WireGuard: Finally, a VPN That Just Works

I spent a Sunday afternoon with Strongswan IPSec trying to get a VPN running at home. The configuration is arcane, debug output is cryptic, and after hours I had nothing working.

I switched to WireGuard and had it running in under an hour.

WireGuard is built into the Linux kernel (5.6+). The design: minimal codebase (~4000 lines), minimal config, fast.

A full peer config:

[Interface]
PrivateKey = <your private key>
Address = 10.0.0.1/24
ListenPort = 51820


[Peer]
PublicKey = <peer public key>
AllowedIPs = 10.0.0.2/32

Generate keys with wg genkey, configure both ends, wg-quick up wg0. That's it.

Compared to IPSec: far smaller attack surface, faster handshake, better throughput, human-readable config.

For homelab VPNs or simple site-to-site setups, WireGuard should be the default choice.

wireguard.com