There's a good description here of what they're doing: https://lists.zx2c4.com/pipermail/wireguard/2021-August/0068...

I am curious (though happy) about their focus on performance. For most security projects, the specification seems to be 'sufficient' performance and beyond that they invest their limited resources elsewhere. The WireGuard team seems to make it a top priority.

Maybe this upgrade was needed to be 'sufficient'? Maybe they see performance as key to adoption? Or maybe they have other reasons. I could see how WireGuard's significant reduction in complexity, compared to other VPN software, could feed performance.

It's hard to imagine the Internet without WireGuard, without a VPN I have confidence in. Thank you Jason and team!

After fighting with OpenVPN for years, I finally switched to Wireguard a while back.

Wireguard on Linux is simply amazing, been using it for the last year plus to link all of my devices in a single tunneled LAN, it's been a blast (I can access any of my devices from any of my devices, wherever I or they may be physically located).

I do keep one windoze box because I occasionally need to run things that refuse to run on anything but that, and I recently installed wireguard on it ... was expecting headaches ... what do you know, it worked right out of the box, and I can actually securely ssh into the Redmond-spawned contraption from any of my other devices, including my android phone.

Wireguard FTW.

These are some of the hardest working people in show business.

It's good to see WireGuard getting some love on Windows. Unfortunately it's not for me at the moment and doesn't tick the boxes I need:

- Last I checked, dynamic server IPs were not supported

- It's system wide by default. With all VPNs, it is relatively difficult to say: use this connection for these applications, or these addresses. Popular VPN apps have per-app-settings, but I find them buggy and not trustworthy. And if you are an expert you can set your own routing of course. But it would be great if you could just right click on a titlebar and say "use VPN for this app", and it was integrated with the OS

- There is no obfuscation for hostile environments. I would like a VPN which has pluggable transports, and can, say, look like ssh or http or a game, and route over 20 random servers. I know of shadowsocks etc., but I could never get it to run.

- There is no integration with Windows login AFAIK. If you want to log into a Windows AD domain, you need to be in the VPN, but you can't establish connection when you are not logged in. This is really annoying. There is a capability in Windows for this, but I never found a VPN where it works properly.

So technically WireGuard is great, security and speed wise, but for me the potential VPN killer application would be defined by superior UX, not by tech.

That should toast OpenVPN in term of performance. I never managed to get more than 5MB/s on OpenVPN on windows, I understand precisely because it wasn't implemented in kernel. I ended up running a pfsense gateway in a VM.

I'm gonna guess there's no such development planned for macOS given how Apple wants to dump all kernel extensions.

My employer use wireguard (perimeter81) - during video conferences (using ms teams) the VPN client goes bananas, occupying some 40-50% of a cpu core - I assume to en/decode the video streams - so I hope this will improve that experience.

And it's pretty darn mint for the implementation.

Best improvement to pair with the best VPN protocol

Great effort, but what is WireGuard's plan on getting a Microsoft signature for their kernel-mode driver? Bypassing the code signing is acceptable for beta testing, but not for production systems.

Whatever happened to hardware accelerated encryption? Did it never become a thing?

even without that, it was probably faster then everything else? I wouldn't know because I avoid Windows...