Virtual Private Networks, or VPNs, are essentially encrypted connections in which data can be transferred through a secure "tunnel".
This allows companies to allow employees to access corporate networks from outside the office. For personal uses, commercial VPN services can protect users internet traffic from eavesdroppers by routing it through remote servers. In theory, VPN has become an important part of internet security.
But no matter how good VPNs are, they are only as secure as the software that makes them.
The more complex the software is, the more difficult it is to audit security issues. As a result, the more flaw the VPNs may have.
This is where WireGuard wants to play its role.
Previously, users can install WireGuard on Linux as a kernel module. Regular applications like VLC, GIMP and others run on top the Linux kernel (user space) and not inside it. With the partnership, WireGuard is building its VPN system directly inside the kernel, the core part of the Linux operating system.
WireGuard was created by security researcher Jason A. Donenfeld. What it excels at, is its size and simplicity. The first version of WireGuard VPN for example, only had less than 4,000 lines of code, whereas other VPN products can have tens of thousands of lines.
In more detail, WireGuard claims that:
But this smaller size doesn't make WireGuard less secure, as the VPN already supports cryptography technologies such as the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, and HKDF.
And due to its simplicity, WireGuard can better find bugs and fix them accordingly, more quickly than others.
WireGuard clients are already made available on Android, iOS, MacOS, Linux, and Windows. Other commercial VPNs, like TorGuard, IVPN and Mullvad all use the WireGuard protocol.
Even the popular website-security company Cloudflare has its VPN service WARP to work based on the WireGuard protocol.
By having WireGuard to work deep inside the Linux kernel, the software can communicate directly to the operating system.
This way, WireGuard can interact with the hardware in a much faster way, allowing it to encrypt and decrypt data directly from the network card, instead of having the data to flow back and forth between the kernel and software at a higher level.
What this means, WireGuard can change many things in the way Linux kernel work.
And since essentially all VPNs run off Linux servers, the entire VPN world too can change.
The combination of small footprint, speed, simplicity, and in-kernel design should not put an end to other VPN technologies, or at least just yet. But if the technology lives up to its promises, given by its credibility, future VPNs can all be based on WireGuard.
Linux creator Linus Torvalds is one of WireGuard's biggest fans. He said that:
Further reading: Staying Anonymous: Proxy, VPN Or Tor?