technique; the theme: "Here be dragons". If you want to participate, connect to the program page on Friday 29 May, 15h00 (Paris Time); a "LIVE" button will be available on the top to access the video stream and you'll get also documentation on how to chat to interact with me during the livestream. It's free, open access, and the content of the video will be shared later under an open license.