The WireGuard VPN project announced a major milestone for its Windows users today—an all-new, kernel-mode implementation of the VPN protocol called WireGuardNT. The new implementation allows for massively improved throughput upon 10Gbps LAN connections—and on many WI-Fi connections, as well.
WireGuard (on Windows) and Wintun
The original implementation of WireGuard on Home windows uses wireguard-go—a userspace implementation of WireGuard written in Google’s Go programming language. Wireguard-go is then tied to a virtual network device, the majority of which also lives in userspace. Donenfeld didn’t like tap-windows , the virtual network interface provided by the OpenVPN project—so he implemented his own replacement from scratch, called Wintun .
Wintun is a definite improvement over tap-windows—the OpenVPN project itself has implemented Wintun support, with impressive results (414Mbps over tap-windows vs 737Mbps over Wintun). But while using Wintun is an improvement over tap-windows, it doesn’t change the need for constant context switches from kernel space (where the “real” network stack lives) and userspace (where OpenVPN and wireguard-go both live).