WireGuard
What is WireGuard?
WireGuard is a modern, lightweight, and high-performance VPN protocol designed to create secure point-to-point connections. It uses state-of-the-art cryptography and is known for its simplicity, speed, and ease of deployment.
Why is WireGuard important?
Fast and Efficient – Minimal codebase and optimized performance make it faster than traditional VPNs like IPsec or OpenVPN.
Secure – Uses modern cryptographic primitives like Curve25519, ChaCha20, and Poly1305.
Cross-Platform – Works on Linux, Windows, macOS, Android, and iOS.
Easy to Configure – Simple configuration using public/private key pairs.
How WireGuard works (in simple steps):
Each device (peer) generates a public/private key pair.
Devices exchange public keys and configure allowed IPs.
A secure tunnel is established using the exchanged keys.
Encrypted packets are sent directly between peers using UDP.
Where is WireGuard used?
Remote Access VPNs for employees and developers.
Site-to-Site VPNs between branch offices or data centers.
Cloud Networking to securely connect cloud instances.
IoT and Embedded Devices due to its lightweight design.
Mobile Devices for secure and battery-efficient VPN connections.
Which OSI Layer does this protocol belong to?
WireGuard operates at the Network Layer (Layer 3) because: * It encapsulates IP packets (IPv4/IPv6) directly. * It handles routing and IP-level communication between peers. * It is protocol-agnostic and works below the transport layer.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
WireGuard Version |
RFC |
Year |
Core Idea / Contribution |
|---|---|---|---|
WireGuard Protocol |
|||
RFC 9381 |
2023 |
Official specification of the WireGuard protocol as a VPN tunneling protocol using modern cryptography. |
|
Cryptographic Framework |
|||
N/A |
2018+ |
Based on the Noise Protocol Framework, which defines secure key exchange and encryption. |
|
UDP Transport |
|||
N/A |
WireGuard operates over UDP (default port 51820), not defined in a separate RFC. |
||
Linux Kernel Support |
|||
N/A (mainline) |
2020 |
Integrated into the Linux kernel (v5.6+), improving performance and native support. |
|
Cross-Platform Support |
|||
N/A |
Ongoing |
Implementations available for Windows, macOS, Android, iOS, and BSD systems |
Setup
Setup
Handshake Initiation
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
Handshake Initiation |
Sent by the client to initiate a secure session with the server. |
~148 bytes |
Message Type |
Identifies this as a handshake initiation message. |
1 |
|
Sender Index |
Random identifier for the initiating peer. |
4 |
|
Ephemeral Public Key |
Used for key exchange (Curve25519). |
32 |
|
Encrypted Static Public Key |
Clients static public key encrypted with servers public key. |
48 |
|
Encrypted Timestamp |
Prevents replay attacks. |
12 |
|
MACs |
Message authentication codes for validation. |
32 + 16 |
Handshake Response
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
Handshake Response |
Sent by the server in response to the initiation message |
~92 bytes |
Message Type |
Identifies this as a handshake response message |
1 |
|
Sender Index |
Random identifier for the responding peer |
4 |
|
Receiver Index |
Matches the clients sender index |
4 |
|
Ephemeral Public Key |
Servers ephemeral key for key exchange |
32 |
|
Encrypted Empty |
Used to finalize key confirmation |
16 |
|
MAC |
Message authentication code |
16 |
Cookie Reply
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
3 |
Cookie Reply |
Sent when a peer is under DoS attack to validate the sender |
~64 bytes |
Message Type |
Identifies this as a cookie reply message |
1 |
|
Receiver Index |
Matches the sender index of the peer |
4 |
|
Nonce |
Random value used in encryption |
24 |
|
Encrypted Cookie |
Encrypted token to validate sender |
32 |
Transport Data Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
4 |
Transport Data Packet |
Carries encrypted IP packets between peers after handshake |
Variable |
Message Type |
Identifies this as a transport data message |
1 |
|
Receiver Index |
Identifies the receiving peer |
4 |
|
Counter |
Prevents replay attacks |
8 |
|
Encrypted Payload |
Encrypted IP packet (IPv4/IPv6) |
Variable |
S.no |
Use Case |
Description |
|---|---|---|
1 |
Secure Remote Access |
Enables employees or users to securely connect to internal networks from remote locations. |
2 |
Site-to-Site VPN |
Connects multiple office or data center networks securely over the internet. |
3 |
Cloud Networking |
Establishes secure tunnels between cloud instances or between on-prem and cloud environments. |
4 |
Mobile VPN |
Provides fast, battery-efficient VPN connections for mobile devices (Android, iOS). |
5 |
IoT and Embedded Devices |
Ideal for lightweight, secure communication between IoT devices due to its minimal codebase. |
6 |
Developer Environments |
Used by developers to securely access test environments, CI/CD pipelines, or internal APIs. |
7 |
Privacy Protection |
Encrypts internet traffic to protect user privacy on public or untrusted networks. |
8 |
Mesh Networking |
Supports peer-to-peer encrypted communication in decentralized or mesh network setups. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Modern Cryptography |
Uses state-of-the-art cryptographic primitives like Curve25519,ChaCha20, Poly1305, BLAKE2s. |
2 |
Simplicity |
Minimal codebase (~4,000 lines), making it easier to audit and maintain. |
3 |
High Performance |
Designed for speed and low latency, outperforming traditional VPN protocols like IPsec and OpenVPN. |
4 |
Stateless Design |
No connection tracking; each packet is independent, improving security and scalability. |
5 |
UDP-Based Transport |
Operates over UDP, reducing overhead and improving NAT traversal. |
6 |
IP Layer Tunneling |
Encapsulates IP packets (IPv4/IPv6), functioning at OSI Layer 3. |
7 |
Key-Based Authentication |
Uses public/private key pairs for peer authentication instead of usernames/passwords. |
