WireGuard is an open-source software application and protocol that implements virtual private network (VPN) techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols. It is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It uses UDP.

WireGuard can be installed through the package wireguard and luci-app-wireguard for integration with LuCI.

To create a new Wireguard interface go to Network > Interfaces > Add new interface… and select “Wireguard VPN” from the “Protocol of the new interface” dropdown menu.

To generate a key pair of private and public keys, and store them to the files “privkey” and “pubkey” respectively, run:

wg genkey | tee privkey | wg pubkey > pubkey

• The private key (“privkey”) must be kept secret and safe; It's the key you enter into the config, for example in LuCI.
• The public key (“pubkey”) is shared with peers (the other end that gets connected with).

If you are using LuCI to configure WireGuard, it's enough to run “wg genkey” and copy the output into the field “Private Key”; The public key is then later shown in the LuCI interface under Status > WireGuard status.

See also:

• WireGuard configuration example

• WireGuard Homepage
• WireGuard's technical whitepaper
• WireGuard's repository
• WireGuard setup walkthrough