As of this morning, Linux network stack maintainer David Miller has committed the WireGuard VPN project into the Linux “net-next” source tree. Miller maintains both
net-next—the source trees governing the current implementation of the Linux kernel networking stack and the implementation of the next Linux kernel’s networking stack, respectively.
This is a major step forward for the WireGuard VPN project.
Net-next gets pulled into the new Linux kernel during its two-week merge window, where it becomes
net. With WireGuard already a part of
net-next, this means that—barring unexpected issues—there should be a Linux kernel 5.6 release candidate with built-in WireGuard in early 2020. Mainline kernel inclusion of WireGuard should lead to significantly higher uptake in projects and organizations requiring virtual private network capability.
Normal, day-to-day Linux users probably won’t see in-kernel WireGuard until late 2020. Ubuntu is one of the faster-moving mainstream distributions, and its next Long Term Support (LTS) release is in April 2020. But the Linux 5.6 kernel and Ubuntu 20.04 will likely be in release candidate status at the same time, so its inclusion in 20.04 seems unlikely. The interim 20.10 Ubuntu release seems like a much safer bet for Canonical’s first use of a 5.6 or later kernel. Red Hat Enterprise Linux (RHEL) inclusion will likely be a year or more beyond that; the current RHEL 8.1 shipped in May 2019 with the 4.18 kernel, which was already 9 months old.
Although highly speculative, it’s also possible that WireGuard could land in-kernel on Ubuntu 20.04 even without the 5.6 kernel—Donenfeld offered to do the work backporting WireGuard into earlier Ubuntu kernels directly. Donenfeld also stated today that a 1.0 WireGuard release is “on the horizon.”
While WireGuard is most frequently seen in a Linux context right now, it’s available and very capable on all major platforms, including Windows, Mac, Android, iOS, and BSD. Although the highest possible performance comes from running in-kernel, the userland implementation typically still handily outperforms traditional VPNs such as IPSEC and OpenVPN, with faster connection times, lower latency, and significantly decreased battery usage.