Big news for Linux users was reported a few days ago, after Linus Torvalds – the creator of Linux – merged David Miller’s net-gen VPN protocol into the source tree for Linux 5.6 kernel.
In other words, the next version of Linux is very likely to have WireGuard VPN protocol as part of it, which users may come to enjoy in only a few months.
Considering that it has been less than a week since Version 5.5 was released, it is likely that the next version – 5.6 – will not be released until April or May 2020.
However, the merger added several new features and network-related drivers for the new version, and ‘Add WireGuard’ is the first goal on the list.
Why is this important?
The inclusion of WireGuard into the source tree for 5.6 does not come as a surprise, considering that WireGuard was pulled into net-next about a month ago, in December.
However, this also doesn’t mean that its inclusion should be considered a done deal, as there is still undoubtedly quite a bit of refinement necessary before the kernel is finalised and ready for release.
With that said the fact that Linus did pull it in-tree likely means that the chances of its removal are slim to non-existent, and it would take a significant unforeseen issue for the idea to be abandoned now.
As you may know, the WireGuard VPN protocol might be a perfect addition to 5.6, as it has many advantages.
For example, it is faster, smaller, and significantly more straightforward to configure than IPSec. This is yet another reason why it is very doubtful to be excluded at this point.
As mentioned, Torvalds did not reveal the release date for the next version, although many suspect that it will come out in a few months.
Still, WireGuard developer, Jason Donenfeld, announced the news with quite a lot of excitement, sharing the event with the community barely half an hour after Torvalds pulled in net-next.
Even with all the excitement and WireGuard being pretty much set to be implemented, Donenfeld admitted that he will have to start refining some of WireGuard’s ‘rougher areas.’
Advantages and benefits
As many likely know, WireGuard is quite practical by nature, and it is also cross-platform.
This means that it can be used equally for Windows, Android, macOS, iOS, BSD, and since it is licensed under GPLv2 – which is used by the Linux kernel – there is no real obstacle for it to be included as part of Linux.
It comes with numerous advantages, including the ones mentioned before, but also simplicity when it comes to configuration, strong cryptography, small codebase, strong performance, fast connection, and more.
Simply put, it is more convenient, and it doesn’t require entire teams of security experts to audit vast swathes of code, and still get overwhelmed by their complexity.
More than that, the CCSD (Center for Direct Scientific Communication), based in Lyon, France, already offers a cryptographic proof which confirms its message secrecy, correctness, mutual authentication, forward secrecy, resistance against key compromise, session uniqueness, resistance against replay attacks, as well as its resistance against identity mis-binding.
The only real concern regarding WireGuard is that it is still labelled as ‘work in progress,’ which is currently seeking a more stable 1.0 version.
According to what is known, it still may have a security quirk or two, as reported by the developer himself.
Even so, the language that describes it has changed in the last half a year or so.
Previously, it said that WireGuard is not complete and that its code should not be relied on. Now, we see it included in the Linux kernel, which indicates that a lot of work has been done and that the version 1.0 (WireGuard is currently labeled as 0.0) may not be that far away.
Apart from WireGuard, a few other additions to 5.6 allegedly include multipath TCP, AMD, and Intel power management improvements, as well as USB4 support, and more.
WireGuard has undoubtedly now hit the mainstream.