8 |
Roaming Support |
Seamlessly handles IP address changes without dropping the connection. |
9 |
Cross-Platform Compatibility |
Available on Linux, Windows, macOS, Android, iOS, and embedded systems. |
10 |
Easy Configuration |
Simple configuration using a single file per peer with clear syntax. |
Modern Cryptography - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Interface Initialization |
Start WireGuard interface |
Interface is up and running |
2 |
Key Generation |
Generate private/public key pair |
Keys are generated successfully |
3 |
Config File Validation |
Load valid config file |
No errors, config accepted |
4 |
Invalid Config File |
Load malformed config |
Error or rejection |
5 |
Peer Addition |
Add a peer to config |
Peer added successfully |
6 |
Handshake Initiation |
Initiate handshake with peer |
Handshake completes |
7 |
Handshake Failure |
Use wrong public key |
Handshake fails |
8 |
Data Transmission |
Send encrypted data |
Data received and decrypted |
9 |
Replay Attack Test |
Replay old packet |
Packet dropped |
10 |
Packet Tampering |
Modify encrypted packet |
Packet rejected |
11 |
MTU Size Test |
Send large packets |
Packets fragmented or dropped |
12 |
Interface Down |
Bring interface down |
Traffic stops |
13 |
Interface Up |
Bring interface up |
Traffic resumes |
14 |
Persistent Keepalive |
Enable keepalive |
Periodic packets sent |
15 |
No Keepalive |
Disable keepalive |
No periodic packets |
16 |
IP Address Assignment |
Assign IP to interface |
IP assigned successfully |
17 |
Route Injection |
Add route via WireGuard |
Route added |
18 |
Route Removal |
Remove route |
Route removed |
19 |
DNS Resolution |
Use DNS over VPN |
DNS queries resolved |
20 |
DNS Leak Test |
Check for DNS leaks |
No leaks detected |
21 |
IPv6 Support |
Use IPv6 addresses |
IPv6 traffic routed |
22 |
IPv4 Support |
Use IPv4 addresses |
IPv4 traffic routed |
23 |
Multiple Peers |
Add multiple peers |
All peers reachable |
24 |
Peer Removal |
Remove a peer |
Peer removed |
25 |
Interface Restart |
Restart WireGuard |
Interface reconnects |
26 |
Port Change |
Change listening port |
New port active |
27 |
Firewall Compatibility |
Use with firewall rules |
Traffic allowed/blocked as expected |
28 |
NAT Traversal |
Connect behind NAT |
Connection succeeds |
29 |
Roaming Support |
Change client IP |
Connection persists |
30 |
Endpoint Update |
Peer updates endpoint |
New endpoint accepted |
31 |
AllowedIPs Filtering |
Restrict IPs per peer |
Only allowed IPs routed |
32 |
Invalid AllowedIPs |
Use invalid IP range |
Config error |
33 |
Pre-shared Key |
Add PSK to peer config |
Extra encryption layer added |
34 |
No Pre-shared Key |
Remove PSK |
Connection still works |
35 |
Interface Statistics |
Check tx/rx stats |
Stats increment with traffic |
36 |
Log Monitoring |
Monitor logs |
Handshake and traffic logs visible |
37 |
Interface Persistence |
Reboot system |
Interface auto-starts |
38 |
Config Reload |
Reload config without restart |
Changes applied |
39 |
Performance Benchmark |
Measure throughput |
Meets expected bandwidth |
40 |
Latency Test |
Measure ping over VPN |
Acceptable latency |
41 |
Packet Loss Simulation |
Drop packets |
Connection handles loss |
42 |
Encryption Validation |
Inspect encryption method |
Uses ChaCha20-Poly1305 |
43 |
Key Rotation |
Rotate keys manually |
New keys accepted |
44 |
Key Expiry Handling |
Use expired keys |
Connection fails |
45 |
Time Sync Dependency |
Desync system clock |
Handshake fails |
46 |
Mobile Device Support |
Use on Android/iOS |
VPN connects |
47 |
OS Compatibility |
Test on Linux/Windows/macOS |
VPN works on all |
48 |
Config Import/Export |
Import/export config files |
Files parsed correctly |
49 |
Interface Isolation |
Block non-VPN traffic |
Only VPN traffic allowed |
50 |
Kill Switch |
Enable kill switch |
Traffic blocked if VPN drops |
Simplicity - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Minimal Config File |
Use only required fields in config |
VPN connects successfully |
2 |
Quick Setup |
Complete setup in under 5 minutes |
VPN operational within time |
3 |
One-Line Key Generation |
Generate keys with a single command |
Keys generated instantly |
4 |
Simple Peer Addition |
Add peer with minimal fields |
Peer connects successfully |
5 |
No GUI Required |
Configure via CLI only |
Fully functional VPN |
6 |
Easy Interface Start |
Use wg-quick up |
Interface starts without error |
7 |
Easy Interface Stop |
Use wg-quick down |
Interface stops cleanly |
8 |
Simple Status Check |
Use wg to check status |
Clear and concise output |
9 |
Minimal Dependencies |
Install without extra packages |
Installation succeeds |
10 |
Lightweight Binary |
Check binary size |
Small footprint (<1MB) |
11 |
Simple Routing Setup |
Add route via config |
Route works as expected |
12 |
No Daemon Needed |
Run without background service |
VPN functions normally |
13 |
Easy Config Reload |
Reload config without restart |
Changes applied instantly |
14 |
Simple Log Output |
View logs for interface |
Logs are readable and minimal |
15 |
Clear Error Messages |
Trigger config error |
Error message is understandable |
16 |
Simple IP Assignment |
Assign IP in config |
IP assigned correctly |
17 |
Easy Port Change |
Change listening port |
New port active |
18 |
Simple NAT Traversal |
Connect behind NAT |
Connection succeeds |
19 |
Minimal Peer Config |
Use only public key and endpoint |
Peer connects |
20 |
Easy Key Rotation |
Replace keys manually |
New keys accepted |
21 |
Simple DNS Setup |
Add DNS in config |
DNS queries routed through VPN |
22 |
No Extra Encryption Setup |
Use built-in ChaCha20 |
Encryption works out of the box |
23 |
Simple IPv6 Support |
Add IPv6 address in config |
IPv6 traffic routed |
24 |
Easy IPv4 Support |
Add IPv4 address in config |
IPv4 traffic routed |
25 |
Simple Peer Removal |
Remove peer from config |
Peer disconnected |
26 |
Easy Interface Restart |
Restart interface with one command |
