WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs), and was designed with the goals of ease of use, high speed performance, and low attack surface. It aims for better performance and more power-saving than the IPsec and OpenVPN tunneling protocols. The WireGuard protocol passes traffic over UDP.

Protocol
WireGuard utilizes the following:

In May 2019, researchers from INRIA published a machine-checked proof of WireGuard, produced using the CryptoVerif proof assistant.
 * Curve25519 for key exchange
 * ChaCha20 for symmetric encryption
 * Poly1305 for message authentication codes
 * SipHash for hashtable keys
 * BLAKE2s for cryptographic hash function
 * UDP-based only

Reception
WireGuard aims to provide a simple and effective virtual private network implementation. A 2018 review by Ars Technica observed that popular VPN technologies such as OpenVPN and IPsec are often complex to set up, disconnect easily (in the absence of further configuration), take substantial time to negotiate reconnections, may use outdated ciphers, and have relatively massive code bases of over 400,000 and 600,000 lines of code, respectively, which hinders debugging.

Implementations
Implementations of the WireGuard protocol include:


 * Donenfeld's initial implementation, written in C and Go.
 * Matt Dunwoodie's implementation for OpenBSD, written in C.
 * Ryota Ozaki's wg(4) implementation, for NetBSD, is written in C.
 * Cloudflare's BoringTun, a user space implementation written in Rust.
 * The FreeBSD implementation is written in C and shares most of the data path with the OpenBSD implementation.
 * Oracle Linux with "Unbreakable Enterprise Kernel" Release 6 Update 1, since November 2020
 * Native Windows kernel implementation named "wireguard-nt", since August 2021