defguard_wireguard_rs is a multi-platform Rust library providing a unified high-level API for managing WireGuard interfaces using native OS kernel and userspace WireGuard protocol implementations. It can be used to create your own WireGuard™️ VPN servers or clients for secure and private networking.

It was developed as part of defguard security platform and used in the gateway/server as well as desktop client.

Supported platforms

• Native OS Kernel: Linux, FreeBSD (and pfSense/OPNSense), Windows
• Userspace using wireguard-go - Linux, macOS, FreeBSD

Unique features

• Peer routing - see WGApi docs.
• Configuring DNS resolver - see WGApi docs.
  • On FreeBSD network interfaces are managed using ioctl.
  • On Linux, handle network routing using netlink.
  • fwmark handling

Windows support

Please note that WireGuard needs to be installed on Windows with commands wg and wireguard available to be called from the command line.

Note on wireguard-go

If you intend to use the userspace WireGuard implementation you should note that currently the library assumes that the wireguard-go binary will be available at runtime. There are some sanity checks when instantiating the API, but installing it is outside the scope of this project.

Examples

• Client: https://github.com/DefGuard/wireguard-rs/blob/main/examples/client.rs
• Server: https://github.com/DefGuard/wireguard-rs/blob/main/examples/server.rs

Documentation

See the documentation for more information.

Community and Support

Find us on Matrix: #defguard:teonite.com

Contribution

Please review the Contributing guide for information on how to get started contributing to the project. You might also find our environment setup guide handy.

Legal

WireGuard is registered trademarks of Jason A. Donenfeld.