We must write an implementation in a cross-platform fashion using a safe language like Rust, Go, or Haskell. Since it will run in userspace (using a TUN device), it will not be as fast as platform-native versions, but will still be widely sufficient for Mac and Windows users (and still faster than OpenVPN). See the implementation notes on cross-platform development. Eventually we'll work with OpenBSD to produce a component for their kernel, and perhaps even write a kext for Darwin and a driver for NT. For now, however, a cross-platform userspace version is most appealing.
Right now the timeouts are fixed. These experimentally work very well, but it may be wise down the line to have these dynamically adjust. Currently, this is the only missing piece before the protocol itself reaches "version 1".
wg(8) tool is only useful for configuring WireGuard-specific aspects. For other network config, like routing and IP addresses, the usual
ip-address(8) tools are used. However, the .conf format for
wg(8) is very nice to use, and some people have requested additional convenience fields for setting IP addresses, including descriptions and so forth. Most likely this functionality is better being integrated into a different tool, but perhaps we'll consider it for here.
Write the RFC
After version 1 is finalized, an RFC will be written and standardized. This should probably coincide with a few more implementations too.
After version 1 is finalized, the code will be sent upstream to be integrated directly into Linux. Before a
[PATCH] set is sent, we'll be working with the folks on the netdev mailing list to make sure things are up to standards. LKML discussion.
Odds & Ends
- Handle the various performance issues.
- Support flowinfo for IPv6.
- Auto-routing support: instead of having to type "ip route add ...", there will be an option for automatically synchronizing the AllowedIPs entries with the kernel's routing table. LMKL discussion.
- Consider various attitudes toward multicast.