defguard_wireguard_rs is a multi-platform Rust library providing a unified high-level API for managing WireGuard interfaces using native OS kernel and userspace WireGuard protocol implementations. It can be used to create your own WireGuard:tm: VPN servers or clients for secure and private networking.
It was developed as part of defguard security platform and used in the gateway/server as well as desktop client.
- Native OS Kernel: Linux, FreeBSD (and pfSense/OPNSense), NetBSD, Windows
- Userspace: Linux, macOS, FreeBSD, NetBSD
- Peer routing - see WGApi docs.
- Configuring DNS resolver - see WGApi docs.
- On FreeBSD network interfaces are managed using ioctl.
- On Linux, handle network routing using netlink.
- fwmark handling
Please note that WireGuard-NT dll file has to be placed under resources-windows/binaries/wireguard.dll path relative to your binary.
For Windows development you'll need:
- The
stable-x86_64-pc-windows-gnuRust toolchain. Userustupto change the toolchain:
rustup install stable-x86_64-pc-windows-gnu
rustup default stable-x86_64-pc-windows-gnu
-
Install MSYS2
-
Then run this in the MSYS2 terminal:
pacman -S --needed base-devel mingw-w64-ucrt-x86_64-toolchain mingw-w64-ucrt-x86_64-nasm
- Finally add msys to your PATH:
# cmd
set PATH=C:\msys64\ucrt64\bin;%PATH%
# power-shell
$env:PATH = "C:\msys64\ucrt64\bin;" + $env:PATH
More info can be found here.
- Client: https://github.com/DefGuard/wireguard-rs/blob/main/examples/client.rs
- Server: https://github.com/DefGuard/wireguard-rs/blob/main/examples/server.rs
See the documentation for more information.
Reach out to our community via GitHub Discussions
Please review the Contributing guide for information on how to get started contributing to the project. You might also find our environment setup guide handy.
WireGuard® is registered trademarks of Jason A. Donenfeld.
