Wireguard developer Jason A. Donenfeld has a new version of the VPN software for Windows on the Wireguard mailing list announced. WireGuardNT is still in the early stages of development, but promises to overcome the performance weaknesses of the current WireGuard implementation for Windows.
So far, Windows users have been using a cross-platform Go implementation to set up VPNs with WireGuard. The VPN code is located in userspace, so that every UDP network packet that comes in via a network adapter must first be transferred from the kernel to the Go program in userspace. There it is decrypted and passed back to the kernel via a generic network tunnel driver in order to be delivered to the application that receives the data via the VPN. Sent packets take the same cumbersome way backwards, so that two context changes from the kernel to the user space are necessary here as well. That costs performance, which, according to Donenfeld’s experiments, is particularly evident in data transmission in WLAN.
Try at your own risk
WireGuardNT brings the WireGuard code into the Windows network stack so that the cumbersome back and forth between kernel and user space is no longer necessary. It can be used with Windows 7, 8, 8.1 and 10 on AMD64, x86, ARM64 and ARM processors. The implementation resulted from porting the Linux code to Windows, but is still experimental: According to Donenfeld, neither security nor functionality has been adequately tested.
Interested WireGuard users can help with the tests: With version 0.4, WireGuardNT is in the Standard installer for Windows must be activated via special registry keys. Who the manual can use the experimental WireGuard kernel driver – at your own risk, as Donenfeld emphasizes.