What is Wireguard?

WireGuard is a simple, fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be leaner and more useful than IPsec while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.

Wireguard is cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry. Merged into the Linux source tree for version 5.6.

Created by Jason Donenfeld, a cybersecurity expert and founder of Edge Security, WireGuard stems from his own rootkit exfiltration methods that he used to stay inside networks for extended periods without being noticed. When compared to other popular VPN protocols, it is clear to see just how WireGuard blows them out of the water.

The codebases for other popular protocols such as OpenVPN and IPSec are huge, running to hundreds and thousands of lines of code. This is problematic because it makes finding and troubleshooting bugs and vulnerabilities difficult. Today, bugs and vulnerabilities are still being found in other VPN protocols because their codebases are extremely vast.

Wireguard works exclusively on layer 3 of the OSI model (IPv4, IPv6, IPv4-over-IPv6, and IPv6-over-IPv4). The WireGuard protocol uses Curve25519 (ECDHE) for key exchange and Chacha20-poly1305 for data transport. It is UDP-based and has built-in stealth, which allows it to punch through firewalls.

Consider making a donation to support open-source Wireguard development https://www.wireguard.com/donations

WireGuard: fast, modern, secure VPN tunnel