WireGuard is a VPN solution, an alternative to IPSec. It’s Linux-only, but aims to eventually support multiple platforms.
wg0
).The WireGuard interfaces act just like normal network interfaces.
Configure them with ip-address
, set routes with ip-route
, etc.
The wg
utility handles the WireGuard specific stuff.
WireGuard does “cryptokey routing” by associating each peer public key with a list of allowed IP addresses. Received traffic is decrypted and authenticated by the key, but only passed through the interface is the source IP matches one allowed in the list. When sending a packet, the list of allowed addresses acts like a routing table. When receiving a packet, the list of allowed addresses acts like an access control list.
Fri Nov 17 14:44:28 EST 2017