How WireGuard VPN Can Change The Linux Kernel To A Better Operating System

WireGuard - Linux

Virtual Private Networks, or VPNs, are essentially encrypted connections in which data can be transferred through a secure "tunnel".

This allows companies to allow employees to access corporate networks from outside the office. For personal uses, commercial VPN services can protect users internet traffic from eavesdroppers by routing it through remote servers. In theory, VPN has become an important part of internet security.

But no matter how good VPNs are, they are only as secure as the software that makes them.

The more complex the software is, the more difficult it is to audit security issues. As a result, the more flaw the VPNs may have.

This is where WireGuard wants to play its role.

Previously, users can install WireGuard on Linux as a kernel module. Regular applications like VLC, GIMP and others run on top the Linux kernel (user space) and not inside it. With the partnership, WireGuard is building its VPN system directly inside the kernel, the core part of the Linux operating system.

Read: Choosing The Best VPN: Know How To Protect Yourself

WireGuard was created by security researcher Jason A. Donenfeld. What it excels at, is its size and simplicity. The first version of WireGuard VPN for example, only had less than 4,000 lines of code, whereas other VPN products can have tens of thousands of lines.

In more detail, WireGuard claims that:

"Compared to behemoths like *Swan/IPsec or OpenVPN/OpenSSL, in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, WireGuard is meant to be comprehensively reviewable by single individuals."

But this smaller size doesn't make WireGuard less secure, as the VPN already supports cryptography technologies such as the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, and HKDF.

And due to its simplicity, WireGuard can better find bugs and fix them accordingly, more quickly than others.

WireGuard clients are already made available on Android, iOS, MacOS, Linux, and Windows. Other commercial VPNs, like TorGuard, IVPN and Mullvad all use the WireGuard protocol.

Even the popular website-security company Cloudflare has its VPN service WARP to work based on the WireGuard protocol.


By having WireGuard to work deep inside the Linux kernel, the software can communicate directly to the operating system.

This way, WireGuard can interact with the hardware in a much faster way, allowing it to encrypt and decrypt data directly from the network card, instead of having the data to flow back and forth between the kernel and software at a higher level.

What this means, WireGuard can change many things in the way Linux kernel work.

And since essentially all VPNs run off Linux servers, the entire VPN world too can change.

The combination of small footprint, speed, simplicity, and in-kernel design should not put an end to other VPN technologies, or at least just yet. But if the technology lives up to its promises, given by its credibility, future VPNs can all be based on WireGuard.

Linux creator Linus Torvalds is one of WireGuard's biggest fans. He said that:

"Can I just once again state my love for it and hope it gets merged soon? Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."

Further reading: Staying Anonymous: Proxy, VPN Or Tor?