Interface reconnects |
27 |
Simple Config Sharing |
Share config via text file |
Peer connects using shared config |
28 |
No GUI Debugging |
Troubleshoot using CLI only |
Issues resolved |
29 |
Simple Firewall Rules |
Add basic rules for port |
Traffic allowed |
30 |
Easy Mobile Setup |
Use QR code for mobile config |
Mobile connects easily |
31 |
Simple QR Code Generation |
Generate QR from config |
QR scanned successfully |
32 |
Easy Config Backup |
Copy config file |
Backup works |
33 |
Simple Interface Monitoring |
Use wg show |
Real-time stats visible |
34 |
Minimal Log Requirements |
No verbose logging needed |
Logs remain clean |
35 |
Simple Kill Switch Setup |
Add kill switch rule |
Traffic blocked if VPN drops |
36 |
Easy Config Import |
Import config on new device |
VPN connects |
37 |
Simple OS Compatibility |
Use same config on Linux/macOS/Windows |
Works across OS |
38 |
Easy Peer Discovery |
Use static IP or DNS |
Peer reachable |
39 |
Simple Interface Naming |
Use wg0, wg1, etc. |
Interface recognized |
40 |
Easy MTU Configuration |
Set MTU in config |
MTU applied |
41 |
Simple Pre-shared Key Setup |
Add PSK in config |
Extra encryption enabled |
42 |
No Certificate Management |
No need for CA or certs |
VPN works without PKI |
43 |
Simple Config Validation |
Check config syntax |
Errors shown clearly |
44 |
Easy Integration with Systemd |
Use systemd service |
Interface auto-starts |
45 |
Simple Roaming Support |
Change IP without reconnecting |
Connection persists |
46 |
Easy Endpoint Update |
Peer updates endpoint |
New endpoint accepted |
47 |
Simple AllowedIPs Setup |
Add AllowedIPs in config |
Traffic routed correctly |
48 |
Minimal Resource Usage |
Monitor CPU/memory usage |
Low usage observed |
49 |
Simple Upgrade Process |
Upgrade WireGuard package |
No config changes needed |
50 |
Easy Documentation Access |
Use man wg or official docs |
Clear and concise guidance |
High Performance - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Throughput Benchmark |
Measure max data transfer rate |
High Mbps/Gbps throughput |
2 |
Latency Measurement |
Ping over VPN |
Low latency (near native) |
3 |
CPU Usage Test |
Monitor CPU during traffic |
Low CPU utilization |
4 |
Memory Usage Test |
Monitor RAM usage |
Minimal memory footprint |
5 |
Multi-Core Utilization |
Use multiple cores |
Efficient parallel processing |
6 |
Encryption Speed |
Measure ChaCha20 performance |
Fast encryption/decryption |
7 |
Handshake Speed |
Time to complete handshake |
Sub-second handshake |
8 |
Reconnection Time |
Time to reconnect after drop |
Reconnects quickly |
9 |
Packet Processing Rate |
Measure packets/sec |
High PPS rate |
10 |
Interface Load Test |
Simulate heavy traffic |
Stable performance |
11 |
Concurrent Connections |
Add multiple peers |
Handles all peers efficiently |
12 |
High Bandwidth Streaming |
Stream HD/4K video |
Smooth playback |
13 |
File Transfer Speed |
Transfer large files |
Fast transfer rate |
14 |
Gaming Performance |
Play online games |
Low ping, no lag |
15 |
VoIP Quality |
Make voice/video calls |
Clear audio/video |
16 |
Performance on Mobile |
Test on Android/iOS |
Efficient battery and bandwidth use |
17 |
Performance on Low-End Device |
Use on Raspberry Pi or similar |
Acceptable performance |
18 |
Performance on VM |
Run in virtual machine |
Comparable to host performance |
19 |
Performance on Container |
Run in Docker |
Efficient operation |
20 |
Performance on Cloud |
Deploy on cloud instance |
High throughput |
21 |
Performance with IPv6 |
Use IPv6 traffic |
No degradation |
22 |
Performance with IPv4 |
Use IPv4 traffic |
No degradation |
23 |
Performance with NAT |
Connect behind NAT |
Maintains speed |
24 |
Performance with Roaming |
Change IP during session |
No noticeable delay |
25 |
Performance with Firewall |
Use with strict firewall |
No performance drop |
26 |
Performance with VPN Cascade |
Chain with another VPN |
Acceptable performance |
27 |
Performance with Kill Switch |
Enable kill switch |
No performance impact |
28 |
Performance with DNS |
Use DNS over VPN |
Fast resolution |
29 |
Performance with Compression |
Use compressed traffic |
Improved throughput |
30 |
Performance with UDP Flood |
Simulate UDP flood |
Handles gracefully |
31 |
Performance with Packet Loss |
Introduce packet loss |
Maintains connection |
32 |
Performance with Jitter |
Introduce jitter |
Stable connection |
33 |
Performance with MTU Tuning |
Adjust MTU size |
Optimized throughput |
34 |
Performance with Large MTU |
Use jumbo frames |
Improved efficiency |
35 |
Performance with Small MTU |
Use small MTU |
No fragmentation issues |
36 |
Performance with Pre-shared Key |
Add PSK |
No performance drop |
37 |
Performance with Logging |
Enable verbose logging |
Minimal impact |
38 |
Performance with Monitoring |
Use monitoring tools |
No slowdown |
39 |
Performance with System Load |
Run under CPU stress |
Maintains VPN speed |
40 |
Performance with Background Apps |
Run other apps |
No interference |
41 |
Performance with File Sync |
Use Dropbox/OneDrive |
Fast sync |
42 |
Performance with CDN Access |
Access CDN content |
Low latency |
43 |
Performance with Cloud Storage |
Use Google Drive/S3 |
Fast uploads/downloads |
44 |
Performance with Remote Desktop |
Use RDP/VNC |
Smooth experience |
45 |
Performance with SSH |
Use SSH over VPN |
No lag or delay |
46 |
Performance with Git |
Clone/push large repos |
Fast operations |
47 |
Performance with Web Browsing |
Browse websites |
Pages load quickly |
48 |
Performance with Video Calls |
Use Zoom/Teams/Meet |
No buffering |
49 |
Performance with Speed Test |
Run speedtest.net |
High download/upload speeds |
50 |
Performance with Multiple Routes |
Use multiple AllowedIPs |
Efficient routing |
Stateless Design - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Stateless Handshake |
Initiate handshake without prior state |
Handshake succeeds |
2 |
Stateless Peer Reconnect |
