WireGuard is a fast and modern cross-platform VPN that utilizes state-of-the-art cryptography.
The goal of WireGuard is to be faster, simpler, leaner, and more useful than IPsec, as well as aiming to be considerably more efficient than OpenVPN.
WireGuard is designed to be a general-purpose VPN for running on embedded interfaces and super computers alike, usable in numerous circumstances. WireGuard was initially released for the Linux kernel but now can run on Windows, macOS, BSD, iOS, Android and is widely deployable.
WireGuard was designed with ease-of-implementation and simplicity in mind. This simplicity translates to its ability to be implemented in very few code lines and auditable for security vulnerabilities. Compared to other similar apps like Swan/IPsec or OpenVPN/OpenSSL, where auditing the massive codebases can be an overwhelming task even for teams of security experts, WireGuard will prove to comprehensively reviewable even by single individuals.
A new interface can be added via ip-link(8), which should automatically handle module loading:
# ip link add dev wg0 type wireguard (Non-Linux users will instead write wireguard-go wg0.)
An IP address and peer can be assigned with ifconfig(8) or ip-address(8)
# ip address add dev wg0 192.168.2.1/24 Or, if there are only two peers total, something like this might be more desirable:
# ip address add dev wg0 192.168.2.1 peer 192.168.2.2 The interface can be configured with keys and peer endpoints with the included wg(8) utility:
# wg setconf wg0 myconfig.conf or
# wg set wg0 listen-port 51820 private-key /path/to/private-key peer ABCDEF... allowed-ips 192.168.88.0/24 endpoint 22.214.171.124:8172 Finally, the interface can then be activated with ifconfig(8) or ip-link(8):