WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.
To create a new Wireguard interface go to Network > Interfaces > Add new interface… and select “Wireguard VPN” from the “Protocol of the new interface” dropdown menu.
To generate a key pair of private and public keys, and store them to the files “privkey” and “pubkey” respectively, run:
wg genkey | tee privkey | wg pubkey > pubkey
If you are using LuCI to configure WireGuard, it's enough to run “wg genkey” and copy the output into the field “Private Key”; The public key is then later shown in the LuCI interface under Status > WireGuard status.