WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.
WireGuard is a peer-to-peer VPN service. The protocol itself treats all peers equally, so there is nothing that distinguishes a server from a client. That said, this VPN protocol is highly flexible and can be used as a direct peer-to-peer communications channel, server-client type relationship or in a site-to-site configuration. Wireguard as a VPN Server or Client provides some examples of the various contexts in which WireGuard may be configured.
To create a new WireGuard interface go to Network > Interfaces > Add new interface… and select “WireGuard VPN” from the “Protocol” dropdown menu.
Generate a key pair of private and public keys, and store them in
/etc/wireguard for easy reference. From a terminal, enter:
mkdir -p /etc/wireguard cd /etc/wireguard wg genkey | tee ./privatekey | wg pubkey > ./publickey
This saves two files in
The LuCI menu Status → WireGuard Status shows information about the WireGuard VPN.