What does HackerNews think of boringtun?

Userspace WireGuard® Implementation in Rust

Language: Rust

#14 in Rust
NFS > FUSE: Why We Built Our Own NFS Server in Rust | Sep 2023
If you haven't seen it, Cloudflare also has an implementation of Wireguard in userspace, called Boringtun [0], written in Rust and successfully deployed to millions of iOS and Android devices running the 1.1.1.1 app.

For reference, another Rust project that depends on Boringtun is Onetun [1], which uses it to encrypt packets sent over a virtual smoltcp interface. I imagine you could follow a similar approach to integrating rust-9p with Boringtun, and you wouldn't need to leave the Rust ecosystem (whereas you might face more obstacles integrating it with Tailscale's wgengine, which is written in Go).

[0] https://github.com/cloudflare/boringtun

[1] https://github.com/aramperes/onetun

Show HN: TunnlTo – Windows WireGuard split tunnel client built with Rust, Tauri | Feb 2023
Expand Context ↕
I assume since Wiresock is using BoringTun(https://github.com/cloudflare/boringtun) under the hood, it works similar to other userspace implementations of wireguard, (e.g. wireguard-go, wireguard-rs) in that it uses a TUN device to deliver packets to the userspace implementation, and back out to the network. So, no driver installation required, but CAP_NET_ADMIN is required to create the TUN device.
Set up your own VPN at home with Raspberry Pi – Wolfang's Blog | May 2022
Expand Context ↕
It's using some sort of a custom installer that also downloads Cloudflare's BoringTun (https://github.com/cloudflare/boringtun) directly from the author's website (nyr[.]be), since Cloudflare doesn't seem to offer it as a binary release. Example:

    { wget -qO- https://wg.nyr[.]be/1/latest/download 2>/dev/null || curl -sL https://wg.nyr.be/1/latest/download ; } | tar xz -C /usr/local/sbin/ --wildcards 'boringtun-*/boringtun' --strip-components 1
I don't have time to go through it in more details, but I would definitely recommend an alternative way of installing it.
Show HN: A tool to self host game servers with a free static IP | Jun 2021
Looks like this uses https://github.com/cloudflare/boringtun, a userspace implementation of Wireguard written in Rust, and (I'm guessing) user IP:port is sent to third party at api.playit.gg.
Android Studio 4.0 | May 2020
Expand Context ↕
- https://github.com/cloudflare/boringtun

- https://blog.cloudflare.com/warp-technical-challenges/

- https://www.reddit.com/r/rust/comments/8ygbvy/state_of_rust_...

- https://medium.com/visly/rust-on-android-19f34a2fb43

- https://medium.com/visly/rust-on-ios-39f799b3c1dd
Getting Started with WireGuard | Apr 2020
Expand Context ↕
BTW if people want to try userspace WireGuard: https://github.com/cloudflare/boringtun
WireGuard 1.0 | Mar 2020
Expand Context ↕
Boringtun is bsd licensed. clean room implementations and all that...

https://github.com/cloudflare/boringtun
Ubuntu 20.04 LTS Adds WireGuard Support | Jan 2020
Expand Context ↕
The protocol yes, but don't they use their own implementation? https://github.com/cloudflare/boringtun
Rust – Reducing support for 32-bit Apple targets | Jan 2020
Expand Context ↕
The app isn’t, but the rust bit is: https://github.com/cloudflare/boringtun

The workflow shouldn’t be anything too intense, you build a library, compile to the right arch, and treat it like any C library.
WireGuard VPN is in net-next | Dec 2019
Expand Context ↕
There is also https://github.com/cloudflare/boringtun

Edit: Someone running wg in userspace and can share some experiences with either implementation?
WARP is here | Sep 2019
Expand Context ↕
If I’m not mistaken, they’ve open sourced their “fork” (actually more of a rewrite than a fork).

https://github.com/cloudflare/boringtun/

Which is more valuable to the community? I don’t really think you can quantify it.
WireGuard on OpenBSD | May 2019
There is user mode wireguard for Linux, it is wireguard-go: https://git.zx2c4.com/wireguard-go/.

There is also BoringTun: https://github.com/cloudflare/boringtun which is faster

Disclaimer: I wrote BoringTun

VPN services blocked in Sri Lanka as information controls tighten | Apr 2019
Expand Context ↕
https://blog.cloudflare.com/1111-warp-better-vpn/

Cloudflare also built and opensourced a rust implementation of wireguard which will likely back the service [0], but unfortunately, they didn't collaborate with upstream.

[0] https://github.com/cloudflare/boringtun
I'm Joining CloudFlare | Apr 2019
Expand Context ↕
The Cloudflare Wireguard implementation is open-sourced and BSD licensed, what would be the concern? https://github.com/cloudflare/boringtun
Warp – Mobile VPN | Apr 2019
Cloudflare has their own implementation that runs in userspace. [1]

1 - https://github.com/cloudflare/boringtun

Warp – Mobile VPN | Apr 2019
They've also written they're own client in rust https://github.com/cloudflare/boringtun
Warp: Fixing Mobile Internet Performance and Security | Apr 2019
Expand Context ↕
It's WireGuard [1] coupled with tech from our Mobile SDK [2] and (in the case of Warp+) Argo [3]

1- https://github.com/cloudflare/boringtun

2- https://blog.cloudflare.com/mobile-sdk-acceleration/

3- https://www.cloudflare.com/products/argo-smart-routing/