1.\" SPDX-License-Identifier: BSD-2-Clause 2.\" 3.\" Copyright (c) 2020 Gordon Bergling <gbe@FreeBSD.org> 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice, this list of conditions and the following disclaimer. 10.\" 2. Redistributions in binary form must reproduce the above copyright 11.\" notice, this list of conditions and the following disclaimer in the 12.\" documentation and/or other materials provided with the distribution. 13.\" 14.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24.\" SUCH DAMAGE. 25.\" 26.Dd June 12, 2023 27.Dt WG 4 28.Os 29.Sh NAME 30.Nm wg 31.Nd "WireGuard protocol driver" 32.Sh SYNOPSIS 33To load the driver as a module at boot time, place the following line in 34.Xr loader.conf 5 : 35.Bd -literal -offset indent 36if_wg_load="YES" 37.Ed 38.Sh DESCRIPTION 39The 40.Nm 41driver provides Virtual Private Network (VPN) interfaces for the secure 42exchange of layer 3 traffic with other WireGuard peers using the WireGuard 43protocol. 44.Pp 45A 46.Nm 47interface recognizes one or more peers, establishes a secure tunnel with 48each on demand, and tracks each peer's UDP endpoint for exchanging encrypted 49traffic with. 50.Pp 51The interfaces can be created at runtime using the 52.Ic ifconfig Cm wg Ns Ar N Cm create 53command. 54The interface itself can be configured with 55.Xr wg 8 . 56.Pp 57The following glossary provides a brief overview of WireGuard 58terminology: 59.Bl -tag -width indent -offset 3n 60.It Peer 61Peers exchange IPv4 or IPv6 traffic over secure tunnels. 62Each 63.Nm 64interface may be configured to recognize one or more peers. 65.It Key 66Each peer uses its private key and corresponding public key to 67identify itself to others. 68A peer configures a 69.Nm 70interface with its own private key and with the public keys of its peers. 71.It Pre-shared key 72In addition to the public keys, each peer pair may be configured with a 73unique pre-shared symmetric key. 74This is used in their handshake to guard against future compromise of the 75peers' encrypted tunnel if an attack on their 76Diffie-Hellman exchange becomes feasible. 77It is optional, but recommended. 78.It Allowed IP addresses 79A single 80.Nm 81interface may maintain concurrent tunnels connecting diverse networks. 82The interface therefore implements rudimentary routing and reverse-path 83filtering functions for its tunneled traffic. 84These functions reference a set of allowed IP address ranges configured 85against each peer. 86.Pp 87The interface will route outbound tunneled traffic to the peer configured 88with the most specific matching allowed IP address range, or drop it 89if no such match exists. 90.Pp 91The interface will accept tunneled traffic only from the peer 92configured with the most specific matching allowed IP address range 93for the incoming traffic, or drop it if no such match exists. 94That is, tunneled traffic routed to a given peer cannot return through 95another peer of the same 96.Nm 97interface. 98This ensures that peers cannot spoof one another's traffic. 99.It Handshake 100Two peers handshake to mutually authenticate each other and to 101establish a shared series of secret ephemeral encryption keys. 102Either peer may initiate a handshake. 103Handshakes occur only when there is traffic to send, and recur every 104two minutes during transfers. 105.It Connectionless 106Due to the handshake behavior, there is no connected or disconnected 107state. 108.El 109.Ss Keys 110Private keys for WireGuard can be generated from any sufficiently 111secure random source. 