1 .. _wireguard_plugin_doc:
9 This plugin is an implementation of `wireguard
10 protocol <https://www.wireguard.com/>`__ for VPP. It allows one to
11 create secure VPN tunnels. This implementation is based on
12 `wireguard-openbsd <https://git.zx2c4.com/wireguard-openbsd/>`__.
19 - blake2s `[Source] <https://github.com/BLAKE2/BLAKE2>`__
29 Create wireguard interface
30 ~~~~~~~~~~~~~~~~~~~~~~~~~~
34 > vpp# wireguard create listen-port <port> private-key <priv_key> src <src_ip4> [generate-key]
36 > vpp# set int state <wg_interface> up
37 > vpp# set int ip address <wg_interface> <wg_ip4>
39 Add a peer configuration:
40 ~~~~~~~~~~~~~~~~~~~~~~~~~
44 > vpp# wireguard peer add <wg_interface> public-key <pub_key_other> endpoint <ip4_dst> allowed-ip <prefix> port <port_dst> persistent-keepalive [keepalive_interval]
47 Add routes for allowed-ip:
48 ~~~~~~~~~~~~~~~~~~~~~~~~~~
52 > ip route add <prefix> via <wg_ip4> <wg_interface>
59 > vpp# show wireguard interface
60 > vpp# show wireguard peer
67 > vpp# wireguard peer remove <peer_idx>
74 > vpp# wireguard delete <wg_interface>
76 Main next steps for improving this implementation
77 -------------------------------------------------
79 1. Use all benefits of VPP-engine.
80 2. Add peers roaming support