What WireGuard is, in one sentence
WireGuard is a VPN protocol — a small, modern, kernel-resident set of rules for two computers to send encrypted packets to each other. About 4,000 lines of code (vs OpenVPN's ~120,000), uses only modern cryptographic primitives with no negotiation surface, and consistently 3-5× faster than older VPN protocols on the same hardware.
A brief history
WireGuard was designed by Jason A. Donenfeld starting around 2016, originally for Linux. The design goals were explicit: dramatically smaller code surface, modern cryptography only, no configurable cipher suites, kernel-resident for performance. The protocol stabilised in 2018-2019.
Linus Torvalds famously praised WireGuard's code quality in 2018 ("Can I just once again state my love for it and hope it gets merged soon?"). It was merged into the Linux kernel mainline in 5.6 (March 2020), became the default in most Linux distributions soon after, and was subsequently ported to FreeBSD, OpenBSD, Windows, macOS, iOS, and Android.
As of 2026, WireGuard is the dominant modern VPN protocol — supported in virtually every consumer router firmware released after 2022, every major open-source firewall (OPNsense, pfSense), and underneath every major mesh-VPN product (Tailscale, NetBird, MeshWG, Headscale).
How WireGuard works
WireGuard's design has three core elements:
- Public-key cryptography for identity. Each peer has a public key. The local peer's configuration lists every remote peer's public key, the IPs that peer is allowed to source traffic from (
AllowedIPs), and where to reach them (Endpoint). There's no certificate authority, no PKI, no separate authentication mechanism. The public key IS the identity. - UDP transport, no TCP. WireGuard runs over UDP. The handshake is three messages (Noise_IK protocol). Once the handshake completes, encrypted packets flow as opaque UDP datagrams.
- Fixed cryptographic primitives. ChaCha20-Poly1305 for symmetric encryption + authentication, Curve25519 for Elliptic Curve Diffie-Hellman key exchange, BLAKE2s for hashing, HKDF for key derivation. No negotiation. No downgrade attack surface.
A complete WireGuard configuration looks like this:
[Interface]
PrivateKey = aBcDeFgHi...
Address = 10.100.0.2/16
ListenPort = 51820
[Peer]
PublicKey = ZyXwVuTsR...
Endpoint = peer.example.com:51820
AllowedIPs = 10.100.0.0/16
PersistentKeepalive = 21That's the entire protocol's user surface. Compare to a typical OpenVPN config, which runs 40-80 lines plus four separate certificate/key files.
The cryptographic choices, and why they matter
WireGuard's "no negotiation" stance is unusual among VPN protocols. The deliberate trade-off:
- What you give up: the ability to gracefully upgrade if a primitive is ever broken. Every WireGuard deployment uses the same primitives; a break in ChaCha20 (hypothetical, unlikely) would require synchronous upgrade across every deployment.
- What you get: no misconfiguration surface, no downgrade attacks, no negotiation rounds, no cipher-suite parsing bugs. The entire class of "TLS 1.0 with RC4 was a valid config for too long" mistakes is structurally impossible.
The primitives chosen (ChaCha20-Poly1305, Curve25519, BLAKE2s) are well-studied, fast in software, and resist all known attacks. They were modern when WireGuard was designed and remain modern. The bet that they'll stay safe for the protocol's intended lifetime has held up so far.
Compared to OpenVPN and IPsec
| Aspect | WireGuard | OpenVPN | IPsec |
|---|---|---|---|
| Released | 2017 (mainline 2020) | 2001 | 1995 |
| Code size | ~4,000 lines | ~120,000 lines | varies wildly (strongSwan ~400,000) |
| Transport | UDP only | UDP or TCP | UDP (with ESP) |
| Cipher choice | Fixed (ChaCha20-Poly1305) | Configurable | Configurable |
| Throughput on same HW | baseline (fastest) | ~30% of WG | ~50-90% of WG (with HW offload) |
| Configuration LoC | ~10 | ~50-100 + 4 cert files | ~30-200 + complex IKE |
| Reconnect time | ~50ms | 200-800ms | 1-10s (IKE renegotiation) |
| Mobile / NAT-friendly | Yes (PersistentKeepalive) | Yes | Tricky (NAT-T workarounds) |
| Per-user auth | No (public-key only) | Yes (cert + username/pass) | Yes (XAuth, certificate) |
The honest summary: WireGuard wins on simplicity, speed, and modern security posture. OpenVPN wins on TCP fallback and per-user authentication. IPsec wins on hardware-accelerated throughput at the very high end (line-rate 10Gbps+ on dedicated hardware) and in legacy enterprise deployments where it's already entrenched.
Where WireGuard runs
- Linux kernel: in-tree since 5.6 (March 2020). Every modern Linux distro has it.
- FreeBSD kernel: in-tree since FreeBSD 13.1 (2022). Used by OPNsense, pfSense Plus.
- OpenBSD: kernel module since 2020.
- Windows / macOS: official user-space implementations.
- iOS / Android: official apps.
- OpenWrt: since 19.07 (2020).
