What is Wiregarden?

Wiregarden is several things:

What is the status of Wiregarden?

Wiregarden is currently in "tech preview". A public service is available, to which users can sign up and use immediately. The tech preview is available at no cost.

Is Wiregarden stable? Is it production ready?

I rely on Wiregarden to connect to my own infrastructure securely. I built Wiregarden because I wanted a service just like this, and was not happy with any of the alternatives.

Free access to a tech preview comes with no guarantee of SLA or uptime. However I have skin-in-the-game to provide a good experience, improve the service, and launch a commercial product. I don't want to lose access to my devices any more than you do.

I'm having a problem with Wiregarden or have a question.

Please open a Github issue or email if it's more of a private matter or security disclosure.

Is Wiregarden a VPN?

In the strict sense of the meaning of that acronym, Wiregarden creates VPNs.

Does the world really need yet another VPN?

Wiregarden is designed for a specific use case:  Easy-to-build private internal networks over existing network substrate. That substrate may be the public internet. However, obscuring or hiding your network identity on the public internet is not its intended purpose. There are plenty of other Wireguard VPNs that are designed for providing public network egress, and to scale for this purpose. For example, Mozilla or Cloudflare.

How is Wiregarden different from other private networking solutions then?

Can I deploy my own Wiregarden API server?

Not quite yet, but hopefully soon. I'd like to observe and improve the public tech preview instance before making it generally available.

You won't need to talk to a salesperson to do it.

When will there be support for more operating systems (macOS, Windows, BSD, etc)

Linux is the leading operating system on servers, clouds and embedded devices, so it has priority. Still considering options to integrate other OSes with Wiregarden, without getting too mired in OS-specific networking details.

Security & Privacy

What does Wiregarden know about my network and devices?

The network model stores information about each device, so that it can be replicated to all the others:

Can the Wiregarden API service see my traffic? Does it keep any logs?

Your traffic never transits the Wiregarden service infrastructure. The wiregarden API server stores a model of your network topology, so that it can be relayed to all your devices. The only activity logged is API activity:

API server usage is monitored to help improve and scale the product. Some user identity must be stored to help support the service, but I'm otherwise not interested in who you are, as much as the patterns of usage in aggregate.

OAuth sign-in with Github is provided for convenience, but it isn't mandatory. Feel free to sign up with an isolated email if you prefer.

Is Wiregarden "zero-trust" networking?

Zero-trust networking is really about defining access policies that build trust based on identity, rather than by virtue of being able to connect to a network. Wiregarden's network model, by building off of Wireguard, naturally identifies devices by their public key identity.

I would say Wiregarden is zero-trust compatible, and could be used to build zero-trust policies. I would be especially interested to hear more about your needs here.

Source code

Is the source to Wiregarden available?

Yes! wiregarden-io on Github.

Is Wiregarden open-source?

Wiregarden is released under a Business Source License, which will convert to the open source Apache Public License 2.0 after some time. The source is available. It would be unreasonable to expect users to install and use network security software without providing the source.

I do not believe open-source licenses provide enough protection for small innovators. The BSL is a fair compromise; it levels the playing field to allow the author to profit from the project, while still preventing bad outcomes like proprietary lock-in and abandonware if it fails to become a sustainable business.

Will the source to the API server be available?

Yes, once the API server is generally available.