Reconnect peer after IP change |
Peer reconnects without session tracking |
3 |
Stateless Packet Handling |
Send packet without session context |
Packet processed correctly |
4 |
No Session Table |
Inspect for session tracking |
No session table maintained |
5 |
Stateless Key Exchange |
Exchange keys without stateful negotiation |
Keys exchanged successfully |
6 |
Stateless NAT Traversal |
Traverse NAT without connection state |
Connection established |
7 |
Stateless Roaming |
Change client IP mid-session |
Connection persists |
8 |
Stateless Peer Timeout |
Wait for peer inactivity |
No session timeout mechanism |
9 |
Stateless Packet Replay |
Replay old packet |
Packet dropped |
10 |
Stateless Packet Loss |
Drop packets mid-stream |
No session disruption |
11 |
Stateless Peer Restart |
Restart peer device |
Peer reconnects without issue |
12 |
Stateless Server Restart |
Restart server |
Clients reconnect automatically |
13 |
Stateless Interface Restart |
Restart WireGuard interface |
No session recovery needed |
14 |
Stateless Connection Logging |
Check logs for session tracking |
Only handshake and packet logs |
15 |
Stateless Peer Discovery |
No active peer discovery |
Peers connect only when sending data |
16 |
Stateless Firewall Traversal |
Traverse firewall without session pinning |
Connection succeeds |
17 |
Stateless Load Balancing |
Switch between servers |
No session migration needed |
18 |
Stateless Failover |
Failover to backup server |
Seamless transition |
19 |
Stateless Packet Inspection |
Inspect packet headers |
Minimal metadata, no session ID |
20 |
Stateless Protocol Overhead |
Measure protocol overhead |
Very low overhead |
21 |
Stateless UDP Transport |
Use UDP for transport |
Stateless by design |
22 |
Stateless Peer Removal |
Remove peer from config |
No lingering session |
23 |
Stateless Peer Addition |
Add peer dynamically |
Peer connects immediately |
24 |
Stateless Key Rotation |
Rotate keys |
No session reset required |
25 |
Stateless Packet Encryption |
Encrypt packet without session context |
Packet encrypted correctly |
26 |
Stateless Packet Decryption |
Decrypt packet without session context |
Packet decrypted correctly |
27 |
Stateless Interface Monitoring |
Monitor interface for state |
No session state observed |
28 |
Stateless Peer Monitoring |
Monitor peer activity |
Only last handshake timestamp |
29 |
Stateless Connection Recovery |
Recover from network drop |
Connection resumes without session sync |
30 |
Stateless VPN Kill Switch |
Enable kill switch |
No session state needed |
31 |
Stateless DNS Resolution |
Use DNS over VPN |
DNS queries routed statelessly |
32 |
Stateless Peer IP Change |
Change peer IP |
Connection persists |
33 |
Stateless Peer Endpoint Update |
Update endpoint in config |
New endpoint used immediately |
34 |
Stateless Interface Shutdown |
Shut down interface |
No session cleanup required |
35 |
Stateless Interface Boot |
Boot interface |
Peers connect as needed |
36 |
Stateless Peer Sync |
Sync peer config across devices |
No session sync needed |
37 |
Stateless Config Reload |
Reload config |
No session disruption |
38 |
Stateless Peer Rotation |
Rotate between multiple peers |
No session state retained |
39 |
Stateless Packet Timing |
Send packets at irregular intervals |
All packets processed |
40 |
Stateless Packet Duplication |
Send duplicate packets |
Duplicates ignored |
41 |
Stateless Peer Logging |
Log peer activity |
Only handshake and traffic logs |
42 |
Stateless Interface Logging |
Log interface activity |
No session logs |
43 |
Stateless Peer Expiry |
Remove inactive peer |
No session timeout needed |
44 |
Stateless Peer Sync After Reboot |
Reboot client |
Peer reconnects without session |
45 |
Stateless Server Sync After Reboot |
Reboot server |
Clients reconnect automatically |
46 |
Stateless Peer Migration |
Move peer to new network |
Connection persists |
47 |
Stateless Packet Fragmentation |
Send fragmented packets |
Reassembled without session |
48 |
Stateless Packet Reordering |
Send out-of-order packets |
Packets processed correctly |
49 |
Stateless Peer Scaling |
Add many peers |
No session tracking overhead |
50 |
Stateless Protocol Inspection |
Analyze protocol behavior |
Stateless by design |
UDP-Based Transport - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
UDP Port Binding |
Bind to default UDP port (51820) |
Port bound successfully |
2 |
Custom UDP Port |
Use a non-default UDP port |
VPN functions normally |
3 |
UDP Packet Transmission |
Send encrypted packets over UDP |
Packets transmitted successfully |
4 |
UDP Packet Reception |
Receive packets on WireGuard interface |
Packets received and decrypted |
5 |
UDP NAT Traversal |
Connect through NAT |
Connection established |
6 |
UDP Hole Punching |
Establish peer-to-peer connection behind NAT |
Peers connect directly |
7 |
UDP Packet Loss Handling |
Drop random packets |
Connection remains stable |
8 |
UDP Packet Reordering |
Send packets out of order |
Packets processed correctly |
9 |
UDP Packet Duplication |
Duplicate packets |
Duplicates ignored |
10 |
UDP Fragmentation |
Send large packets |
Packets fragmented and reassembled |
11 |
UDP MTU Tuning |
Adjust MTU size |
Optimized performance |
12 |
UDP Port Scan Detection |
Scan WireGuard port |
Port appears closed unless handshake initiated |
13 |
UDP Firewall Traversal |
Allow UDP port through firewall |
VPN traffic allowed |
14 |
UDP Port Blocking |
Block UDP port |
VPN fails to connect |
15 |
UDP Port Forwarding |
Forward port on router |
VPN connects through forwarded port |
16 |
UDP Performance Benchmark |
Measure throughput over UDP |
High performance observed |
17 |
UDP Latency Test |
Measure latency over UDP |
Low latency |
18 |
UDP with IPv4 |
Use IPv4 addresses |
Traffic routed correctly |
19 |
UDP with IPv6 |
Use IPv6 addresses |
Traffic routed correctly |
20 |
UDP with Dual Stack |
Use both IPv4 and IPv6 |
Dual stack supported |
21 |
UDP with Mobile Network |
