WireGuard “WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.”
— wireguard.com WireGuard is: I small, ~4000 LoC means a smaller attack surface and easily auditable,
I fast, it’s lightweight and implemented in the kernel,
I opinionated, makes conservative choices for you,
I simple, authentication works like SSH and most of the networking is just using ip. Small
I ~4000 LoC (not including cryptographic primitives) is very small.
400
300
kLoC 200
100
0 WireGuard OpenVPN IPsec Small
I Easily auditable: hasn’t happened formally yet; more secure than OpenVPN, etc.? Fast
I Layer 3 (only). I It is small ⇒ lightweight and fast. I It lives in the kernel, so no need to copy packets in and out of userspace. I Multicore. I Fast for both transferring and connecting. Fast From https://www.wireguard.com/performance/ (i7) Fast Via iperf3/TCP (running on WireGuard server): I ~74 Mb/s, both natively and through the tunnel. Via iperf3/UDP (running on WireGuard server):
250
200 Mb/s y 150
100
Packet loss at 50
0 Native WireGuard Via speedtest (AWS California → San Jose):
250
200
150 Mb/s 100
50
0 Native WireGuard OpenVPN (SF) Fast
WireGuard is fast on non-x86 devices. On our routers (Vadim) we get ~100 Mb/s (to California) with CPU at ~20 %. Compare this to ~60 Mb/s for OpenVPN, CPU at 100%.
Roughly 2× what they got via OpenVPN. www.skadligkod.se/vpn/wireguard-speed-tests-on-asus-rt-ac86u/ Opinionated
I WireGuard doesn’t oer cypher agility. I Uses modern, conservative cryptography based on NOISE. I ECDH: Curve25519. Fast, ephemeral, perfect forward secrecy. No TLS, CA, PKI, etc.
I Key derivation: HKDF. I Symmetric cypher: ChaCha20Poly1305. Fast on all processors, AEAD.
I Hash: BLAKE2s. I Optional pre-shared key for post-quantum security. Simple
demo Server’s conguration le
[Interface] PrivateKey = [server 's private key] Address = 10.10.0.1/24, fd80::1/64 ListenPort = 2307 SaveConfig = true PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[ Peer ] PublicKey = [client 's public key] PresharedKey = [preshared.key] AllowedIPs = 10.10.0.2/32, fd80::2/128 Client’s conguration le
[Interface] PrivateKey = [client 's private key] Address = 10.10.0.2/24, fd80::2/64 ListenPort = 2307 DNS = 10.10.0.1 PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[ Peer ] PublicKey = [server 's public key] PresharedKey = [preshared.key] AllowedIPs = 0.0.0.0/0, ::/0 Endpoint = [wireguard server]:2307 Protocol
Silent and stealthy I WireGuard does not alter state or respond if a packet is unauthenticated. I WireGuard isn’t chatty. This is great for mobile devices 1-RTT I No cypher negotiation, etc. I This makes WireGuard appear stateless. I It also makes for very fast connection time. Protocol
DoS Protection I Handshake responses are smaller than initiation messages. I If a peer is under load, it uses a cookie scheme similar to IKEv2 but manages to: stay stealthy; prevent cookie from being MitM’d; not allow this scheme to DoS another peer. Key Rotation I Keys are rotated every 120 seconds or every 264 − 216 − 1 messages. But it doesn’t matter if we miss a rekey, since the handshake is 1-RTT anyway. Protocol
Roaming I Cryptokey routing. I Designed for roaming: outages don’t aect the tunnel, switching networks (e.g. WiFi → 4G) is seamless, not much scope for leaks. Protocol
Reviews I Formal verication. Proven symbolically by Tamarin, a protocol verication tool. Analogous protocols have been formally veried too. https://www.wireguard.com/formal-verification/ I Audited by humans too. https://eprint.iacr.org/2018/080 Landscape
VPN providers oering WireGuard I Mullvad (also oering SOCKS5 multihop) I Azire (for free) VPN providers allegedly considering it I ProtonVPN I PIA VPN providers that have donated I Mullvad I PIA Support
I Any kernel ≥ 3.10. I Packaged by pretty much all main Linux distributions, including OpenWrt/LEDE. I In-tree for a bunch of custom Android ROMs. I Will become part of the kernel in future. I wg will become part of ip. I systemd integration exists. Userspace
Userspace implementations in: I Go; I Rust. Userspace Android app (in beta) already exists using wireguard-go. Userspace Links
I WireGuard I https://www.wireguard.com/ I Thread on obfuscation: https://lists.zx2c4.com/pipermail/wireguard/2016-July/000184.html
I Mullvad I https://mullvad.net/en/blog/2017/9/27/wireguard-future/ I https://www.mullvad.net/en/blog/2017/12/8/ introducing-post-quantum-vpn-mullvads-strategy-future-problem/ I https://www.mullvad.net/en/guides/running-wireguard-router/ I https://www.mullvad.net/en/guides/wireguard-and-mullvad-vpn/ I https://mullvad.net/en/guides/socks5-proxy/#wireguard-socks5
I Azire I https://www.azirevpn.com/wireguard
I XDA I https://forum.xda-developers.com/android/development/ wireguard-rom-integration-t3711635