Wireguard backend

[tomberek]

Placeholder for a discussion of potential WireGuard backend.

[pfactum]

Would love to see this implemented.

Also, https://news.ycombinator.com/item?id=17849150 and https://www.tinc-vpn.org/pipermail/tinc/2017-February/004755.html

[SacDin]

Is there any plan for this ?

[fangfufu]

Just a general update on the status of the project: https://www.tinc-vpn.org/pipermail/tinc/2021-June/005570.html Maybe this will be done one day, but I don't feel it is a priority right now.

[splitice]

The main thing is multihop routing e.g Node A -> Relay 1 -> Node B with wireguard without going into userspace. This is difficult because a wireguard tunnel is done at the IP layer. If ethernet routing was supported it might be possible to do this via using the tunneled MAC as the destination and the IP address as the network level destination (the same way low power wpan's work like Zigbee). Unfortunately this is not the case.

The best way to do this currently is probably gre/gretap over wireguard combined with ip forwarding.

I think if wireguard supported eithernet bridging that would go a long way to making this possible.

In this case however is tinc really tinc?

Things tinc is doing with wireguard:

• Creating ip level routes to route traffic destined to certain addresses to specific gre/gretap tunnels
• Monitoring the status of wireguard peers (to adjust routes accordingly)
• Configuring the wireguard peers (or learning about them if this is only available for pre-configured peers)

As cool as this would be (and it would be!) this doesnt seem like it overlaps greatly with tinc features. Correct me if I am wrong.