What is Wiregarden?

Wiregarden is several things:

What is the status of Wiregarden?

Wiregarden is currently in "tech preview". A public service is available, to which users can sign up and use immediately. The tech preview is available at no cost.

Is Wiregarden stable? Is it production ready?

I rely on Wiregarden to connect to my own infrastructure securely. I built Wiregarden because I wanted a service just like this, and was not happy with any of the alternatives.

Free access to a tech preview comes with no guarantee of SLA or uptime. However I have skin-in-the-game to provide a good experience, improve the service, and launch a commercial product. I don't want to lose access to my devices any more than you do.

I'm having a problem with Wiregarden or have a question.

Please open a Github issue or email if it's more of a private matter or security disclosure.

Is Wiregarden a VPN?

In the strict sense of the meaning of that acronym, Wiregarden creates VPNs.

Does the world really need yet another VPN?

Wiregarden is designed for a specific use case:  Easy-to-build private internal networks over existing network substrate. That substrate may be the public internet. However, obscuring or hiding your network identity on the public internet is not its intended purpose. There are plenty of other Wireguard VPNs that are designed for providing public network egress, and to scale for this purpose. For example, Mozilla or Cloudflare.

How is Wiregarden different from other private networking solutions then?

Can I deploy my own Wiregarden API server?

Not quite yet, but hopefully soon. I'd like to observe and improve the public tech preview instance before making it generally available.

You won't need to talk to a salesperson to do it.

When will there be support for more operating systems (macOS, Windows, BSD, etc)

Linux is the leading operating system on servers, clouds and embedded devices, so it has priority. Integrating other OSes with Wiregarden is being considered.

Security & Privacy

What does Wiregarden know about my network and devices?

The network model stores information about each device, so that it can be replicated to all the others:

Can the Wiregarden API service see my traffic? Does it keep any logs?

Your traffic never transits the Wiregarden service infrastructure -- not even encrypted traffic. The wiregarden API server stores a model of your network topology, so that it can be relayed to all your devices. The only activity logged is API activity, such as:

API server usage is logged only to help debug and improve the service. The API is not involved in mediating connections at all and has no record of network activity through the provisioned Wireguard networks.

Do I need to sign in with my Github (or other SSO) account?

Sign-in with Github is provided for convenience, but it isn't mandatory. There are good reasons to keep social accounts separate from other services; feel free to sign up with an isolated email if you prefer.

Is Wiregarden "zero-trust" networking?

Zero-trust networking is really about defining access policies that build trust based on identity, rather than by virtue of being able to connect to a network. Wiregarden's network model, by building off of Wireguard, naturally identifies devices by their public key identity.

I would say Wiregarden is zero-trust compatible, and could be used to build zero-trust policies. I would be especially interested to hear more about your needs here.

Source code

Is the source to Wiregarden available?

Yes! Find wiregarden-io on Github.

Is Wiregarden open-source?

Wiregarden is released under a Business Source License, which will convert to the open source Apache Public License 2.0 after some time. The source is available.

Will the source to the API server be available?

Yes, once the API server is generally available.