WireGuard ============ .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is WireGuard?** WireGuard is a modern, lightweight, and high-performance VPN protocol designed to create secure point-to-point connections. It uses state-of-the-art cryptography and is known for its simplicity, speed, and ease of deployment. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is WireGuard important?** * **Fast and Efficient** – Minimal codebase and optimized performance make it faster than traditional VPNs like IPsec or OpenVPN. * **Secure** – Uses modern cryptographic primitives like Curve25519, ChaCha20, and Poly1305. * **Cross-Platform** – Works on Linux, Windows, macOS, Android, and iOS. * **Easy to Configure** – Simple configuration using public/private key pairs. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How WireGuard works (in simple steps):** * Each device (peer) generates a public/private key pair. * Devices exchange public keys and configure allowed IPs. * A secure tunnel is established using the exchanged keys. * Encrypted packets are sent directly between peers using UDP. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is WireGuard used?** * **Remote Access VPNs** for employees and developers. * **Site-to-Site VPNs** between branch offices or data centers. * **Cloud Networking** to securely connect cloud instances. * **IoT and Embedded Devices** due to its lightweight design. * **Mobile Devices** for secure and battery-efficient VPN connections. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI Layer does this protocol belong to?** WireGuard operates at the **Network Layer (Layer 3)** because: * It encapsulates IP packets (IPv4/IPv6) directly. * It handles routing and IP-level communication between peers. * It is protocol-agnostic and works below the transport layer. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`WireGuard Version&RFC Details ` * :ref:`WireGuard Basic Setup on Ubuntu using IPv4 ` * :ref:`WireGuard Basic Setup on Ubuntu using IPv6 ` * :ref:`WireGuard Protocol Packet Details ` * :ref:`WireGuard Usecases ` * :ref:`WireGuard Basic Features ` * :ref:`WireGuard Feature : Modern Cryptography ` * :ref:`WireGuard Feature : Simplicity ` * :ref:`WireGuard Feature : High Performance ` * :ref:`WireGuard Feature : Stateless Design ` * :ref:`WireGuard Feature : UDP-Based Transport ` * :ref:`WireGuard Feature : IP Layer Tunneling ` * :ref:`WireGuard Feature : Key-Based Authentication ` * :ref:`WireGuard Feature : Roaming Support ` * :ref:`WireGuard Feature : Cross-Platform Compatibility ` * :ref:`WireGuard Feature : Easy Configuration ` * :ref:`Reference links ` .. _WireGuard_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _WireGuard_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _WireGuard_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _WireGuard_step5: .. tab-set:: .. tab-item:: WireGuard Version&RFC Details .. csv-table:: :file: ./WireGuard/wireguard_version_rfc_details.csv :widths: 10,10,10,30 :header-rows: 1 .. _WireGuard_step20: .. tab-set:: .. tab-item:: WireGuard Basic Setup on Ubuntu using IPv4 **Setup** .. _WireGuard_step21: .. tab-set:: .. tab-item:: WireGuard Basic Setup on Ubuntu using IPv6 **Setup** .. _WireGuard_step6: .. tab-set:: .. tab-item:: WireGuard Protocol Packet Details **Handshake Initiation** .. csv-table:: :file: ./WireGuard/wireguard_packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **Handshake Response** .. csv-table:: :file: ./WireGuard/wireguard_packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 **Cookie Reply** .. csv-table:: :file: ./WireGuard/wireguard_packetdetails3.csv :widths: 10,20,30,10 :header-rows: 1 **Transport Data Packet** .. csv-table:: :file: ./WireGuard/wireguard_packetdetails4.csv :widths: 10,20,30,10 :header-rows: 1 .. _WireGuard_step7: .. tab-set:: .. tab-item:: WireGuard Usecases .. csv-table:: :file: ./WireGuard/wireguard_use_cases.csv :widths: 10,20,30 :header-rows: 1 .. _WireGuard_step8: .. tab-set:: .. tab-item:: WireGuard Basic Features .. csv-table:: :file: ./WireGuard/wireguard_basic_features.csv :widths: 10,10,30 :header-rows: 1 .. _WireGuard_step9: .. tab-set:: .. tab-item:: WireGuard Feature : Modern Cryptography **Modern Cryptography - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature1_modern_cryptography_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step10: .. tab-set:: .. tab-item:: WireGuard Feature : Simplicity **Simplicity - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature2_simplicity_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step11: .. tab-set:: .. tab-item:: WireGuard Feature : High Performance **High Performance - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature3_high_performance_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step12: .. tab-set:: .. tab-item:: WireGuard Feature : Stateless Design **Stateless Design - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature4_stateless_design_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step13: .. tab-set:: .. tab-item:: WireGuard Feature : UDP-Based Transport **UDP-Based Transport - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature5_udp_based_transport_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step14: .. tab-set:: .. tab-item:: WireGuard Feature : IP Layer Tunneling **IP Layer Tunneling - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature6_ip_layer_tunneling_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step15: .. tab-set:: .. tab-item:: WireGuard Feature : Key-Based Authentication **Key-Based Authentication - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature7_key_based_authentication_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step16: .. tab-set:: .. tab-item:: WireGuard Feature : Roaming Support **Roaming Support - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature8_roaming_support_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step17: .. tab-set:: .. tab-item:: WireGuard Feature : Cross-Platform Compatibility **Cross-Platform Compatibility - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature9_cross_platform_compatibility_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step18: .. tab-set:: .. tab-item:: WireGuard Feature : Easy Configuration **Easy Configuration - Testcases** .. csv-table:: :file: ./WireGuard/wireguard_feature10_easy_configuration_testcases.csv :widths: 10,10,30,20 :header-rows: 1 .. _WireGuard_step19: .. tab-set:: .. tab-item:: Reference links * Reference links