1 # Wireguard vpp-plugin {#wireguard_plugin_doc}
4 This plugin is an implementation of [wireguard protocol](https://www.wireguard.com/) for VPP. It allows one to create secure VPN tunnels.
5 This implementation is based on [wireguard-openbsd](https://git.zx2c4.com/wireguard-openbsd/).
11 - blake2s [[Source]](https://github.com/BLAKE2/BLAKE2)
18 ## Plugin usage example
20 ### Create wireguard interface
23 > vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key]
25 > vpp# set int state <wg_interface> up
26 > vpp# set int ip address <wg_interface> <wg_ip4>
29 ### Add a peer configuration:
31 > vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> dst-port <port_dst> persistent-keepalive [keepalive_interval]
37 > vpp# show wireguard interface
38 > vpp# show wireguard peer
43 > vpp# wireguard peer remove <peer_idx>
49 > vpp# wireguard delete <wg_interface>
52 ## Main next steps for improving this implementation
53 1. Use all benefits of VPP-engine.
54 2. Add IPv6 support (currently only supports IPv4)
55 3. Add DoS protection as in original protocol (using cookie)