Difference between revisions of "WireGuard"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(40 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Draft}}
+
[[wikipedia:WireGuard]] is a free and open-source software application and communication protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations.  It use [[Noise protocol framework]], [[Curve25519]], [[ChaCha20]], [[Poly1305]], [[BLAKE2]], [[SipHash24]] and [[HKDF]].
[[wikipedia:WireGuard]]
 
  
WireGuard is a free and open-source software application and communication protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations.
 
  
  $ sudo apt install wireguard
+
Technical features:
Included in March 2020 into the [[Linux Kernel changelog|Linux Kernel 5.6]]  
+
* WireGuard is invisible to illegitimate peers and network scanners <ref>https://www.wireguard.com/papers/wireguard.pdf</ref>
 +
* WireGuard uses only [[UDP]] protocol (port 41414).
 +
* [[Connection-less]] protocol
 +
 
 +
 
 +
* [[Curve25519]] used for identified peers, using their public key, a 32-byte Curve25519 point
 +
 
 +
 
 +
 
 +
* Linux: <code>sudo [[apt install wireguard]]</code>
 +
* macOS: <code>[[brew install wireguard-go]]</code>
 +
 
 +
Included in March [[2020]] into the [[Linux Kernel changelog|Linux Kernel 5.6]] , available in Ubuntu since [[Ubuntu 20.10]]
  
 
* [[NordVPN]] offers [[NordLynx]] built on WireGuard
 
* [[NordVPN]] offers [[NordLynx]] built on WireGuard
  
 
WireGuard's encryption speed claims to be faster that [[IPsec]] group protocols.
 
WireGuard's encryption speed claims to be faster that [[IPsec]] group protocols.
==Tailscale==
 
[[Tailscale]], formed in March 2019.
 
  
*It's based on peer-to-peer VPNs rather than piping all VPN traffic through a single concentrator.
+
* [[Debian]] packages: <code>wireguard, wireguard-dkms, [[wireguard-tools]]</code>
 +
 
 +
 
 +
* MacOS: <code>[[brew]] install wireguard-tools</code>
 +
* [[iOS]]: allows auto activation on WiFI based on SSID.
 +
 
 +
== Commands ==
 +
* <code>[[wireguard-go]] wg0</code>
 +
* <code> [[ip link]] add wg0 type [[wireguard]]</code>
 +
* <code>[[wg]]</code>
 +
 
 +
== Configuration ==
 +
* <code>[[/etc/wireguard/]]</code>
 +
* <code>[[/etc/wireguard/wg0.conf]]</code>
  
*Maintains a database of endpoints on its server, so that when client X needs to talk to client Z, it fetches the endpoint details and then makes a direct connection. It's calls this a mesh network.
 
  
Tailscale works info: https://tailscale.com/blog/how-tailscale-works/
+
Author: Jason A. Donenfeld. Advisors: [[Trevor Perrin]], [[Jean-Philippe Aumasson]], [[Steven M. Bellovin]], and [[Greg Kroah-Hartman]]<ref>https://www.wireguard.com/papers/wireguard.pdf</ref>
  
===Price===
+
== Activities ==
*Solo: Free
+
* Read https://wiki.archlinux.org/index.php/WireGuard
*Connectivity: $10
+
 
*Security: $20
+
== Related terms ==
*Enterprise: on request
+
* <code>[[sysctl]] -w [[net.ipv4]].[[ip_forward]]=1</code>
 +
* <code>sysctl -w net.ipv6.conf.all.forwarding=1</code>
 +
* [[4G]]
 +
* Clients behind [[NAT]] can keep the VPN established using an optional <code>keepalive</code> parameter; it defaults to no keepalive
 +
* <code>wg-watchdog.sh</code> https://gist.github.com/mattkasun/9a0e90d9d31b2c935d3f6d6e71dbece9
 +
* <code>[[pritunl]]</code>
  
 
== See also ==
 
== See also ==
 +
* {{wg}}
 +
* {{WireGuard}}
 
* {{VPN}}
 
* {{VPN}}
 
+
* [[Edge Security LLC]]
  
  
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
[[Category:WireGuard]]
 +
[[Category:Tunneling protocols]]
 +
[[Category:Virtual private networks]]

Latest revision as of 12:56, 25 January 2024

wikipedia:WireGuard is a free and open-source software application and communication protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations. It use Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 and HKDF.


Technical features:

  • WireGuard is invisible to illegitimate peers and network scanners [1]
  • WireGuard uses only UDP protocol (port 41414).
  • Connection-less protocol


  • Curve25519 used for identified peers, using their public key, a 32-byte Curve25519 point


Included in March 2020 into the Linux Kernel 5.6 , available in Ubuntu since Ubuntu 20.10

WireGuard's encryption speed claims to be faster that IPsec group protocols.


  • MacOS: brew install wireguard-tools
  • iOS: allows auto activation on WiFI based on SSID.

Commands[edit]

Configuration[edit]


Author: Jason A. Donenfeld. Advisors: Trevor Perrin, Jean-Philippe Aumasson, Steven M. Bellovin, and Greg Kroah-Hartman[2]

Activities[edit]

Related terms[edit]

See also[edit]

  • https://www.wireguard.com/papers/wireguard.pdf
  • https://www.wireguard.com/papers/wireguard.pdf
    • Retrieved from "https://www.wikieduonline.com/index.php?title=WireGuard&oldid=293198"

    Advertising: