What does HackerNews think of wireguard-go?
Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go
Language:
Go
Vanilla WireGuard doesn't provide a way to run a peer in userspace that can proxy traffic between another peer and an endpoint such as a web server because you need to be privileged to do things like work with raw packets. However, https://github.com/WireGuard/wireguard-go is a userspace implementation of WireGuard and has recently incorporated Google's userspace networking stack. This project uses these two userspace tools to "fake" a privileged WireGuard peer that proxies TCP, UDP, and (a small subset of) ICMP. It was written as a pentesting/red team utility for my team but it can also serve as a general makeshift VPN when you don't have privileges on a box you want to proxy through.
Edit: typo
Why is in-kernel Wireguard a priority? I'm happily using https://github.com/WireGuard/wireguard-go with no issues to speak of, on FreeBSD.
Unless I'm mistaken, wireguard-go[0] only runs the WireGuard protocol code in userspace rather than the kernel. It still requires configuring network interfaces which requires root.
There is a go implementation of WireGuard with a fairly hefty warning at the top. [0]
There's also official documentation for how a userspace implementation should behave. [1]
The android version of WireGuard has a userspace implementation for devices without WireGuard in the kernel, which at the moment is pretty much all.
There is also an official user space implementation. The performance is not bad at all.