By structure, WireGuard is a decentralized peer-to-peer (peer) VPN protocol . Instead of requiring a server, WireGuard can directly tunnel between two computers. What we could consider a WireGuard server is simply a device in which connection configurations have been made for various peers .
Establishing the connection with WireGuard works in a similar way to that of Secure Shell (SSH): users ( peers ) generate public keys with WireGuard and exchange them with each other. Thanks to them they can identify each other and encrypt the data packets for their corresponding recipient.
In addition to the generation of cryptographic keys, different network elements must be configured on each peer side (below, our manual for configuring WireGuard gives more details about this). In order to exchange data, in the peers the ranges of allowed IP addresses are linked with the public keys . Packets that do not come from the allowed address ranges are discarded. Sending data with WireGuard is done through the User Datagram Protocol (UDP).
Configuration is performed on a peer's computer using the WireGuard command line tool and other applications available by default on Linux. Arguably software setup is relatively easy, but WireGuard only works as a foundation: to continue through the setup and connection establishment steps, the user can turn to a protocol-based app for help. Thus, users of commercial VPN services can also enjoy the modern VPN protocol without the need for a command line interface.