On Tue, 16 Mar 2021 12:27:02 +1300, Peter Reutemann quoted:

'This morning, WireGuard founding developer Jason Donenfeld announced a working, in-kernel implementation of his WireGuard VPN protocol for the FreeBSD 13 kernel. This is great news for BSD folks—and users of BSD-based routing appliances and distros such as pfSense and opnSense.'

-- source: https://arstechnica.com/gadgets/2021/03/in-kernel-wireguard-is-on-its-way-to...

Looks like it won’t be making it into 13.0, more likely 13.1... Unfortunately, there was a problem—after WireGuard's own Jason Donenfeld reviewed it alongside several FreeBSD and OpenBSD developers, it was judged unready for prime time: I imagined strange Internet voices jeering, “this is what gives C a bad name!” There were random sleeps added to “fix” race conditions, validation functions that just returned true, catastrophic cryptographic vulnerabilities, whole parts of the protocol unimplemented, kernel panics, security bypasses, overflows, random printf statements deep in crypto code, the most spectacular buffer overflows, and the whole litany of awful things that go wrong when people aren’t careful when they write C. So Donenfeld got involved in a marathon sprint to fix it up, with little or no help from sponsoring company Netgate. Seems they have a history of being less-than-exemplary members of the FLOSS community ...