Skip to content

Bitcoin accepted at checkout  |  Ships from Laval, QC, Canada  |  Expert support since 2016

WireGuard

Digital Sovereignty

Definition

WireGuard is a modern VPN protocol designed for simplicity, speed, and a small, auditable codebase. It creates an encrypted tunnel between devices over UDP, letting a sovereign Bitcoiner reach a home node, miner dashboard, or private network securely from anywhere, as though plugged into the local switch. Its lean design, a few thousand lines of core code where older VPN stacks run to hundreds of thousands, made it popular enough to be merged into the Linux kernel, and it has become the default answer to a recurring question in this community: how do I get to my own machines without exposing them to the internet?

The protocol was created by security researcher Jason Donenfeld and spent years as a well-regarded outsider before its merge into Linux kernel 5.6 in 2020 made it a first-class citizen of the operating system most nodes and miners already run. Implementations now cover every mainstream platform, and the codebase's small size remains its quietest security feature: a reviewer can realistically read all of it, which is a claim no legacy VPN stack can make. The kernel's own maintainer publicly praised its clarity in the run-up to the merge, a rare endorsement in a field that usually earns scorn.

Cryptography without a menu

Rather than negotiating from a menu of ciphers, WireGuard fixes a single modern suite. It uses the Noise protocol framework for its handshake, Curve25519 for key exchange, ChaCha20-Poly1305 for authenticated encryption, BLAKE2s for hashing, and SipHash for internal table keys. There are no cipher-suite downgrade tricks and no legacy modes, because there is nothing to negotiate; if the protocol's primitives are ever broken, the fix is a new protocol version, not a config flag. This deliberate lack of configurability removes whole categories of misconfiguration that plagued older VPNs. It communicates over UDP, commonly on port 51820, and a peer that receives packets it cannot authenticate simply stays silent, so a WireGuard port reveals nothing to a scanner.

Cryptokey routing

WireGuard's defining idea is cryptokey routing: each peer is identified by its public key, and that key is bound to the list of tunnel IP addresses the peer is allowed to use. An outbound packet is encrypted to whichever peer owns its destination address; an inbound packet is accepted only if it decrypts under the key authorized for its source address. Identity and routing become the same thing, which collapses the usual pile of certificates, user databases, and access rules into one compact mapping. Keys are short enough to paste into a chat, and a full working configuration fits on a screen, which is much of why the protocol spread through the self-hosting world so quickly.

The sovereignty pattern

The canonical deployment for a node runner is to expose exactly one UDP port at home, or none at all if an outbound-only topology is used, and tunnel into everything else. Your node's web interface, your miner's management page, and your files never touch the public internet; they are reachable only inside the tunnel. This replaces risky port forwarding for each service with a single hardened entry point, simplifies firewall rules to a one-line allow, and works even where carrier-grade NAT complicates inbound access, since a small rented relay or a hub-and-spoke layout gets around it. Full mesh overlays built on the same primitives are covered under mesh VPN, and the broader philosophy, own your infrastructure and minimize what you expose, runs through our sovereignty section. For remote hands on a mining fleet, it is hard to overstate the comfort of knowing the only thing listening is a protocol that does not answer strangers.

In Simple Terms

WireGuard is a modern VPN protocol designed for simplicity, speed, and a small, auditable codebase. It creates an encrypted tunnel between devices over UDP, letting…

Explore the Full Glossary

Browse all Bitcoin mining terms from A to Z. Whether you are a beginner or expert, deepen your understanding of the mining ecosystem.

Mining Glossary

ASIC Miner Database

Compare 500+ miners with real-time profitability data, home mining scores, and detailed specs.

Compare Miners