Connect over 4G/5G |
VPN connects reliably |
22 |
UDP with Wi-Fi |
Connect over Wi-Fi |
VPN connects reliably |
23 |
UDP with Ethernet |
Connect over wired LAN |
VPN connects reliably |
24 |
UDP with Satellite |
Connect over satellite link |
VPN connects with higher latency |
25 |
UDP with VPN-over-VPN |
Tunnel WireGuard over another VPN |
UDP packets encapsulated |
26 |
UDP with Proxy |
Attempt to use HTTP/SOCKS proxy |
Fails (UDP not supported by proxy) |
27 |
UDP with IDS/IPS |
Monitor UDP traffic with IDS |
Encrypted traffic detected but not inspected |
28 |
UDP with QoS |
Apply QoS rules to UDP port |
Traffic prioritized |
29 |
UDP with Load Balancer |
Use UDP-aware load balancer |
Traffic distributed correctly |
30 |
UDP with Failover |
Switch to backup server on failure |
Seamless transition |
31 |
UDP with VPN Gateway |
Route traffic through WireGuard gateway |
All traffic tunneled |
32 |
UDP with Docker |
Run WireGuard in container |
UDP traffic flows correctly |
33 |
UDP with VM |
Run WireGuard in virtual machine |
UDP traffic flows correctly |
34 |
UDP with Cloud Provider |
Deploy on AWS/GCP/Azure |
UDP traffic allowed with proper rules |
35 |
UDP with Port Knocking |
Use port knocking before enabling UDP port |
VPN connects after knock |
36 |
UDP with Dynamic IP |
Change public IP |
VPN reconnects automatically |
37 |
UDP with Static IP |
Use static IP |
VPN connects reliably |
38 |
UDP with DNS Endpoint |
Use domain name instead of IP |
DNS resolves and connects |
39 |
UDP with Dynamic DNS |
Use DDNS for endpoint |
VPN reconnects after IP change |
40 |
UDP with Pre-shared Key |
Add PSK to UDP connection |
Extra encryption layer added |
41 |
UDP with Packet Inspection |
Inspect UDP packets |
Encrypted and unreadable |
42 |
UDP with Port Randomization |
Use random source port |
VPN still connects |
43 |
UDP with Port Restriction |
Use restricted port range |
VPN adapts and connects |
44 |
UDP with IPv6 NAT |
Use NAT66 |
VPN connects if supported |
45 |
UDP with IPv4 NAT |
Use NAT44 |
VPN connects reliably |
46 |
UDP with Firewall Logging |
Log UDP traffic |
Logs show encrypted packets |
47 |
UDP with Packet Delay |
Introduce artificial delay |
VPN remains stable |
48 |
UDP with Packet Jitter |
Introduce jitter |
VPN remains stable |
49 |
UDP with Packet Corruption |
Corrupt UDP packets |
Corrupted packets dropped |
50 |
UDP with UDP Flood Attack |
Simulate UDP flood |
VPN remains stable or throttles |
IP Layer Tunneling - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
IP Packet Encapsulation |
Send IP packet through tunnel |
Packet encapsulated in UDP |
2 |
IPv4 Tunneling |
Tunnel IPv4 traffic |
IPv4 packets routed securely |
3 |
IPv6 Tunneling |
Tunnel IPv6 traffic |
IPv6 packets routed securely |
4 |
Dual Stack Tunneling |
Use both IPv4 and IPv6 |
Both types tunneled correctly |
5 |
ICMP Tunneling |
Send ping through tunnel |
ICMP packets encapsulated |
6 |
TCP Tunneling |
Send TCP traffic |
TCP packets tunneled securely |
7 |
UDP Tunneling |
Send UDP traffic |
UDP packets tunneled securely |
8 |
DNS Tunneling |
Resolve DNS over tunnel |
DNS queries routed securely |
9 |
HTTP Tunneling |
Access web pages |
HTTP packets tunneled |
10 |
HTTPS Tunneling |
Access secure websites |
HTTPS packets tunneled |
11 |
IP Fragmentation |
Send fragmented IP packets |
Fragments reassembled correctly |
12 |
IP Reassembly |
Receive fragmented packets |
Reassembled successfully |
13 |
IP Header Inspection |
Inspect tunneled packet headers |
IP headers visible inside UDP payload |
14 |
IP Routing |
Route IP packets via WireGuard |
Routing works as configured |
15 |
IP Forwarding |
Enable IP forwarding |
Packets forwarded through tunnel |
16 |
IPsec Comparison |
Compare with IPsec |
WireGuard uses simpler IP tunneling |
17 |
GRE Comparison |
Compare with GRE tunneling |
WireGuard uses encrypted UDP instead |
18 |
MPLS Compatibility |
Test with MPLS network |
IP packets tunneled correctly |
19 |
VLAN Compatibility |
Tunnel traffic from VLAN |
VLAN traffic encapsulated |
20 |
QoS Tagging |
Preserve QoS tags in IP header |
Tags retained |
21 |
TTL Preservation |
Check TTL value after tunneling |
TTL decremented correctly |
22 |
DSCP Preservation |
Check DSCP field |
DSCP retained |
23 |
IPsec Bypass |
Use WireGuard instead of IPsec |
Traffic routed via WireGuard |
24 |
Tunnel MTU Test |
Test MTU size for IP packets |
MTU respected |
25 |
Tunnel Performance |
Measure throughput of tunneled IP traffic |
High performance observed |
26 |
Tunnel Latency |
Measure latency of tunneled IP traffic |
Low latency |
27 |
Tunnel Stability |
Maintain tunnel during network changes |
Tunnel remains stable |
28 |
Tunnel Recovery |
Recover tunnel after drop |
Tunnel reestablished |
29 |
Tunnel with NAT |
Tunnel IP traffic behind NAT |
NAT traversal successful |
30 |
Tunnel with Firewall |
Tunnel through firewall |
Traffic allowed if port open |
31 |
Tunnel with Mobile Network |
Tunnel IP traffic over 4G/5G |
Tunnel stable |
32 |
Tunnel with Wi-Fi |
Tunnel IP traffic over Wi-Fi |
Tunnel stable |
33 |
Tunnel with Ethernet |
Tunnel IP traffic over LAN |
Tunnel stable |
34 |
Tunnel with Satellite |
Tunnel IP traffic over satellite |
Tunnel works with higher latency |
35 |
Tunnel with VPN Cascade |
Tunnel IP traffic through multiple VPNs |
Traffic encapsulated multiple times |
36 |
Tunnel with Docker |
Tunnel traffic from container |
Container traffic routed |
37 |
Tunnel with VM |
Tunnel traffic from virtual machine |
VM traffic routed |
38 |
Tunnel with Cloud Instance |
Tunnel traffic from cloud server |
Cloud traffic routed securely |
39 |
Tunnel with IPv6 NAT |
Tunnel through NAT66 |
Tunnel works if supported |
40 |
Tunnel with IPv4 NAT |
Tunnel through NAT44 |
Tunnel works reliably |
41 |
Tunnel with Dynamic IP |
Change public IP |
Tunnel reconnects automatically |
42 |
Tunnel with Static IP |
Use static IP |
Tunnel remains stable |
43 |
Tunnel with DNS Endpoint |
Use domain name for endpoint |
