Difference between revisions of "WireGuard VPN FAQs"

From UntangleWiki
Jump to: navigation, search
(What cryptography is used in WireGuard?)
(What cryptography is used in WireGuard?)
 
Line 10: Line 10:
 
=== What cryptography is used in WireGuard? ===
 
=== What cryptography is used in WireGuard? ===
  
ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction
+
WireGuard uses several ciphers including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF. For more details refer to the [https://www.wireguard.com/protocol/ WireGuard Protocol & Cryptography documentation].
Curve25519 for ECDH
 
BLAKE2s for hashing and keyed hashing, as described in RFC7693
 
SipHash24 for hashtable keys
 
HKDF for key derivation, as described in RFC5869
 
Noise_IK handshake from Noise, building on the work of CurveCP, NaCL, KEA+, SIGMA, FHMQV, and HOMQV
 
  
 
=== What transport protocol and port does WireGuard use? ===
 
=== What transport protocol and port does WireGuard use? ===
 
WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.
 
WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.

Latest revision as of 00:08, 9 September 2020

How do I create a roaming client configuration?

From the Tunnels tab, click Add and specify a description. As long as the Remote Endpoint Type is Roaming and the Remote Per IP Address is populated, you can click Done, click Save, and then click the Remote Client icon to generate a QR Code/Configuration file for your roaming client.

How resilient is a WireGuard connection?

WireGuard is built for roaming. If your device changes networks, e.g. from WiFi to a mobile/cellular, the connection will persist because as long as the client sends correctly authenticated data to the WireGuard VPN server, the server keeps the connection alive.

What cryptography is used in WireGuard?

WireGuard uses several ciphers including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF. For more details refer to the WireGuard Protocol & Cryptography documentation.

What transport protocol and port does WireGuard use?

WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.