112The Curve25519 keys and the pre-shared keys are both 32 bytes 113long and are commonly encoded in base64 for ease of use. 114.Pp 115Keys can be generated with 116.Xr wg 8 117as follows: 118.Pp 119.Dl $ wg genkey 120.Pp 121Although a valid Curve25519 key must have 5 bits set to 122specific values, this is done by the interface and so it 123will accept any random 32-byte base64 string. 124.Sh NETMAP 125.Xr netmap 4 126applications may open a WireGuard interface in emulated mode. 127The netmap application will receive decrypted, unencapsulated packets prepended 128by a dummy Ethernet header. 129The Ethertype field will be one of 130.Dv ETHERTYPE_IP 131or 132.Dv ETHERTYPE_IPV6 133depending on the address family of the packet. 134Packets transmitted by the application should similarly begin with a dummy 135Ethernet header; this header will be stripped before the packet is encrypted 136and tunneled. 137.Sh EXAMPLES 138Create a 139.Nm 140interface and set random private key. 141.Bd -literal -offset indent 142# ifconfig wg0 create 143# wg genkey | wg set wg0 listen-port 54321 private-key /dev/stdin 144.Ed 145.Pp 146Retrieve the associated public key from a 147.Nm 148interface. 149.Bd -literal -offset indent 150$ wg show wg0 public-key 151.Ed 152.Pp 153Connect to a specific endpoint using its public-key and set the allowed IP address 154.Bd -literal -offset indent 155# wg set wg0 peer '7lWtsDdqaGB3EY9WNxRN3hVaHMtu1zXw71+bOjNOVUw=' endpoint 10.0.1.100:54321 allowed-ips 192.168.2.100/32 156.Ed 157.Pp 158Remove a peer 159.Bd -literal -offset indent 160# wg set wg0 peer '7lWtsDdqaGB3EY9WNxRN3hVaHMtu1zXw71+bOjNOVUw=' remove 161.Ed 162.Sh DIAGNOSTICS 163The 164.Nm 165interface supports runtime debugging, which can be enabled with: 166.Pp 167.D1 Ic ifconfig Cm wg Ns Ar N Cm debug 168.Pp 169Some common error messages include: 170.Bl -diag 171.It "Handshake for peer X did not complete after 5 seconds, retrying" 172Peer X did not reply to our initiation packet, for example because: 173.Bl -bullet 174.It 175The peer does not have the local interface configured as a peer. 176Peers must be able to mutually authenticate each other. 177.It 178The peer endpoint IP address is incorrectly configured. 179.It 180There are firewall rules preventing communication between hosts. 181.El 182.It "Invalid handshake initiation" 183The incoming handshake packet could not be processed. 184This is likely due to the local interface not containing 185the correct public key for the peer. 186.It "Invalid initiation MAC" 187The incoming handshake initiation packet had an invalid MAC. 188This is likely because the initiation sender has the wrong public key 189for the handshake receiver. 190.It "Packet has unallowed src IP from peer X" 191After decryption, an incoming data packet has a source IP address that 192is not assigned to the allowed IPs of Peer X. 193.El 194.Sh SEE ALSO 195.Xr inet 4 , 196.Xr ip 4 , 197.Xr ipsec 4 , 198.Xr netintro 4 , 199.Xr netmap 4 , 200.Xr ovpn 4 , 201.Xr ipf 5 , 202.Xr pf.conf 5 , 203.Xr ifconfig 8 , 204.Xr ipfw 8 , 205.Xr wg 8 206.Rs 207.%T WireGuard whitepaper 208.%U https://www.wireguard.com/papers/wireguard.pdf 209.Re 210.Sh HISTORY 211The 212.Nm 213device driver first appeared in 214.Fx 13.2 . 215.Sh AUTHORS 216.An -nosplit 217The 218.Nm 219device driver was written by 220.An Jason A. Donenfeld Aq Mt Jason@zx2c4.com , 221.An Matt Dunwoodie Aq Mt ncon@nconroy.net , 222.An Kyle Evans Aq Mt kevans@FreeBSD.org , 223and 224.An Matt Macy Aq Mt mmacy@FreeBSD.org . 225.Pp 226This manual page was written by 227.An Gordon Bergling Aq Mt gbe@FreeBSD.org 228and is based on the 229.Ox 230manual page written by 231.An David Gwynne Aq Mt dlg@openbsd.org . 232