I’d love if /e/ would support Wireguard directly in the kernel. Wireguard is much faster that way than being run in userspace. As Wireguard is about to become the leading VPN technology in regard to privacy and performance, would that be possible?
I think this means to add Wireguard to the list of protocols available by default (along with PPTP and OpenVPN). That’s a good point, because now we have to install a standalone client app.
But as I have written, for example, my TrackerControll app needs to have his own local VPN. And other firewalls need also his own VPN. So if Wireguard will be integrated in eOS these apps won’t work.
As we often have discussed. Better a small eOS with less default apps as a big o OS with full of defaults. Everyone should be able to decide what he want’s install and use
Why? At the moment we already have a built-in PPTP, L2TP, IPSec (but not OpenVPN – I was wrong) and it makes no trouble. So why adding support for another one VPN protocol should change something in this regard?
Wireguard is not an app, it’s a protocol. Its support is proposed to be added at the kernel level, just like it is already done in Linux if I’m not mistaken.
that’s just a a side effect of a horrible inefficient user level workaround…
the linux kernel, as used by android, provides much better alternatives for this purpose (see: iptables/nftables/bpfilter…)
yes – wireguard is much faster resp. more efficent the e.g. OpenVPN, but it’s also very simple and only supports a minimalist set of features. but this elementary functions work surprisingly well and only need a very small and save code base and extraordinary well implemented crypto routines.
WireGuard - sounds like a modern VPN solution. But WireGuard is still in full development, is not yet complete and not yet stable. The concept fits well with /e/ …
→Work in Progress
WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change. We’re working toward a stable 1.0 release, but that time has not yet come.
→ Work in Progress
WireGuard is currently working toward a stable 1.0 release. Current snapshots are generally versioned “0.0.YYYYMMDD” or “0.0.V”, but these should not be considered real releases and they may contain security quirks (which would not be eligible for CVEs, since this is pre-release snapshot software). This text will be removed after a thorough audit.
there are also already alternative user level implementations of wireguard available written in rust and go-lang, which will run on a wide variety of operating systems. (e.g. boringtun, the base of warp)