WireGuard - Windows Kernel

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface.

The excellent WireGuard open-source secure VPN tunnel has been seeing growing adoption on Linux now that it's been in the mainline kernel for a while and also seeing continued progress on the BSDs. While there has been beta WireGuard for Windows in user-space, "WireGuardNT" was announced today as a native high-performance port to the Windows kernel. 

This WireGuard port to the Windows NT kernel started as a port of their current Linux kernel code-base but then adapted to better fit with the Windows kernel and its APIs. WireGuard founder Jason Donenfeld commented, "The end result is a deeply integrated and highly performant implementation of WireGuard for the NT kernel, that makes use of the full gamut of NT kernel and NDIS capabilities...For the Windows platform, this project is a big deal to me, as it marks the graduation of WireGuard to being a serious operating system component, meant for more serious usage. It's also a rather significant open source release, as there generally isn't so much (though there is some) open source crypto-NIC driver code already out there that does this kind of thing while pulling together various kernel capabilities in the process." 

This new WireGuardNT for the kernel should be far superior and faster than its prior user-space implementation for Windows. For the moment the kernel driver is considered experimental but will be gradually rolling it out and users can enable the experimental driver via the Windows registry. Eventually the hope is to remove the WireGuard Go / WinTUN implementation. More details on WireGuardNT for those interested in using a speedy implementation of WireGuard on Windows see this mailing list announcement.

WireGuard supports pre-shared symmetric key mode, which provides an additional layer of symmetric encryption to mitigate any future advances in quantum computing.