DNS resolves and tunnel connects |
44 |
Tunnel with Dynamic DNS |
Use DDNS for endpoint |
Tunnel reconnects after IP change |
45 |
Tunnel with Pre-shared Key |
Add PSK to tunnel |
Extra encryption layer added |
46 |
Tunnel with Packet Delay |
Introduce delay |
Tunnel remains stable |
47 |
Tunnel with Packet Jitter |
Introduce jitter |
Tunnel remains stable |
48 |
Tunnel with Packet Corruption |
Corrupt IP packets |
Corrupted packets dropped |
49 |
Tunnel with Packet Replay |
Replay IP packets |
Replay protection active |
50 |
Tunnel with IPsec Gateway |
Route traffic through IPsec gateway |
WireGuard tunnel bypasses IPsec |
Key-Based Authentication - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Key Pair Generation |
Generate private and public key |
Keys generated successfully |
2 |
Key Format Validation |
Check key format (Base64, 32 bytes) |
Valid format confirmed |
3 |
Key Length Check |
Verify key length |
256-bit keys |
4 |
Private Key Protection |
Ensure private key is not exposed |
Key remains secure |
5 |
Public Key Sharing |
Share public key with peer |
Peer accepts key |
6 |
Key Pair Matching |
Match public key to private key |
Keys match |
7 |
Invalid Key Pair |
Use mismatched keys |
Handshake fails |
8 |
Missing Public Key |
Omit public key in config |
Peer not authenticated |
9 |
Missing Private Key |
Omit private key in config |
Interface fails to start |
10 |
Duplicate Public Key |
Use same public key for multiple peers |
Conflict or overwrite |
11 |
Key Rotation |
Replace keys manually |
New keys accepted |
12 |
Key Rotation Detection |
Detect key change on peer |
Handshake re-initiated |
13 |
Key Expiry Simulation |
Simulate expired key |
Connection fails |
14 |
Key Revocation |
Remove peer’s public key |
Peer no longer connects |
15 |
Key Reuse Prevention |
Use same key across multiple devices |
Security warning or conflict |
16 |
Key Logging Protection |
Ensure keys are not logged |
Logs do not contain keys |
17 |
Key Storage Security |
Store keys securely on disk |
Keys not world-readable |
18 |
Key in Environment Variable |
Load key from environment variable |
Interface starts successfully |
19 |
Key in Config File |
Load key from config file |
Interface starts successfully |
20 |
Key in External File |
Reference key from external file |
Key loaded correctly |
21 |
Key with Pre-shared Key |
Combine public key with PSK |
Extra encryption layer added |
22 |
Key with AllowedIPs Restriction |
Use key with IP filtering |
Only allowed IPs routed |
23 |
Key with Endpoint Change |
Change endpoint, keep key |
Peer reconnects |
24 |
Key with Roaming |
Change IP, keep key |
Peer reconnects |
25 |
Key with NAT Traversal |
Use key behind NAT |
Peer connects successfully |
26 |
Key with Firewall |
Use key with UDP port open |
Peer connects successfully |
27 |
Key with IPv6 |
Use key with IPv6 address |
Peer connects successfully |
28 |
Key with IPv4 |
Use key with IPv4 address |
Peer connects successfully |
29 |
Key with DNS Endpoint |
Use key with domain name endpoint |
DNS resolves and connects |
30 |
Key with Dynamic DNS |
Use DDNS with key |
Peer reconnects after IP change |
31 |
Key with QR Code |
Generate QR from config with key |
Mobile peer connects |
32 |
Key with Mobile Device |
Use key on Android/iOS |
Peer connects successfully |
33 |
Key with Cloud Instance |
Use key on cloud server |
Peer connects successfully |
34 |
Key with Docker Container |
Use key in container |
Peer connects successfully |
35 |
Key with Virtual Machine |
Use key in VM |
Peer connects successfully |
36 |
Key with Config Reload |
Reload config with new key |
New key accepted |
37 |
Key with Interface Restart |
Restart interface with same key |
Peer reconnects |
38 |
Key with Peer Removal |
Remove peer’s key |
Peer disconnected |
39 |
Key with Peer Addition |
Add new peer with key |
Peer connects |
40 |
Key with Logging Enabled |
Enable logs |
Keys not exposed |
41 |
Key with Monitoring Tools |
Use wg show |
Keys partially masked |
42 |
Key with Systemd Integration |
Load key via systemd unit |
Interface starts successfully |
43 |
Key with Config Import |
Import config with key |
Peer connects |
44 |
Key with Config Export |
Export config with key |
Peer connects |
45 |
Key with Backup/Restore |
Backup and restore config with key |
Peer reconnects |
46 |
Key with Multiple Interfaces |
Use same key on multiple interfaces |
Interfaces operate independently |
47 |
Key with Multiple Peers |
Use different keys for each peer |
All peers connect |
48 |
Key with Performance Benchmark |
Test speed with key-based auth |
High performance maintained |
49 |
Key with Stateless Design |
Authenticate without session state |
Peer connects on demand |
50 |
Key with UDP Transport |
Authenticate over UDP |
Handshake completes |
Roaming Support - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
IP Change During Session |
Change client IP mid-session |
VPN remains connected |
2 |
Wi-Fi to Mobile Switch |
Switch from Wi-Fi to mobile data |
VPN reconnects automatically |
3 |
Mobile to Wi-Fi Switch |
Switch from mobile data to Wi-Fi |
VPN reconnects automatically |
4 |
Roaming Across Networks |
Move between different networks |
VPN maintains connection |
5 |
Roaming with NAT |
Change NAT IP address |
VPN adapts and reconnects |
6 |
Roaming with Dynamic IP |
Use ISP with dynamic IP |
VPN reconnects after IP change |
7 |
Roaming with Static IP |
Use static IP |
VPN remains stable |
8 |
Roaming with DNS Endpoint |
Use domain name for endpoint |
DNS resolves new IP |
9 |
Roaming with DDNS |
Use dynamic DNS for endpoint |
VPN reconnects after IP update |
10 |
Roaming with Mobile Hotspot |
Switch to mobile hotspot |
VPN reconnects |
11 |
Roaming with Public Wi-Fi |
Connect to public Wi-Fi |
VPN reconnects securely |
12 |
Roaming with Captive Portal |
Connect through captive portal |
VPN reconnects after login |
13 |
Roaming with VPN Gateway |
Use VPN gateway across networks |
Tunnel remains active |
