.. _wireguard_plugin_doc:
Wireguard vpp-plugin
====================
Overview
--------
This plugin is an implementation of `wireguard
protocol `__ for VPP. It allows one to
create secure VPN tunnels. This implementation is based on
`wireguard-openbsd `__.
Crypto
------
The crypto protocols:
- blake2s `[Source] `__
OpenSSL:
- curve25519
- chachapoly1305
Plugin usage example
--------------------
Create wireguard interface
~~~~~~~~~~~~~~~~~~~~~~~~~~
::
> vpp# wireguard create listen-port private-key src [generate-key]
> *wg_interface*
> vpp# set int state up
> vpp# set int ip address
Add a peer configuration:
~~~~~~~~~~~~~~~~~~~~~~~~~
::
> vpp# wireguard peer add public-key endpoint allowed-ip port persistent-keepalive [keepalive_interval]
> vpp# *peer_idx*
Add routes for allowed-ip:
~~~~~~~~~~~~~~~~~~~~~~~~~~
::
> ip route add via
Show config
~~~~~~~~~~~
::
> vpp# show wireguard interface
> vpp# show wireguard peer
Remove peer
~~~~~~~~~~~
::
> vpp# wireguard peer remove
Delete interface
~~~~~~~~~~~~~~~~
::
> vpp# wireguard delete
Main next steps for improving this implementation
-------------------------------------------------
1. Use all benefits of VPP-engine.
2. Add peers roaming support