WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Installation
To install WireGuard for your client platform, please go to the following page:
Configuration Request
The next step after the client is installed is to request a client configuration QR code image. Please submit the following form and the QR code will be generated and sent to your email address. You must agree to the VPN policy below.
VPN Policy
- PURPOSE
The purpose of this is to provide policies for Remote Access Virtual Private Network (VPN) connections to the ARES of Delaware County organizational network. - SCOPE
This policy applies to all ARES of Delaware County organization volunteers, employees, contractors, consultants, temporaries, and other workers including all personnel affiliated with third parties utilizing VPNs to access the ARES of Delaware County organization network. This policy applies to implementations of VPN that are directed through a VPN Gateway. - POLICY
Approved ARES of Delaware County organization volunteers, employees and authorized third parties (customers, vendors, etc.) may utilize the benefits of VPNs, which are a “user managed” service. This means that the user is responsible for selecting an Internet Service Provider (ISP), coordinating installation, installing any required software, and paying associated fees.- It is the responsibility of authorized personnel with VPN privileges to ensure that unauthorized users are not allowed access to ARES of Delaware County organization internal networks.
- VPN use is to be controlled using a public/private key system with a strong pass phrase. These keys will be generated and contained in a QR code to be scanned into your WireGuard VPN Client software.
- VPN gateways will be set up and managed by ARES of Delaware County organization network operational groups or other authorized parties.
- All computers connected to ARES of Delaware County organization internal networks via VPN or any other technology must use the most up-to-date anti-virus software that is considered standard; this includes personal computers.
- Users of computers that are not ARES of Delaware County organization owned equipment must configure the equipment to comply with ARES of Delaware County organization's VPN and Network policies.
- Only WireGuard VPN clients may be used.
- By using VPN technology with personal equipment, users must understand that their machines are a de facto extension of ARES of Delaware County organization's network, and as such are subject to the same rules and regulations that apply to ARES of Delaware County organization owned equipment, i.e., their machines must be configured to comply with ARES of Delaware County organization’s security policies.
- ENFORCEMENT
- All staffs are required to comply with this security policy and its appendices. Disciplinary actions including termination may be taken against any ARES of Delaware County organization staffs who fail to comply with the ARES of Delaware County organization’s security policies or circumvent/violate any security systems and/or protection mechanisms.
- Staff having knowledge of personal misuse or malpractice of IT Systems must report immediately to management and IT Security.
- ARES of Delaware County organization's staff must ensure that ARES of Delaware County organization's contractors and other parties authorized by the ARES of Delaware County organization using its internal computer systems, comply with this policy.
- Where the role of the service provider is outsourced to a vendor, the outsourced vendor should ensure compliance with this policy.
VPN Access Request Form
Features
Conceptual Overview
If you'd like a general conceptual overview of what WireGuard is about, read onward here. You then may progress to installation and reading the quickstart instructions on how to use it.
If you're interested in the internal inner workings, you might be interested in the brief summary of the protocol, or go more in depth by reading the technical whitepaper, which goes into more detail on the protocol, cryptography, and fundamentals. If you intend to implement WireGuard for a new platform, please read the cross-platform notes.
WireGuard securely encapsulates IP packets over UDP. You add a WireGuard interface, configure it with your private key and your peers' public keys, and then you send packets across it. All issues of key distribution and pushed configurations are out of scope of WireGuard; these are issues much better left for other layers, lest we end up with the bloat of IKE or OpenVPN. In contrast, it more mimics the model of SSH and Mosh; both parties have each other's public keys, and then they're simply able to begin exchanging packets through the interface.