On Mon, 2018-03-05 at 10:19 +0100, Jason A. Donenfeld wrote:
> One aspect of the WireGuard project is that we're taking development
> very carefully and slowly, not jumping to premature releases, and
> really studying every bit of what we produce in order to ship the
> least-vulnerable and most-correct code we possibly can. We're still
> shipping code -- it's not an approach that results in a complete
> standstill -- but it does mean that in these intervening periods,
> there will be propheteers and cowboys coming out of the woodwork to
> fill the void.

I wasn't sure whether to suggest this before, but adding Wireguard
support to OpenConnect ought to be fairly easy. We already support
three VPN protocols, so we have a *relatively* sane distinction between
the protocol-specific parts, and all the OS-specific tun device
handling and other bits that would just be gratuitous wheel-reinvention 
for you.

It basically gives you support for Windows, Solaris, OSX, Android and
various BSDs for nothing. With NetworkManager support.

For a client that *isn't* purely wrapping the kernel implementation, it
probably makes sense rather starting from scratch. If anyone's
interested in working on it, I'd be happy to give some pointers.

(I've also looked in the past at adding kernel support too, for DTLS
acceleration; I may take a look at that again.)