Difference between revisions of "WireGuard"
Jump to navigation
Jump to search
↑ https://www.wireguard.com/papers/wireguard.pdf
↑ https://www.wireguard.com/papers/wireguard.pdf
(43 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | [[wikipedia:WireGuard]] is a free and open-source software application and communication protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations. It use [[Noise protocol framework]], [[Curve25519]], [[ChaCha20]], [[Poly1305]], [[BLAKE2]], [[SipHash24]] and [[HKDF]]. | |
− | [[wikipedia:WireGuard]] | ||
− | |||
− | + | Technical features: | |
− | Included in 2020 into the [[Linux Kernel changelog|Linux Kernel 5.6]] | + | * WireGuard is invisible to illegitimate peers and network scanners <ref>https://www.wireguard.com/papers/wireguard.pdf</ref> |
+ | * WireGuard uses only [[UDP]] protocol (port [[41414]]). | ||
+ | * [[Connection-less]] protocol | ||
+ | |||
+ | |||
+ | * [[Curve25519]] used for identified peers, using their public key, a 32-byte Curve25519 point | ||
+ | |||
+ | |||
+ | |||
+ | * Linux: <code>sudo [[apt install wireguard]]</code> | ||
+ | * macOS: <code>[[brew install wireguard-go]]</code> | ||
+ | |||
+ | Included in March [[2020]] into the [[Linux Kernel changelog|Linux Kernel 5.6]] , available in Ubuntu since [[Ubuntu 20.10]] | ||
* [[NordVPN]] offers [[NordLynx]] built on WireGuard | * [[NordVPN]] offers [[NordLynx]] built on WireGuard | ||
WireGuard's encryption speed claims to be faster that [[IPsec]] group protocols. | WireGuard's encryption speed claims to be faster that [[IPsec]] group protocols. | ||
− | |||
− | |||
− | * | + | * [[Debian]] packages: <code>wireguard, wireguard-dkms, [[wireguard-tools]]</code> |
+ | |||
+ | |||
+ | * MacOS: <code>[[brew]] install wireguard-tools</code> | ||
+ | * [[iOS]]: allows auto activation on WiFI based on SSID. | ||
+ | |||
+ | == Commands == | ||
+ | * <code>[[wireguard-go]] wg0</code> | ||
+ | * <code> [[ip link]] add wg0 type [[wireguard]]</code> | ||
+ | * <code>[[wg]]</code> | ||
+ | |||
+ | == Configuration == | ||
+ | * <code>[[/etc/wireguard/]]</code> | ||
+ | * <code>[[/etc/wireguard/wg0.conf]]</code> | ||
− | |||
− | + | Author: Jason A. Donenfeld. Advisors: [[Trevor Perrin]], [[Jean-Philippe Aumasson]], [[Steven M. Bellovin]], and [[Greg Kroah-Hartman]]<ref>https://www.wireguard.com/papers/wireguard.pdf</ref> | |
− | === | + | == Activities == |
− | * | + | * Read https://wiki.archlinux.org/index.php/WireGuard |
− | * | + | |
− | * | + | == Related terms == |
− | * | + | * <code>[[sysctl]] -w [[net.ipv4]].[[ip_forward]]=1</code> |
+ | * <code>sysctl -w net.ipv6.conf.all.forwarding=1</code> | ||
+ | * [[4G]] | ||
+ | * Clients behind [[NAT]] can keep the VPN established using an optional <code>keepalive</code> parameter; it defaults to no keepalive | ||
+ | * <code>wg-watchdog.sh</code> https://gist.github.com/mattkasun/9a0e90d9d31b2c935d3f6d6e71dbece9 | ||
+ | * <code>[[pritunl]]</code> | ||
+ | * [[Tailscale]] | ||
== See also == | == See also == | ||
+ | * {{wg}} | ||
+ | * {{WireGuard}} | ||
* {{VPN}} | * {{VPN}} | ||
− | + | * [[Edge Security LLC]] | |
[[Category:Security]] | [[Category:Security]] | ||
[[Category:Networking]] | [[Category:Networking]] | ||
+ | [[Category:WireGuard]] | ||
+ | [[Category:Tunneling protocols]] | ||
+ | [[Category:Virtual private networks]] |
Latest revision as of 08:28, 3 July 2024
wikipedia:WireGuard is a free and open-source software application and communication protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations. It use Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24 and HKDF.
Technical features:
- WireGuard is invisible to illegitimate peers and network scanners [1]
- WireGuard uses only UDP protocol (port 41414).
- Connection-less protocol
- Curve25519 used for identified peers, using their public key, a 32-byte Curve25519 point
- Linux:
sudo apt install wireguard
- macOS:
brew install wireguard-go
Included in March 2020 into the Linux Kernel 5.6 , available in Ubuntu since Ubuntu 20.10
WireGuard's encryption speed claims to be faster that IPsec group protocols.
- Debian packages:
wireguard, wireguard-dkms, wireguard-tools
Commands[edit]
wireguard-go wg0
ip link add wg0 type wireguard
wg
Configuration[edit]
Author: Jason A. Donenfeld. Advisors: Trevor Perrin, Jean-Philippe Aumasson, Steven M. Bellovin, and Greg Kroah-Hartman[2]
Activities[edit]
Related terms[edit]
sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv6.conf.all.forwarding=1
- 4G
- Clients behind NAT can keep the VPN established using an optional
keepalive
parameter; it defaults to no keepalive wg-watchdog.sh
https://gist.github.com/mattkasun/9a0e90d9d31b2c935d3f6d6e71dbece9pritunl
- Tailscale
See also[edit]
wg
,wg-quick
[up
| down | strip ],wg genkey
,wg show
- WireGuard,
wg
,wg-quick
, Curve25519,wireguard-tools
, Pritunl - VPN: IPsec (Openswan), OpenVPN, Forticlient, GlobalProtect (PAN-OS), WireGuard (Linux Kernel), Tailscale, PulseSecure, WebVPN, SoftEther, ESP, IKE, AWS VPN, Zerotier, VPN client, Pritunl, GCP Cloud VPN, Mesh virtual private network, Mullvad
- Edge Security LLC
Advertising: