Poster: Multipath Extensions for WireGuard

The tunneling protocol WireGuard outperforms its main competitors OpenVPN and IPsec in terms of throughput and latencies. These improvements are due to WireGuard's use of faster crypto primitives, as well as to the implementation of WireGuard as a Linux kernel module that uses multithreading and advanced locking strategies. Independently of the WireGuard project, Lukaszewski et al. demonstrated improvements in end-to-end goodput when tunneling protocols exploit alternative communication paths. In this poster, we combine these two research directions by proposing multipath extensions for WireGuard. Our extensions involve additions to the WireGuard header, which enable obtaining real-time statistics on the performance of each path. Further, these real-time path performance statistics enable a self-adaptive selection of paths. As a proof of concept, we adapted the WireGuard Linux kernel module accordingly and prototyped four example path schedulers, two of which adopt multi-armed bandit algorithms.