Tech

FreeBSD kernel-mode WireGuard moves forward out-of-tree

♫ <em>Pop</em> goes the tunnel! ♫

Enlarge /Pop goes the tunnel! ♫ (credit: Aurich Lawson)

Earlier this week, we covered progress integrating an implementation of the WireGuard VPN protocol into the FreeBSD kernel. Two days later, there’s an update—kernel-mode WireGuard has been moved out of FreeBSD 13 development entirely for the time being.

The change only affects kernel-mode WireGuard. User-mode WireGuard has been available in FreeBSD since 2019 and remains, unaffected. If you pkg install freebsd, you get user-mode WireGuard, better known as wireguard-go. Wireguard-go is potentially less performant than kernel-mode, but it’s stable and more than fast enough to keep up with most use cases.

The removal is actually good news for FreeBSD users and WireGuard users. Although the new kernel work done by WireGuard founder Jason Donenfeld and FreeBSD developers Kyle Evans and Matt Dunwoodie represented a clear step forward, it was deemed too rushed to go out in a production kernel. This is a decision heartily endorsed by Donenfeld himself, who prefers a steadier development process with more code reviews and consensus.

Read 3 remaining paragraphs | Comments