WireGuard – A Next-Gen VPN

~~   Forward   ~~

Why would we need another VPN when we already have IPSEC, PPTP, L2TP, OpenVPN, and an array of proprietary SSL VPNs?  After all these are tried and true and exhaustively tested.  But are they really, exhaustively tested?

WireGuard has around 4,000 lines of code  —  compare this with 600,000 lines of code for OpenVPN plus OpenSSL, or 400,000 lines of code for XFRM plus StrongSwan for an IPSEC VPN.  How can such huge code have all aspects fully tested, honestly?  WireGuard’s two orders of magnitude fewer lines of code means a lot smaller attack surface to have flaws in.  Reducing attack surface is the same principle used by micro-kernels, and is a cardinal principle of information security.

(more…)