WireGuard is a simple VPN solution, opting for speed and simplicity over cipher and protocol agility. The end result is that the WireGuard codebase is smaller, simpler and hence easier to audit, than that of other existing solutions in both kernel space (IPSec) and userland (e.g OpenVPN).
Currently WireGuard is implemented as a kernel module for performance reasons. However a number of reasons for wanting a userland implementation exists, among others:
- Some users may feel that the task fundamentally belongs in userspace
- The userspace implementation may already saturate the link
- Building a project which is more easily portable to other platforms (than a Linux kernel module)
The ultimate goal of the project is to further WireGuard adoption.