Last month, we talked here on the blog about the news he released David S. Miller, responsible for the Linux network subsystem, in which I take patches with the implementation of the VPN interface of the WireGuard project in the net-next branch.
With that Linus Torvalds took over the repository, which forms the future branch of the Linux 5.6 kernel and after some changes around 1am CET on Wednesday, Torvalds pulled the networking updates from the David Millers repository, with WireGuard at the top of the list.
With that the Linux kernel 5.6 expected late March or early April will finally support WireGuard VPN tunnel technology, as well as initial support for the MPTCP (MultiPath TCP) extension.
Previously, the cryptographic primitives required for WireGuard to work were ported from the Zinc library to the standard Crypto API and included in kernel 5.5.
Kernel Linux probably would have provided Wireguard support for a long time, if there hadn't been a dispute over the encryption base developed specifically for VPN technology. It took about a year and a half to resolve these inconsistencies.
This process was derived that the WireGuard team will take action on the matter, since after the negotiations at the Kernel Recipes conference, in which the creators of WireGuard in September they made a compromise decision to change their patches to use the Crypto core API, of which WireGuard developers have complaints in terms of performance and general security.
It was decided that the API would continue to develop, but as a separate project. Later in November, the kernel developers made a commitment and they agreed to transfer some of the code to the main kernel. In fact, some components will be transferred to the kernel, but not as a separate API, but as part of the Crypto API subsystem.
Wireguard promises fast connection establishment, good performance, as well as a robust, fast and transparent handling of connection abortions. In addition, the technology is much easier to configure than other VPN technologies and implements security against eavesdropping with the latest encryption algorithms.
On their website, the WireGuard team explains what sets their protocol apart from others and says:
“WireGuard has been designed with ease of deployment and simplicity in mind.
It is intended to be easily implemented in very few lines of code, and easily auditable for security vulnerabilities.
Compared to giants like * Swan / IPsec or OpenVPN / OpenSSL, where auditing gigantic code bases is a daunting task even for large teams of security experts, WireGuard is intended to be thoroughly vetted by individual people.
multipath tcp, on the other hand, is an extension of the TCP protocol that allows organizing the operation of a TCP connection with delivery of packets simultaneously on multiple routes through different network interfaces that are bound to different IP addresses (the use of multiple data connections at the same time)
Multipath TCP can be used both to extend performance and to increase reliability.
For example, MPTCP can be used to organize data transfer on a smartphone using WiFi and 3G links at the same time, or to reduce costs by connecting a server using several cheap links instead of one expensive one.
Another case, for example, is with the appropriate servers, a seamless switch from WLAN to cell phone connections can occur if the WLAN range is exceeded. Integrating Multipath TCP into Linux is also advantageous because the upcoming 5G mobile technology requires the technology.
Finally, the new version of Linux Kernel 5.6 is expected as we mentioned at the beginning I arrived at the end of March (a tentative date is the March 29) or early April (April 6) although this may vary a bit.
Source: https://git.kernel.org