14 |
Roaming with IPv6 |
Change IPv6 address |
VPN adapts |
15 |
Roaming with IPv4 |
Change IPv4 address |
VPN adapts |
16 |
Roaming with Dual Stack |
Switch between IPv4 and IPv6 |
VPN remains connected |
17 |
Roaming with DNS Cache |
Use cached DNS entries |
VPN reconnects using cached IP |
18 |
Roaming with DNS TTL |
Use short TTL for endpoint DNS |
DNS resolves new IP quickly |
19 |
Roaming with Firewall |
Change to network with strict firewall |
VPN reconnects if port allowed |
20 |
Roaming with Port Forwarding |
Use port forwarding on new network |
VPN reconnects |
21 |
Roaming with UDP Hole Punching |
Maintain connection through NAT |
VPN reconnects using hole punching |
22 |
Roaming with Pre-shared Key |
Use PSK with roaming |
VPN reconnects securely |
23 |
Roaming with Peer Update |
Peer updates endpoint IP |
Connection re-established |
24 |
Roaming with Endpoint Change |
Change endpoint manually |
VPN reconnects |
25 |
Roaming with Interface Restart |
Restart interface after IP change |
VPN reconnects |
26 |
Roaming with System Sleep |
Sleep and resume system |
VPN reconnects |
27 |
Roaming with Airplane Mode |
Enable and disable airplane mode |
VPN reconnects |
28 |
Roaming with Network Fluctuation |
Simulate unstable network |
VPN maintains or restores connection |
29 |
Roaming with VPN Cascade |
Use WireGuard over another VPN |
VPN reconnects through tunnel |
30 |
Roaming with Docker Container |
Roam with containerized client |
VPN reconnects |
31 |
Roaming with Virtual Machine |
Roam with VM client |
VPN reconnects |
32 |
Roaming with Cloud Instance |
Change IP of cloud instance |
VPN reconnects |
33 |
Roaming with Mobile App |
Use WireGuard mobile app |
VPN reconnects automatically |
34 |
Roaming with Desktop App |
Use WireGuard desktop app |
VPN reconnects automatically |
35 |
Roaming with Systemd Service |
Use systemd to manage interface |
VPN auto-restarts on IP change |
36 |
Roaming with Interface Monitoring |
Monitor interface for IP change |
VPN reconnects on change |
37 |
Roaming with Peer Monitoring |
Monitor peer endpoint change |
VPN adapts to new endpoint |
38 |
Roaming with DNS Failover |
Use multiple DNS records |
VPN reconnects using alternate IP |
39 |
Roaming with Multiple Peers |
Switch between peers |
VPN reconnects to available peer |
40 |
Roaming with Load Balancer |
Use DNS load balancing |
VPN reconnects to new IP |
41 |
Roaming with IPv6 NAT |
Roam through NAT66 |
VPN reconnects if supported |
42 |
Roaming with IPv4 NAT |
Roam through NAT44 |
VPN reconnects reliably |
43 |
Roaming with Packet Loss |
Drop packets during IP change |
VPN recovers |
44 |
Roaming with Packet Delay |
Delay packets during IP change |
VPN recovers |
45 |
Roaming with Packet Reordering |
Reorder packets during IP change |
VPN handles correctly |
46 |
Roaming with DNSSEC |
Use DNSSEC for endpoint resolution |
VPN reconnects securely |
47 |
Roaming with VPN Kill Switch |
Enable kill switch |
Traffic blocked until VPN reconnects |
48 |
Roaming with Logging Enabled |
Log roaming events |
Logs show IP change and reconnection |
49 |
Roaming with Monitoring Tools |
Use wg show to monitor |
Endpoint updates visible |
50 |
Roaming with Performance Test |
Measure reconnection time |
Reconnects within seconds |
Cross-Platform Compatibility - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Linux Compatibility |
Install and run on Ubuntu/Debian |
VPN connects successfully |
2 |
Windows Compatibility |
Install and run on Windows 10/11 |
VPN connects successfully |
3 |
macOS Compatibility |
Install and run on macOS |
VPN connects successfully |
4 |
Android Compatibility |
Use WireGuard app on Android |
VPN connects successfully |
5 |
iOS Compatibility |
Use WireGuard app on iOS |
VPN connects successfully |
6 |
FreeBSD Compatibility |
Install and run on FreeBSD |
VPN connects successfully |
7 |
OpenBSD Compatibility |
Install and run on OpenBSD |
VPN connects successfully |
8 |
Raspberry Pi Compatibility |
Run on Raspberry Pi OS |
VPN connects successfully |
9 |
Docker Container Support |
Run inside Docker container |
VPN connects successfully |
10 |
Virtual Machine Support |
Run inside VM (e.g., VirtualBox, VMware) |
VPN connects successfully |
11 |
Cloud VM Support |
Run on AWS/GCP/Azure instance |
VPN connects successfully |
12 |
Cross-Platform Key Sharing |
Use same key on different OS |
Keys accepted and VPN connects |
13 |
Config File Portability |
Use same config across OS |
Config works without modification |
14 |
CLI Support on Linux |
Use wg and wg-quick commands |
Commands execute correctly |
15 |
GUI Support on Windows |
Use WireGuard GUI |
Interface starts and connects |
16 |
GUI Support on macOS |
Use WireGuard GUI |
Interface starts and connects |
17 |
Mobile App UI Consistency |
Compare Android and iOS apps |
Similar UI and functionality |
18 |
Systemd Integration on Linux |
Use systemd to manage interface |
Interface auto-starts |
19 |
Launch Agent on macOS |
Use launchd for auto-start |
Interface auto-starts |
20 |
Windows Service Integration |
Use Windows service for auto-start |
Interface auto-starts |
21 |
IPv4 Support on All Platforms |
Route IPv4 traffic |
IPv4 works on all OS |
22 |
IPv6 Support on All Platforms |
Route IPv6 traffic |
IPv6 works on all OS |
23 |
DNS Resolution on All Platforms |
Use DNS over VPN |
DNS queries resolved securely |
24 |
MTU Configuration on All Platforms |
Set MTU in config |
MTU applied correctly |
25 |
Interface Naming Consistency |
Use wg0, wg1, etc. |
Interface recognized across OS |
26 |
Log File Access |
Access logs on each OS |
Logs available and readable |
27 |
Performance Benchmark on Linux |
Measure throughput |
High performance observed |
28 |
Performance Benchmark on Windows |
Measure throughput |
High performance observed |
29 |
Performance Benchmark on macOS |
Measure throughput |
High performance observed |
30 |
Performance Benchmark on Android |
Measure throughput |
Acceptable performance |
