[ANNOUNCE] WireGuard Snapshot `0.0.20170517` Available
Jason A. Donenfeld
Jason at zx2c4.com
Wed May 17 20:16:59 CEST 2017
-----BEGIN PGP SIGNED MESSAGE-----
A new snapshot, `0.0.20170517`, has been tagged in the git repository.
Please note that this snapshot is, like the rest of the project at this point
in time, experimental, and does not consitute a real release that would be
considered secure and bug-free. WireGuard is generally thought to be fairly
stable, and most likely will not crash your computer (though it may).
However, as this is a pre-release snapshot, it comes with no guarantees, and
its security is not yet to be depended on; it is not applicable for CVEs.
With all that said, if you'd like to test this snapshot out, there are a
few relevent changes.
== Changes ==
This is a substantial release, containing lots of changes and
fixes over last four weeks, including a major protocol improvement.
Since this is a lot of churn, I imagine there will be a considerable
amount of feedback, resulting in a new snapshot not too long after
* compat: use existing iptunnel_xmit function for stats
* compat: ssse3 support
* compat: work around ubnt offloading
* compat: use real crypto_memneq
* compat: remember to call iptunnel_xmit_stats
We've made quite a few improvements to our compat layer, which
should add support to more platforms.
* tools: retry name resolution on temporary failure
If you're using wg(8) in an init script, you'll be happy about
this. If DNS resolution fails, we'll keep trying for a little
while before eventually giving up. This should allow for a looser
init service ordering, for those who like to use tunnels with DNS
* tools: wg-quick: auto MTU discovery
The wg-quick utility now makes a conservative guestiment on the
correct MTU, if you don't explicitly specify it yourself with the
new MTU= directive.
* chacha20poly1305: implement vectorized hchacha20
Our implementation of HChaCha20 is now optimized via SSSE3, which should
improve cookie encryption and decryption speed, which uses XChaCha20.
* qemu: new packages and better debugging
* qemu: new location for test kernels
* Kbuild: optimize debug builds too
The usual set of improvements to our testing and debugging facilities.
* jerry-rig: symlinks are better for tree patching
The jerry-rig script now uses symlinks, which should improve its
compatibility in more odd environments.
* tools: stricter key file reading
The wg(8) utility is now a bit stricter on garbage at the end of
* tests: check for stats counter increases
The test suite checks to see whether the interface stats are actually
* tools: check for proto error on set too
* tools: opt-in globally to GNU-isms to keep the BSDs happy
* noise: redesign preshared key mode
Preshared keys are now local to each peer rather than to each interface. This
allows different peers to have different preshared keys, which improves the
compromise model. This has been joint work with Trevor Perrin's Noise project,
and today revision 32  has been published, which adds the handshake pattern
used by WireGuard -- IKpsk2. This is a protocol change -- an accepted
potentiality of a still experimental project -- and as such all peers will
need to be updated to this latest snapshot. The wg(8) utility has been
updated to account for the change of preshared-key being attached to the
interface to now being attached to each peer. The WireGuard paper ,
protocol webpage , and Tamarin model all have been updated accordingly.
* tools: support text-based ipc
As discussed on the mailing list, the wg(8) tool now talks to userspace
WireGuard implementations using a text-based format  over a UNIX socket that
has been designed to be exceedingly easy to parse in all languages. The wg(8)
tool now runs fine on FreeBSD. 
As always, the source is available at https://git.zx2c4.com/WireGuard/ and
information about the project is available at https://www.wireguard.io/ .
This snapshot is available in tarball form here:
If you're a snapshot package maintainer, please bump your package version. If
you're a user, the WireGuard team welcomes any and all feedback on this latest
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the WireGuard