This morning, WireGuard founding developer Jason Donenfeld announced a working, in-kernel implementation of his WireGuard VPN protocol for the FreeBSD 13 kernel. This is great news for BSD folks—and users of BSD-based routing appliances and distros such as pfSense and opnSense.
If you’re not familiar with WireGuard, it establishes connections more quickly than traditional VPNs like OpenVPN. It’s also, in our personal experience, overwhelmingly more reliable when managing large numbers of connections. Your author used to spend several hours a month shelling into machines and manually re-establishing broken OpenVPN tunnels, even after writing watchdog scripts to attempt to detect and re-establish them automatically—tearing it all out and replacing this several-hundred-machine-monitoring network with WireGuard-based infrastructure cut that down to “zero hours per month.”
In addition to performance and reliability, WireGuard brings modern protocols, versioned crypto that literally cannot be set up incorrectly, and a far cleaner, lighter codebase than most competitors—Linus Torvalds once declared it “a work of art” by comparison to OpenVPN and IPSec.