boringtun
quiche
Our great sponsors
boringtun | quiche | |
---|---|---|
14 | 26 | |
5,796 | 8,847 | |
1.2% | 2.2% | |
5.6 | 9.0 | |
7 days ago | 6 days ago | |
Rust | Rust | |
BSD 3-clause "New" or "Revised" License | BSD 2-clause "Simplified" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
boringtun
- WireGuard client that exposes itself as a HTTP/SOCKS5 proxy
-
I did some benchmarks of Linux WireGuard implementations
Right now the three major Linux implementations are wireguard-linux, wireguard-go and BoringTun. With some recent improvements to wireguard-go I decided to benchmark each one of them with ping and iPerf 3 over TCP and UDP.
-
Wireguard user space Implementation not working after switching network connection
It seems to be a known problem with boringtun: IP Roaming not working when using boringtun as a client (#187)
-
How Rust and Wasm power Cloudflare's 1.1.1.1
They’ve been on the Rust train since at least 2019. Just look at projects like quiche, wrangler, and boringtun
-
Show HN: TunnlTo – Windows WireGuard split tunnel client built with Rust, Tauri
I assume since Wiresock is using BoringTun(https://github.com/cloudflare/boringtun) under the hood, it works similar to other userspace implementations of wireguard, (e.g. wireguard-go, wireguard-rs) in that it uses a TUN device to deliver packets to the userspace implementation, and back out to the network. So, no driver installation required, but CAP_NET_ADMIN is required to create the TUN device.
- Boringtun - Userspace WireGuard® Implementation in Rust
-
Set up your own VPN at home with Raspberry Pi – Wolfang's Blog
It's using some sort of a custom installer that also downloads Cloudflare's BoringTun (https://github.com/cloudflare/boringtun) directly from the author's website (nyr[.]be), since Cloudflare doesn't seem to offer it as a binary release. Example:
{ wget -qO- https://wg.nyr[.]be/1/latest/download 2>/dev/null || curl -sL https://wg.nyr.be/1/latest/download ; } | tar xz -C /usr/local/sbin/ --wildcards 'boringtun-*/boringtun' --strip-components 1
-
Wireguard not working on Xen virtualization
https://github.com/cloudflare/boringtun https://github.com/WireGuard/wireguard-go
- BoringTun: Userspace WireGuard Implementation in Rust
- A survey of AQM and fq_codel in enterprise bufferbloat battles
quiche
-
Nghttp3 1.0.0 – HTTP/3 library written in C
The title of this post puts emphasis on "written in C", making me wonder when this would ever be a desirable feature, given that more secure implementations are available, and can be integrated into old C projects just as easily.
No need to rewrite everything from the ground up: https://github.com/cloudflare/quiche#curl
-
Curl HTTP/3 with quiche discouraged
The issue is dead silent too!
- Best performing quic implementation?
-
Oxy is Cloudflare's Rust-based next generation proxy framework
Even though Oxy is a proprietary project, we try to give back some love to the open-source community without which the project wouldn’t be possible by open-sourcing some of the building blocks such as https://github.com/cloudflare/boring and https://github.com/cloudflare/quiche.
-
How Rust and Wasm power Cloudflare's 1.1.1.1
They’ve been on the Rust train since at least 2019. Just look at projects like quiche, wrangler, and boringtun
-
What is a CDN? How do CDNs work?
It's more like Cloudflare forked nginx a long time ago, and is meanwhile in the very slow (like, decade-long) process of replacing it entirely.
The Cloudflare Workers Runtime, for instance, is built directly around V8; it does not use nginx or any other existing web server stack. Many new features of Cloudflare are in turn built on Workers, and much of the old stack build on nginx is gradually being migrated to Workers. https://workers.dev https://github.com/cloudflare/workerd
In another part of the stack, there is Pingora, another built-from-scratch web server focused on high-performance proxying and caching: https://blog.cloudflare.com/how-we-built-pingora-the-proxy-t...
Even when using nginx, Cloudflare has rewritten or added big chunks of code, such as implementing HTTP/3: https://github.com/cloudflare/quiche And of course there is a ton of business logic written in Lua on top of that nginx base.
Though arguably, Cloudflare's biggest piece of magic is the layer 3 network. It's so magical that people don't even think about it, it just works. Seamlessly balancing traffic across hundreds of locations without even varying IP addresses is, well, not easy.
I could go on... automatic SSL provisioning? DDoS protection? etc. These aren't nginx features.
So while Cloudflare may have gotten started being more-or-less nginx-as-a-service I don't think you can really call it that anymore.
(I'm the tech lead for Cloudflare Workers.)
- Using WebTransport
-
Is it better to learn web development with Python or C?
Ask Cloudflare why they use HTTP/3 and QUIC https://github.com/cloudflare/quiche.
- DNS-over-HTTP/3 in Android
-
The MQTT broker powering Cloudflare's new Pub/Sub product is written in Rust!
Cloudflare has used rust for multiple projects in the past such as their QUIC/HTTP3 implementation Quiche and a WireGuard implementation BoringTun.
What are some alternatives?
wireguard-go - Mirror only. Official repository is at https://git.zx2c4.com/wireguard-go
quinn - Async-friendly QUIC implementation in Rust
boringtun-example - A real world ping example of boring tun
msquic - Cross-platform, C implementation of the IETF QUIC protocol, exposed to C, C++, C# and Rust.
frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
quic-go - A QUIC implementation in pure Go
mullvadvpn-app - The Mullvad VPN client app for desktop and mobile
shadowsocks-rust - A Rust port of shadowsocks
wireguard-p2p - A tool for setting up WireGuard connections from peer to peer.
neqo - Neqo, an implementation of QUIC in Rust
openvpn-install - Set up your own OpenVPN server on Debian, Ubuntu, Fedora, CentOS or Arch Linux.
s2n-quic - An implementation of the IETF QUIC protocol