GotaTun -- Mullvad的WireGuard Rust实现

GotaTun -- Mullvad的WireGuard Rust实现
GotaTun – Mullvad's WireGuard Implementation in Rust

原始链接: https://mullvad.net/en/blog/announcing-gotatun-the-future-of-wireguard-at-mullvad-vpn

## GotaTun：一种新的WireGuard实现 Mullvad VPN开发了GotaTun，一种基于Rust的WireGuard®协议实现，旨在提高性能和可靠性。GotaTun源自Cloudflare的BoringTun，并加入了DAITA和多跳等隐私功能，同时优先考虑安全的线程处理和零拷贝内存策略。 GotaTun创建的主要驱动力是之前WireGuard实现`wireguard-go`的高崩溃率。超过85%的Android应用程序崩溃源于`wireguard-go`，并且跨Rust/Go语言边界调试问题非常困难。于2025年末向Android用户推出的初始版本非常成功，**消除了之前归因于`wireguard-go`的崩溃，并将用户感知的崩溃率从0.40%降低到0.01%**。用户还报告了速度和电池寿命的改善。 Mullvad计划在2026年用GotaTun取代所有平台（桌面、iOS）上的`wireguard-go`，同时进行第三方安全审计并持续进行性能增强。

原文

GotaTun is a WireGuard® implementation written in Rust aimed at being fast, efficient and reliable.

GotaTun is a fork of the BoringTun project from Cloudflare. This is not a new protocol or connection method, just WireGuard® written in Rust. The name GotaTun is a combination of the original project, BoringTun, and Götatunneln, a physical tunnel located in Gothenburg. We have integrated privacy enhancing features like DAITA & Multihop, added first-class support for Android and used Rust to achieve great performance by using safe multi-threading and zero-copy memory strategies.

Last month we rolled it out to all our Android users, and we aim to ship it to the remaining platforms next year.

Our mobile apps have relied on wireguard-go for several years, a cross-platform userspace implementation of WireGuard® in Go. wireguard-go has been the de-facto userspace implementation of WireGuard® to this date, and many VPN providers besides Mullvad use it. Since mid-2024 we have been maintaining a fork of
wireguard-go to support features like DAITA & Multihop. While wireguard-go has served its purpose for many years it has not been without its challenges.

For Android apps distributed via the Google Play Store, Google collects crash reports and makes them available to developers. In the developer console we have seen that more than 85% of all crashes reported have stemmed from the wireguard-go. We have managed to solve some of the obscure issues over the years (#6727 and #7728 to name two examples), but many still remain. For these reasons we chose Android as the first platform to release GotaTun on, allowing us to see the impact right away.

Another challenge we have faced is interoperating Rust and Go. Currently, most of the service components of the Mullvad VPN app are written in Rust with the exception of wireguard-go. Crossing the boundary between Rust and Go is done using a foreign function interface (FFI), which is inherently unsafe and complex. Since Go is a managed language with its own separate runtime, how it executes is opaque to the Rust code. If wireguard-go were to hang or crash, recovering stacktraces is not always possible which makes debugging the code cumbersome. Limited visibility insight into crashes stemming from Go has made troubleshooting and long-term maintenance tedious.

Outcome

The impact has been immediate. So far not a single crash has stemmed from GotaTun, meaning that all our old crashes from wireguard-go are now gone. Since rolling out GotaTun on Android with version 2025.10 in the end of November we’ve seen a big drop in the metric user-perceived crash rate, from 0.40% to 0.01%, when comparing to previous releases. The feedback from users' have also been positive, with reports of better speeds and lower battery usage.

User-perceived crash rate

Looking ahead

We’ve reached the first major milestone with the release of GotaTun on Android, but we have a lot more exciting things in store for 2026.

A third-party security audit will take place early next year.
We will replace wireguard-go with GotaTun across all platforms, including desktop and iOS.
More effort will be put into improving performance.

We hope you are as excited as we are for 2026!