It means that WireGuard will be included in your distro's kernel, which will ease installation. Before, you had to do some ugly kernel module compilation steps, usually using dkms, which was prone to failure and was a general nightmare to deal with. Moving forward, you'll just run "apt install wireguard-tools", and you'll be all set.

To temper expectations, though, this is slated for 5.6, which won't be released for another ~120 days or so. After that point it will trickle down to distros. So there's some time yet before users start seeing the direct consequences of this exciting announcement, but it'll be coming.

It works mostly without problems, but be careful relying on it as a sole means of accessing your server. I've locked myself out (luckily it was just a test server) by closing SSH port on public IP and allowing it only on Wireguard interface. One day I updated the kernel, dev headers got mixed up and my wg0 interface didn't come up after reboot.

The issue you described (DKMS wasn't able to build the module for the new version of the kernel) will go away once Wireguard is in the kernel "properly" (which is what this announcement is about)

I installed wireguard via ppa on my ubuntu based distro, which wasn't too much of a pain. Are you referring to the "hacks" needed in your install section on the website for e.g. Red Hat/Cent OS?

very happy with the performance and stability, thanks a lot for your work!

No, I'm referring to that PPA, which includes the error-prone DKMS stuff. I'm glad it worked for you. Indeed we've put a lot of effort into ensuring that our DKMS stuff mostly _does_ work properly. Sometimes it doesn't though, and then it's a huge hassle. It's this hassle, for people less lucky than yourself with DKMS, that will go away with Linux 5.6.

I see. Thanks again, have a great day!

Would it mean that changes in Wireguard will require a new version of the kernel ?

EDIT: I mean, if I am on debian and I have kernel 5.6-build123, a patch to Wireguard would mean I will need to upgrade to 5.6-build124 ?

Debian will probably ship it as a module, like the other networking modules they ship, which means as long as they don't change ABI, after your `apt upgrade`, you can do the usual `rmmod wireguard && modprobe wireguard` to hot-load the new version at runtime without having to reboot.