WireGuard is a free and open source Virtual Private Network (VPN) software application and communication protocol that uses VPN techniques to create secure point-to-point connections in routed or bridged configurations. It uses cryptography protocols and algorithms to protect data. Originally developed for the Linux kernel, it can also be used on Windows, macOS, BSD, iOS, and Android. The protocol aims for better performance, security and simplicity than IPsec and OpenVPN tunneling protocols.

How WireGuard works

WireGuard uses tested cryptographic primitives that result in strong default cryptographic choices that users don’t have the ability to change. It does not use cryptographic agility, which is the concept of offering choices among different encryption, key exchange, and hashing algorithms, sometimes resulting in insecure deployments. WireGuard uses state of the art cryptography like ChaCha 20 for symmetric encryption with Poly1305 for message authentication. It includes protection against key impersonation, denial-of-service and replay attacks, and post-quantum cryptographic resistance.

A process called cryptokey routing is used in WireGuard’s encryption. It associates public encryption keys with a list of VPN tunnel IP addresses that are allowed inside the tunnel. A unique private key and a list of peers is associated with each network interface. Each peer has a short and simple public key to authenticate it with other peers. The public keys can be distributed for use in configuration files and is similar to key-based authentication in OpenSSH.

IP addresses can be readily switched on both ends without breaking the system. Users can switch between Wi-Fi, cellular, and other connections without having to worry about the configuration. This is because the client configuration contains an initial endpoint for its definition server so it knows where to send encrypted information before it receives any. Since the clients continue to track the server, if the system changes location, the clients will discover the new server endpoint and update their configuration.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Related Articles

Special Character

A special character is one that is not considered a number or letter. Symbols, accent marks, and punctuation marks are considered special characters. Similarly,...


Table of contents What is Software? History of Software Software vs. Hardware Software vs. Hardware Comparison Chart What Types of Software Exist? Saas vs....

Email Address

What is an Email Address? An email address is a designation for an electronic mailbox that sends and receives messages, known as email, on a...

Information Technology (IT) Architect

The information technology architect applies IT resources to meet specific business requirements. The role requires a high degree of technical expertise as well as...


Geotargeting is a method of delivering data or content to users based on...

Agile Project Management

Agile project management enables business teams to approach their projects and tasks with...

Private 5G Network

A private 5G network is a private local area network (LAN) that utilizes...