Tunsafe Windows client for wireguard (not opensource yet they say
Jason A. Donenfeld
Jason at zx2c4.com
Mon Mar 5 10:19:35 CET 2018
Thanks for posting this.
Please stay away from this software, and generally be wary of
closed-source WireGuard implementations trying to fill the void. This
one was written by a community-unfriendly proprietary author, and
we've got little way of ensuring protocol compliance or basic
security. Especially from my discussions from him, it's clear what
he's up to, and this seems like some nastiness. Should I spend my time
reverse engineering this software and discovering zero-days? Probably
not a good use of my time, despite my usual love of this sort of
One aspect of the WireGuard project is that we're taking development
very carefully and slowly, not jumping to premature releases, and
really studying every bit of what we produce in order to ship the
least-vulnerable and most-correct code we possibly can. We're still
shipping code -- it's not an approach that results in a complete
standstill -- but it does mean that in these intervening periods,
there will be propheteers and cowboys coming out of the woodwork to
fill the void.
It's quite easy to make a tiny tunneling protocol that's reasonably
fast and does a few things; if you look on Github there are hundreds.
It's quite another thing to write robust and secure software intend to
last for a long time. That's what we're working on here.
Fortunately we have two very nice projects that are rapidly
approaching maturity: one in Go and one in Rust. I fully welcome
future OSS authors into the project. When I'm back from visiting
family at the beginning of April, I think we'll be in a good place to
have a few first releases.
I'll also do what I can to see that people aren't peddling junk and
calling it wireguard, so as to reduce user confusion, but this of
course isn't a very easy endeavor. I'm open to suggestions on how to
More information about the WireGuard