WireGuard is an open-source software application and protocol that implements virtual private network techniques to create secure point-to-point connections in routed or bridged configurations. It is run as a module inside the Linux kernel and aims for better performance than the IPsec and OpenVPN tunneling protocols.
Features WireGuard aims to provide a VPN that is both simple and highly effective. A review by ars technica observed that popular VPN technologies such as OpenVPN and IPSEC are often complex to set up, disconnect easily (in the absence of further configuration), take substantial time to negotiate reconnections, may use outdated ciphers, and have relatively massive code (400,000 to 600,000 lines of code for the two examples given) which makes it harder to find bugs.
WireGuard's design seeks to reduce these issues, making the tunnel more secure and easier to manage by default. By using versioning of cryptography packages, it focuses on ciphers believed to be among the most secure current encryption methods, and also has a codebase of around 4000 lines, about 1% of either OpenVPN or IPSEC, making security audits easier. Ars technica reported that in testing, stable tunnels were easy to create with WireGuard, compared to alternatives, and commented that it would be "hard to go back" to long reconnection delays, compared to WireGuard's "no nonsense" instant reconnections.
