Building a more secure, accessible and resilient WireGuard VPN protocol.

Virtual Private Networks (VPN) are used around the world as both an internet access and privacy tool, enabling the circumvention of state-imposed blocks and helping individuals protect their personal information while online. Unfortunately, most VPNs rely on underlying protocols that have numerous, widely known vulnerabilities, massive codebases, and significant performance issues. Furthermore, these protocols are increasingly being targeted by repressive governments seeking to prevent users from overcoming censorship. WireGuard was created to address these issues. WireGuard features a lightweight codebase, extensive security review, and integration of many important security features lacking in previous protocols such as a “fail-closed” feature (forcing a more secure connection by default). The protocol also relies on the OTF-supported Noise Protocol Framework that is also relied on in Signal, among numerous others.

The WireGuard protocol is relatively new, but it has experienced skyrocketing adoption for Linux kernel and acclaim for its approach as a simpler yet more secure VPN option. This project will advance this effort, allowing more concentrated focus on developing and improving WireGuard, such as through more dedicated operating system (e.g. kernel) development, project code maintenance and improvement, bug tracking, development of client software for users, further research into improving the protocol, and ecosystem development to raise awareness and adoption of WireGuard.

During the course of the project, WireGuard was integrated into the Linux Kernel. With WireGuard will be baked into the Linux kernel, it can truly become a mainstream tool providing near-endless opportunities for new use cases across the most widely used operating systems in the world (both Android and Chrome operating systems are derived directly from the Linux kernel and most websites and servers rely on Linux, along with nearly all cloud infrastructure). In addition, it has been adopted by a wide variety of VPNs such as NordVPN, VyperVPN, StrongVPN, Mullvad and many others.