Doll enter the tunnel! ♫ “/>Aurich Lawson
Earlier this week, we covered the progress by integrating the implementation of the WireGuard VPN protocol into the FreeBSD core. Two days later, there’s an update – the WireGuard core mode has been completely removed from FreeBSD 13 development for the time being.
The change only affects core mode WireGuard. User mode WireGuard has been available in FreeBSD since 2019 and remains untouched. If you pkg install wireguard, you get the WireGuard user mode, better known as wireguard-go. Wireguard-go can potentially outperform the core mode, but it’s stable and more than fast enough to keep up with most use cases.
The removal is actually good news for FreeBSD users and WireGuard users. Although the new core work done by Jason Donenfeld, founder of WireGuard, FreeBSD developer Kyle Evans and OpenBSD developer Matt Dunwoodie, was a clear step forward, it is considered too hasty to venture into a production pit. go. It is a decision heartily endorsed by Donenfeld himself, who prefers a steady development process with more code reviews and consensus.
Donenfeld announced the migration of development of FreeBSD 13-CURRENT to its own git repository earlier today. The new screenshot no longer supports ifconfig extensions to build tunnels; use it wg and wg-quick build commands similar to Linux, Windows and Android rather. Although the code works, Donenfeld warns that it should not yet be considered ready for production:
At the moment, this code is new, unproven, possibly car, and should be considered “experimental”. This may include security issues. We welcome your test and bug reports, but keep in mind that this code is new, so at the moment you need to be a little careful about using it in mission-critical environments.
In my small tests so far, however, it seems to “work basically”. And at least, those who rely on the code that used to be in the FreeBSD boom now have an immediate continuity.
During the next days and weeks, this repository can be expected to improve and grow.
Enjoy it!
Finally, this core mode FreeBSD WireGuard should be available at the FreeBSD gateway. For now, those interested in testing it will need git clone it from the WireGuard repos themselves, followed by the BSD style make load ; make install commands to build from source.
This is an ongoing story, and we will continue to follow the events as they unfold.