Docker's LinuxKit Launches Kernel Security Efforts, Including Next-Generation VPN

darthcamaro writes: Back in April, when Docker announced its LinuxKit effort, the primary focus appeared to just be [tools for] building a container-optimized Linux distribution. As it turns out, security is also a core focus -- with LinuxKit now incubating multiple efforts to help boost Linux kernel security. Among those efforts is the Wireguard next generation VPN that could one day replace IPsec. "Wireguard is a new VPN for Linux using the cryptography that is behind some of the really good secure messaging apps like Signal," said Nathan McCauley, Director of Security at Docker Inc.
According to the article, Docker also has several full-time employees looking at ways to reduce the risk of memory corruption in the kernel, and is also developing a new Linux Security Module with more flexible access control policies for processes.

Linux VPN support sucks

[AaronW]

Something needs to happen.

Last night I tried to get pptp to work with our corporate VPN and it failed miserably. I ran Wireshark to figure out what the problem is and the Linux PPP stack just can't handle the options that it was being sent (bug opened on pppd). Next I tried to connect to my home firewall VPN which used to work and again this failed miserably because the Linux PPP stack refused to turn off the async char map negotiation (which isn't used for PPTP).

I've also struggled to get ipsec in any form to work (no success) nor have I been able to get openvpn to work, requiring all the generation of certs and whatnot. PPTP, despite being quite insecure, at least used to work before the modern PPP brokeness.

The problem with VPNs is that the solutions are overly complicated with a bazillion different options.

IPSec + L2TP!?!?! This is insane. PPTP is just plain broken as well.

I want something as simple as how PPTP used to work but without all the broken security (i.e. MD5 password hashes) and get rid of PPP.