- MikroTik RouterOS: since 7.0 (December 2021).
- Most consumer router firmware: TP-Link Archer (firmware 1.2.0+), Asus AsusWRT (3.0.0.4.388+), Ubiquiti UDM (UniFi OS 3.0+), GL.iNet, and many others, all from late 2022 onwards.
WireGuard-based products
WireGuard is a protocol; commercial and open-source products build on top of it to provide UX and operational tooling:
- Mesh VPN products — Tailscale, NetBird, MeshWG, Headscale all use WireGuard as their data plane and add managed coordination, key exchange, NAT traversal, and access control.
- Commercial VPN providers — Mullvad, IVPN, ProtonVPN, NordVPN, ExpressVPN, Surfshark all support WireGuard alongside their older protocol options.
- Router firmware — WireGuard is bundled in every modern router OS, configurable directly through the device's admin UI.
If you want a mesh VPN for SMB multi-branch deployments specifically (per-router pricing, paste-ready config for 8 vendor families, 24/7 support), MeshWG is built for that shape. For the alternatives, see our Tailscale alternatives guide.
Honest trade-offs
Where WireGuard doesn't fit:
- UDP-blocked networks. WireGuard runs over UDP only; if your network blocks UDP outbound, WireGuard cannot connect. OpenVPN over TCP/443 looks like HTTPS and survives.
- Per-user authentication at scale. WireGuard has no concept of "user X with password Y" — every device is a separate keypair. For large remote-access deployments, you need either a layer above (SSO + mesh product) or OpenVPN's username/password support.
- Roaming with the same identity across many networks. WireGuard handles peer endpoint updates automatically when packets arrive from a new source IP, but the underlying assumption is one peer = one key. Mobile-first deployments use mesh products that automate per-device keypair management.
Frequently asked questions
What is WireGuard in simple terms?
WireGuard is a VPN protocol — a set of rules for two computers to send encrypted packets to each other through an untrusted network. Compared to older VPN protocols (OpenVPN, IPsec, L2TP), WireGuard is simpler (about 4,000 lines of code vs OpenVPN's 120,000), faster (3-5× the throughput on the same hardware), and uses only modern cryptography (ChaCha20-Poly1305, Curve25519, BLAKE2s). It was created by Jason A. Donenfeld and merged into the Linux kernel in 2020.
Is WireGuard a VPN?
WireGuard is the underlying protocol that VPN products use. Calling WireGuard 'a VPN' is like calling HTTP 'a website' — accurate in casual conversation, imprecise technically. A VPN product (Mullvad, NordVPN, Tailscale, MeshWG) wraps WireGuard with the user-facing features: account management, server selection, kill switches, mesh coordination, etc. WireGuard itself is just the encrypted tunnel between two endpoints.
Is WireGuard better than OpenVPN?
For most modern use cases, yes. WireGuard is 3-5× faster than OpenVPN on the same hardware, uses about 30× less code (smaller attack surface, easier to audit), reconnects in ~50ms vs OpenVPN's 200-800ms, and is built around modern audited cryptography rather than the configurable cipher suites that OpenVPN inherits from TLS. The exceptions where OpenVPN still wins: when you need TCP fallback (UDP-blocking networks), when you need username/password authentication, or when you're integrating with legacy systems.
Is WireGuard secure?
WireGuard's cryptographic design is widely regarded as strong — it uses only modern, audited primitives (ChaCha20-Poly1305 AEAD, Curve25519 ECDH, BLAKE2s, HKDF) with no negotiation surface to misconfigure. The Noise_IK handshake authenticates peer identities immediately. There's no certificate management to get wrong. The codebase is small enough that independent audits cover the entirety of it. The honest caveat: WireGuard doesn't itself manage identity beyond 'you possess this private key,' so deployments need to layer identity / access control on top.
What does WireGuard run on?
Everywhere modern. The Linux kernel module (in-tree since 5.6, 2020), the FreeBSD kernel module (since FreeBSD 13.1, 2022), the OpenBSD kernel module, the OpenWrt firmware, the MikroTik RouterOS 7 firmware, the official Tailscale clients, the official WireGuard apps on Windows / macOS / iOS / Android, and most consumer router firmware from late 2022 onwards (TP-Link Archer, Asus, GL.iNet, Ubiquiti UDM, OPNsense, pfSense). It's the most-supported VPN protocol in 2026.
How fast is WireGuard?
WireGuard's throughput is CPU-bound by the symmetric encryption cost. On modern Linux with the kernel module, typical numbers: 1-2 Gbps on commodity x86 hardware (Intel/AMD with AES-NI), 500-900 Mbps on prosumer ARM routers (IPQ8074, RB5009), 200-500 Mbps on consumer routers (TP-Link AX73, Asus RT-AX). These are 3-5× faster than OpenVPN on the same hardware. For typical 100-300 Mbps SMB fibre uplinks, WireGuard on any modern router saturates the WAN.
Next steps
If you want a managed mesh VPN built on WireGuard for SMB multi-branch deployments, MeshWG's free tier covers 2 routers indefinitely.