Earlier this week, we covered progress integrating an implementation of the WireGuard VPN protocol into the FreeBSD kernel. Two days later, there’s an update—kernel-mode WireGuard has been moved out of FreeBSD 13 development entirely for the time being.
The change only affects kernel-mode WireGuard. User-mode WireGuard has been available in FreeBSD since 2019 and remains, unaffected. If you
pkg install wireguard, you get user-mode WireGuard, better known as
wireguard-go. Wireguard-go is potentially less performant than kernel-mode, but it’s stable and more than fast enough to keep up with most use cases.
The removal is actually good news for FreeBSD users and WireGuard users. Although the new kernel work done by WireGuard founder Jason Donenfeld, FreeBSD developer Kyle Evans, and OpenBSD developer Matt Dunwoodie represented a clear step forward, it was deemed too rushed to go out in a production kernel. This is a decision heartily endorsed by Donenfeld himself, who prefers a steadier development process with more code reviews and consensus.