The Samba team has completed Milestone Group 5 of the STA-funded development project: Full support for SMB over QUIC is now implemented in Samba. This represents a major technological step in the evolution of secure file sharing and remote access capabilities.
QUIC, a modern transport protocol developed by Google and standardized by the IETF, offers encrypted, low-latency connectivity – especially over untrusted or high-latency networks like the public Internet. With this integration, Samba effectively becomes a secure "SMB VPN", enabling seamless access to file servers for remote users, mobile devices, and high-security environments – without requiring traditional VPN infrastructure.
The work was carried out across four interdependent milestones:
- Integration of the Linux kernel QUIC driver into Samba's networking logic, enabling smbd to listen on UDP port 443.
- Extension of the socket_wrapper tool, allowing QUIC functionality to be tested automatically without relying on kernel-level network access.
- Implementation of a userspace QUIC fallback using ngtcp2, ensuring compatibility with older systems or development environments.
- Support for SMB2_TRANSPORT_CAPABILITIES negotiation, which avoids redundant encryption by coordinating QUIC and SMB protocol layers.
All code contributions have been published in Samba’s public repositories and upstream projects, continuing Samba’s long-standing commitment to transparent, open development.
What’s next? Linux kernel catch-up!
With Samba’s side of SMB3 over QUIC now complete, the next big step depends on the Linux kernel itself. At present, QUIC support requires the external quic.ko module, tested against Linux 6.14. Out of the box, no current Linux release ships this functionality.
The good news: a dedicated upstream branch is already in review. Once merged, QUIC will become part of the Linux kernel – making SMB over QUIC broadly available for production use.
Strengthening open infrastructure and digital sovereignty
This achievement marks the successful completion of one of six major workstreams in the STA-funded project to advance Samba. It shows how targeted investment in open-source infrastructure delivers both technical progress and strategic independence.
By making SMB over QUIC freely available, Samba empowers organizations to rely on secure file services without lock-in to proprietary solutions. This is digital sovereignty in practice: critical IT functions remain transparent, community-driven, and under shared control.
The Sovereign Tech Agency (STA) and its Fund (STF) support this work as part of its mission to strengthen open-source infrastructure and digital resilience. With the funding, the Samba team ensures long-term development that is not only reliable today, but future-proof for sovereign and interoperable IT infrastructures.