31 |
Performance Benchmark on iOS |
Measure throughput |
Acceptable performance |
32 |
Config Import on Mobile |
Import config via QR code |
VPN connects successfully |
33 |
Config Export from Desktop |
Export config to mobile |
Config works on mobile |
34 |
Roaming Support on Mobile |
Switch networks on mobile |
VPN reconnects automatically |
35 |
Roaming Support on Desktop |
Switch networks on laptop |
VPN reconnects automatically |
36 |
Firewall Compatibility on All OS |
Use with OS-specific firewall |
VPN traffic allowed |
37 |
NAT Traversal on All OS |
Connect behind NAT |
VPN connects successfully |
38 |
Kill Switch on Linux |
Block traffic if VPN drops |
Traffic blocked |
39 |
Kill Switch on Windows |
Block traffic if VPN drops |
Traffic blocked |
40 |
Kill Switch on macOS |
Block traffic if VPN drops |
Traffic blocked |
41 |
IPv6 Leak Protection |
Prevent IPv6 leaks |
No leaks detected |
42 |
DNS Leak Protection |
Prevent DNS leaks |
No leaks detected |
43 |
Update Compatibility |
Upgrade WireGuard version |
Configs remain compatible |
44 |
Multi-User Support on Windows |
Use with multiple user accounts |
VPN works per user |
45 |
Multi-User Support on Linux |
Use with multiple user accounts |
VPN works per user |
46 |
Multi-User Support on macOS |
Use with multiple user accounts |
VPN works per user |
47 |
Battery Usage on Mobile |
Monitor battery impact |
Efficient usage observed |
48 |
Background Operation on Mobile |
Run VPN in background |
VPN remains active |
49 |
App Store Availability |
Available on Google Play and App Store |
Easy installation |
50 |
Open Source Availability |
Source code available for all platforms |
Builds and runs successfully |
Easy Configuration - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Minimal Config File |
Use only required fields |
VPN connects successfully |
2 |
Config File Syntax Validation |
Check for syntax errors |
Errors clearly reported |
3 |
Config File with Comments |
Add comments to config |
Comments ignored, config works |
4 |
Config File with Extra Spaces |
Add whitespace in config |
Config still valid |
5 |
Config File with Tabs |
Use tabs instead of spaces |
Config still valid |
6 |
Config File with Inline Comments |
Add inline comments |
Config still valid |
7 |
Config File with Multiple Peers |
Add multiple peers |
All peers recognized |
8 |
Config File with DNS Entry |
Add DNS entry |
DNS queries routed through VPN |
9 |
Config File with MTU |
Set MTU value |
MTU applied correctly |
10 |
Config File with Table Format |
Use INI-style format |
Parsed correctly |
11 |
Config File with IPv6 |
Add IPv6 address |
IPv6 traffic routed |
12 |
Config File with IPv4 |
Add IPv4 address |
IPv4 traffic routed |
13 |
Config File with Endpoint Hostname |
Use domain name instead of IP |
DNS resolves and connects |
14 |
Config File with Port Number |
Specify custom port |
Port used correctly |
15 |
Config File with AllowedIPs |
Define AllowedIPs |
Traffic routed as specified |
16 |
Config File with PersistentKeepalive |
Enable keepalive |
Keepalive packets sent |
17 |
Config File with Pre-shared Key |
Add PSK |
Extra encryption layer added |
18 |
Config File with Multiple Interfaces |
Define multiple interfaces |
All interfaces start correctly |
19 |
Config File with External Includes |
Reference external files |
Config loads successfully |
20 |
Config File with QR Code |
Generate QR from config |
Mobile device connects |
21 |
Config File with Environment Vars |
Use env vars for keys |
Keys loaded correctly |
22 |
Config File with Systemd |
Use with systemd unit |
Interface auto-starts |
23 |
Config File with Launchd (macOS) |
Use with launchd |
Interface auto-starts |
24 |
Config File with Windows Service |
Use with Windows service |
Interface auto-starts |
25 |
Config File with Comments Only |
Use config with only comments |
Interface does not start |
26 |
Config File with Invalid IP |
Use malformed IP address |
Error reported |
27 |
Config File with Invalid Port |
Use invalid port number |
Error reported |
28 |
Config File with Invalid Key |
Use malformed key |
Error reported |
29 |
Config File with Duplicate Keys |
Use same key for multiple peers |
Warning or error shown |
30 |
Config File with Missing Fields |
Omit required fields |
Interface fails to start |
31 |
Config File with Extra Fields |
Add unsupported fields |
Ignored or error shown |
32 |
Config File with Inline Key |
Embed key directly |
Key accepted |
33 |
Config File with External Key File |
Reference key from file |
Key loaded successfully |
34 |
Config File with Backup/Restore |
Backup and restore config |
VPN reconnects |
35 |
Config File with GUI Import |
Import config via GUI |
Interface starts |
36 |
Config File with CLI Import |
Import config via CLI |
Interface starts |
37 |
Config File with Mobile Export |
Export config to mobile |
Mobile connects successfully |
38 |
Config File with Peer Removal |
Remove peer from config |
Peer disconnected |
39 |
Config File with Peer Addition |
Add peer to config |
Peer connects |
40 |
Config File with Interface Restart |
Restart interface with same config |
Interface reconnects |
41 |
Config File with Interface Rename |
Rename interface in config |
Interface recognized |
42 |
Config File with IPv6 Only |
Use only IPv6 |
VPN connects |
43 |
Config File with IPv4 Only |
Use only IPv4 |
VPN connects |
44 |
Config File with DNS Only |
Use DNS without IP |
DNS resolves and connects |
45 |
Config File with Static IP |
Use static IP |
VPN connects |
46 |
Config File with Dynamic IP |
Use dynamic IP |
VPN reconnects after change |
47 |
Config File with Roaming Enabled |
Enable roaming |
VPN reconnects on IP change |
48 |
Config File with Logging Enabled |
Enable logging |
Logs show connection details |
49 |
Config File with Compression |
Add compression (if supported externally) |
Traffic compressed |
50 |
Config File with Comments in Peer |
Add comments in [Peer] section |
Config still valid |
Reference links