WireGuard
What is WireGuard?
WireGuardA modern, minimal VPN protocol that uses a fixed set of state-of-the-art cryptographic primitives and runs as part of the Linux kernel.
WireGuard is a VPN designed for simplicity and performance, with a codebase orders of magnitude smaller than IPsec or OpenVPN. It uses a fixed cryptographic suite (Curve25519, ChaCha20-Poly1305, BLAKE2s, HKDF, Noise IK handshake) and identifies peers by their static public keys rather than per-session passwords. Because WireGuard lives in the Linux kernel (with userspace ports for other OSes), it offers low latency, low overhead, and roaming-friendly behavior: connections survive IP changes seamlessly. It is widely used for remote access, site-to-site, and mesh overlays such as Tailscale and Netmaker, and is increasingly the default choice for new deployments.
● Examples
- 01
A Tailscale mesh network using WireGuard under the hood to connect laptops, servers, and cloud instances.
- 02
A self-hosted WireGuard concentrator on UDP/51820 providing remote employee access.
● Frequently asked questions
What is WireGuard?
A modern, minimal VPN protocol that uses a fixed set of state-of-the-art cryptographic primitives and runs as part of the Linux kernel. It belongs to the Network Security category of cybersecurity.
What does WireGuard mean?
A modern, minimal VPN protocol that uses a fixed set of state-of-the-art cryptographic primitives and runs as part of the Linux kernel.
How do you defend against WireGuard?
Defences for WireGuard typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for WireGuard?
Common alternative names include: WireGuard protocol.