WireGuard VPN FAQs: Difference between revisions

From Edge Threat Management Wiki - Arista
Jump to navigationJump to search
No edit summary
 
(One intermediate revision by one other user not shown)
Line 1: Line 1:
[[Category:FAQs]]
[[Category:FAQs]]
=== How do I create a roaming client configuration? ===
From the Tunnels tab, click Add and specify a description.  As long as the Remote Endpoint Type is Roaming and the Remote Per IP Address is populated, you can click Done, click Save, and then click the Remote Client icon to generate a QR Code/Configuration file for your roaming client.
=== How resilient is a WireGuard connection? ===
=== How resilient is a WireGuard connection? ===


Line 10: Line 6:
=== What cryptography is used in WireGuard? ===
=== What cryptography is used in WireGuard? ===


ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction
WireGuard uses several ciphers including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF. For more details refer to the [https://www.wireguard.com/protocol/ WireGuard Protocol & Cryptography documentation].
Curve25519 for ECDH
BLAKE2s for hashing and keyed hashing, as described in RFC7693
SipHash24 for hashtable keys
HKDF for key derivation, as described in RFC5869
Noise_IK handshake from Noise, building on the work of CurveCP, NaCL, KEA+, SIGMA, FHMQV, and HOMQV


=== What transport protocol and port does WireGuard use? ===
=== What transport protocol and port does WireGuard use? ===
WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.
WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.

Latest revision as of 21:47, 14 September 2023

How resilient is a WireGuard connection?

WireGuard is built for roaming. If your device changes networks, e.g. from WiFi to a mobile/cellular, the connection will persist because as long as the client sends correctly authenticated data to the WireGuard VPN server, the server keeps the connection alive.

What cryptography is used in WireGuard?

WireGuard uses several ciphers including ChaCha20, Curve25519, BLAKE2s, SipHash24, and HKDF. For more details refer to the WireGuard Protocol & Cryptography documentation.

What transport protocol and port does WireGuard use?

WireGuard encapsulates and encrypts all data using UDP with default port 51820. There is a built-in access rule to allow WireGuard traffic on this port.

Retrieved from "https://wiki.edge.arista.com/index.php?title=WireGuard_VPN_FAQs&oldid=28585"