WireGuard VPN gets a high-performance Windows kernel native port

WireGuard VPN gets a high-performance Windows kernel native port

WireGuard VPN gets a high-performance Windows kernel native port 2048 1151 Muhammad Saad

New port promises massive improvements in throughput

After months of work, the WireGuard project has managed to port the new VPN tunneling protocol to the Windows kernel, and the results from the initial tests are very encouraging.

WireGuard employs modern cryptography standards, and has been integrated into the Linux kernel since early 2020. Windows users however had to rely on a userspace driver, which worked, though its performance didn’t rival its Linux counterpart.

The project now gets a native port of WireGuard to the Windows kernel, in the form of WireGuardNT, and it promises to make things much faster.

“The end result is a deeply integrated and highly performant implementation of WireGuard for the NT kernel, that makes use of the full gamut of NT kernel and NDIS capabilities,” announced WireGuard’s author and main developer, Jason A. Donenfeld.

Breakthrough performance

Giving a lay of the land in his announcement email, Donenfeld mentioned that WireGuard on Windows currently relies on a generic userspace driver called Wintun that helps direct network traffic. While the implementation works, it has a lot of overhead, which adds latency. 

With WireGuardNT, the whole protocol is now implemented directly into Windows’ networking stack, just like it is on Linux. 

While the project is still in its early stages, and not yet ready for production use, early tests show that the reduced overheads have already drastically cut latency.

Donenfeld shared that he’s already seeing speeds of about 7.5Gbps on his test machine and that he can still “eek out” a lot more performance with the right optimization tweaks.

However, even as is, the driver is delivering impressive performance, especially over WiFi. In one test conducted using an Intel AC9560 WiFi adapter, WireGuardNT delivered about 600 Mbps, which is about the same speed that was experienced when not using WireGuard. This is a massive improvement over the existing Wintun implementation, which couldn’t even break 100Mbps.