Wireguard is in the Linux kernel

I’m very happy to hear that Wireguard has made it into the Linux kernel and will be part of Linux 5.6!

Wireguard was quite a relief for me after wrestling with OpenVPN before, for multiple reasons. I’m a happy user for about a year now, and I can wholeheartedly recommend it.

Wireguard is really pushing the state of the art forward for VPNs:

An example configuration

To get an idea, this is a /etc/wireguard/wg0.conf configuration file very similar2 to the one I use on my Laptop right now:

PrivateKey = WG8r5DNvD2KlZORhJ2XgzW3lWO8i5GJqZBePt98EgUY=
Address =

PublicKey = 6qzH9hJbyPFp+GJJoxsBaPhUEl4mVKTGNP433xLWhBc=
PresharedKey = LiWmdHZN/Jizhv1h0qTGeslci2yZIyrkEDjrx3bUomE=
AllowedIPs =, ::/0
Endpoint = vpn.gnoack.org:9999

This contains our own device’s private key and configured IP in the VPN, as well as a list of peer hosts with their public keys and the IP addresses they are making available.

Note the symmetry: A server-side configuration looks the same, but with more peer entries.

The command wg-quick up wg0 brings the configuration up as a new device and sets appropriate routes.

For further reference, Wireguard’s own quickstart page has a better introduction than this one here (with a video).

Disclaimer: I’m not affiliated with Wireguard, but I received a big stack of stickers3 from Jason Donenfeld after a talk once. Congratulations on the big step forward, and thanks for the great software!

  1. Key management can hardly be simpler than that:

    $ wg genkey > beuys.gnoack.org
    $ wg pubkey < beuys.gnoack.org
    $ wg genpsk > psk

    This is a breeze compared to the OpenSSL dance required to get OpenVPN running. ↩︎

  2. These are example values, of course. ↩︎

  3. That was really nice. As everyone knows, stickers beat Bitcoin and Ethereum hands down as an underground hacker currency. :) They were quite popular in the sticker exchange where I placed them. 🐉 ↩︎