|Original author(s)||Jason A. Donenfeld|
|Developer(s)||Edge Security LLC.|
|Written in||C (Linux kernel module), Go (userspace implementation)|
|Type||Virtual private network|
|As of||23 January 2019|
WireGuard is a free and open-source software application and communication protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols.
WireGuard aims to provide a VPN that is both simple and highly effective. A review by ArsTechnica observed that popular VPN technologies such as OpenVPN and IPsec are often complex to set up, disconnect easily (in the absence of further configuration), take substantial time to negotiate reconnections, may use outdated ciphers, and have relatively massive code (400,000 to 600,000 lines of code for the two examples given) which makes it harder to find bugs.
WireGuard's design seeks to reduce these issues, making the tunnel more secure and easier to manage by default. By using versioning of cryptography packages, it focuses on ciphers believed to be among the most secure current encryption methods, and also has a codebase of around 4000 lines, about 1% of either OpenVPN or IPsec, making security audits easier. Ars technica reported that in testing, stable tunnels were easy to create with WireGuard, compared to alternatives, and commented that it would be "hard to go back" to long reconnection delays, compared to WireGuard's "no nonsense" instant reconnections.
WireGuard utilizes Curve25519 for key exchange, ChaCha20 for encryption, and Poly1305 for data authentication, SipHash for hashtable keys, and BLAKE2s for hashing. It supports layer 3 for both IPv4 and IPv6 and can encapsulate v4-in-v6 and vice versa. It was written by Jason A. Donenfeld and is published under the second version of the GNU General Public License (GPL).
As of June 2018[update] the developers of WireGuard advise treating the code and protocol as experimental, and caution that they have not yet achieved a stable release compatible with CVE tracking of any security vulnerabilities that may be discovered.
Oregon senator Ron Wyden has recommended to the National Institute of Standards and Technology (NIST) that they evaluate WireGuard as a replacement for existing technologies like IPsec and OpenVPN.
Implementations of the WireGuard protocol include:
- Donenfeld's initial implementation, written in C and Go.
- Cloudflare's BoringTun, a user space implementation written in Rust.
- "Installation". WireGuard. Archived from the original on 22 July 2019. Retrieved 20 August 2019.
- Preneel, Bart; Vercauteren, Frederik (eds.). Applied Cryptography and Network Security. Springer. ISBN 978-3-319-93387-0. Archived from the original on 18 February 2019. Retrieved 25 June 2018.
- Salter, Jim (26 August 2018). "WireGuard VPN review: A new type of VPN offers serious advantages". ars technica. Archived from the original on 20 September 2018.
- "WireGuard: fast, modern, secure VPN tunnel". WireGuard. Archived from the original on 28 April 2018. Retrieved 28 April 2018.
- Donenfeld, Jason A. "Introduction & Motivation" (PDF). WireGuard: Next Generation Kernel Network Tunnel (PDF). Archived (PDF) from the original on 4 March 2018.
- Benjamin Lipp, Bruno Blanchet, Karthikeyan Bhargavan (2019), A Mechanised Cryptographic Proof of the WireGuard Virtual Private Network Protocol, Research Report RR-9269, Paris: Inria, hal-02100345CS1 maint: Uses authors parameter (link)
- Mason, John (13 February 2019). "Mullvad Review". thebestwpn. 2. Strong Tunneling Protocols – OpenVPN & WireGuard. Archived from the original on 16 March 2019. Retrieved 8 April 2019.
- Mason, John (19 February 2019). "AzireVPN Review". thebestwpn. 2. Impressive Protocols and Encryption. Archived from the original on 8 April 2019. Retrieved 8 April 2019.
- "Donations". WireGuard. Archived from the original on 28 April 2018. Retrieved 28 April 2018.
- "About The Project". WireGuard. Work in Progress. Archived from the original on 25 June 2018. Retrieved 25 June 2018.
- "Installation". WireGuard. Archived from the original on 26 June 2018. Retrieved 26 June 2018.
- Wolford, Ben (18 December 2018). "ProtonMail is auctioning a Lifetime Account to support WireGuard". ProtonMail Blog. Archived from the original on 18 December 2018. Retrieved 19 December 2018.
- "US Senator Recommends Open-Source WireGuard To NIST For Government VPN". Phoronix. 30 June 2018. Archived from the original on 5 August 2018. Retrieved 5 August 2018.
- Donenfeld, Jason (7 June 2019). "WireGuard: fast, modern, secure VPN tunnel". Retrieved 16 June 2019.
- Krasnov, Vlad (18 December 2018). "BoringTun, a userspace WireGuard implementation in Rust". Cloudflare Blog. Archived from the original on 4 April 2019. Retrieved 29 March 2019.
- "CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation". phoronix.com. Retrieved 29 March 2019.