In-kernel WireGuard is on its way to FreeBSD and the pfSense router

Screenshot of WireGuard's fearsome logo.

Enlarge / FreeBSD is getting its own in-kernel WireGuard module in the near future, thanks to a sponsored code contribution from Netgate, followed by additional code and review from Jason Donenfeld and several FreeBSD and OpenBSD developers. (credit: WireGuard / Jim Salter)

This morning, WireGuard founding developer Jason Donenfeld announced a working, in-kernel implementation of his WireGuard VPN protocol for the FreeBSD 13 kernel. This is great news for BSD folks—and users of BSD-based routing appliances and distros such as pfSense and opnSense.

If you’re not familiar with WireGuard, it establishes connections more quickly than traditional VPNs like OpenVPN. It’s also, in our personal experience, overwhelmingly more reliable when managing large numbers of connections. Your author used to spend several hours a month shelling into machines and manually re-establishing broken OpenVPN tunnels, even after writing watchdog scripts to attempt to detect and re-establish them automatically—tearing it all out and replacing this several-hundred-machine-monitoring network with WireGuard-based infrastructure cut that down to “zero hours per month.”

In addition to performance and reliability, WireGuard brings modern protocols, versioned crypto that literally cannot be set up incorrectly, and a far cleaner, lighter codebase than most competitors—Linus Torvalds once declared it “a work of art” by comparison to OpenVPN and IPSec.

Read 10 remaining paragraphs | Comments

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top