WireGuard is a free and open source Virtual Private Network (VPN) software application and communication protocol that uses VPN techniques to create secure point-to-point connections in routed or bridged configurations. It uses cryptography protocols and algorithms to protect data. Originally developed for the Linux kernel, it can also be used on Windows, macOS, BSD, iOS, and Android. The protocol aims for better performance, security and simplicity than IPsec and OpenVPN tunneling protocols.

How WireGuard works

WireGuard uses tested cryptographic primitives that result in strong default cryptographic choices that users don’t have the ability to change. It does not use cryptographic agility, which is the concept of offering choices among different encryption, key exchange, and hashing algorithms, sometimes resulting in insecure deployments. WireGuard uses state of the art cryptography like ChaCha 20 for symmetric encryption with Poly1305 for message authentication. It includes protection against key impersonation, denial-of-service and replay attacks, and post-quantum cryptographic resistance.

A process called cryptokey routing is used in WireGuard’s encryption. It associates public encryption keys with a list of VPN tunnel IP addresses that are allowed inside the tunnel. A unique private key and a list of peers is associated with each network interface. Each peer has a short and simple public key to authenticate it with other peers. The public keys can be distributed for use in configuration files and is similar to key-based authentication in OpenSSH.

IP addresses can be readily switched on both ends without breaking the system. Users can switch between Wi-Fi, cellular, and other connections without having to worry about the configuration. This is because the client configuration contains an initial endpoint for its definition server so it knows where to send encrypted information before it receives any. Since the clients continue to track the server, if the system changes location, the clients will discover the new server endpoint and update their configuration.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...