github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 01:59:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2247 from zx2c4/update-wireguard

Browse Source 
wireguard: update to latest snapshot
This commit is contained in:
Rolf Neugebauer 2017-07-19 16:25:06 +01:00 committed by GitHub
commit 83f079eb8b
2 changed files with 11831 additions and 1790 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
projects/wireguard/README.md
View File

@ -1,16 +1,16 @@
# WireGuard # WireGuard
[WireGuard](https://wireguard.io) is a modern VPN released for the Linux kernel that can replace IPSec. [WireGuard](https://www.wireguard.com) is a modern VPN released for the Linux kernel that can replace IPSec.
We can use WireGuard in Moby to better secure container networking. We can use WireGuard in Moby to better secure container networking.
WireGuard transparently encrypts *and* authenticates traffic between all peers, and uses state-of-the-art cryptography WireGuard transparently encrypts *and* authenticates traffic between all peers, and uses state-of-the-art cryptography
from the [Noise protocol](http://www.noiseprotocol.org/). Moreover, WireGuard is implemented in less than a few thousand from the [Noise protocol](https://noiseprotocol.org/). Moreover, WireGuard is implemented in less than a few thousand
lines of code, making it auditable for security. lines of code, making it auditable for security.
Moreover, WireGuard provides a `wg0` (`wg1`, `wg2`,... etc) network interface that can be passed directly to containers, Moreover, WireGuard provides a `wg0` (`wg1`, `wg2`,... etc) network interface that can be passed directly to containers,
such that all intercontainer traffic would benefit from encrypted and authenticated networking. such that all intercontainer traffic would benefit from encrypted and authenticated networking.
A full technical paper from NDSS 2017 is available [here](https://www.wireguard.io/papers/wireguard.pdf). A full technical paper from NDSS 2017 is available [here](https://www.wireguard.com/papers/wireguard.pdf). The protocol has been formally verified, with a paper describing the security proofs available [here](https://www.wireguard.com/papers/wireguard-formal-verification.pdf).
## Contents ## Contents
@ -27,8 +27,8 @@ This is built into the `mobylinux/init-wireguard` image that is generated by `cd
## Quickstart ## Quickstart
The quickest way to get started is to use the provided `examples/wireguard.yml` in this directory and use the prebuilt images. The quickest way to get started is to use the provided `examples/wireguard.yml` in this directory and use the prebuilt images.
To give WireGuard a spin, the [official quick start](https://www.wireguard.io/quickstart/) is a good way to get going. For containers, To give WireGuard a spin, the [official quick start](https://www.wireguard.com/quickstart/) is a good way to get going. For containers,
WireGuard has a [network namespace integration](https://www.wireguard.io/netns/) that we could use for Moby's containers. WireGuard has a [network namespace integration](https://www.wireguard.com/netns/) that we could use for Moby's containers.
## Roadmap ## Roadmap

13611
projects/wireguard/kernel/patches-4.9.x/WireGuard.patch
View File

File diff suppressed because it is too large Load Diff