Use WireGuard with AzireVPN beta

WireGuard is a modern VPN with state of the art formally verified cryptography while being extremely minimal and fast.

  • Small attack surface

    Less code means WireGuard is easily auditable and has a small attack surface. This is a huge improvement versus other VPN protocols.

    • WireGuard ~4k LoC
    • StrongSwan ~405k LoC
    • OpenVPN ~100k LoC
  • High performance

    Our tests on different devices has shown WireGuard to be superior when it comes to speed. ChaCha20Poly1305 performs extremely well.

    • ChaCha20 for encryption
    • Poly1305 for authentication
    • Curve25519 for ECDH

WireGuard with AzireVPN is currently free for everyone

Everything has been running smoothly so far, and we are now interested in testing our WireGuard infrastructure at larger scale. We have therefore decided to open up our WireGuard servers for free. Simply sign up to connect to all of our WireGuard endpoint locations!


WireGuard Pilot

WireGuard is still in development but is looking so promising that we are eager to let our users try it out already. We have developed an API for key distribution and are looking into adding WireGuard to our client. At the moment, this protocol can only be used on Linux, but support for Windows and macOS is coming soon.

Setup WireGuard - azirevpn-wg script (recommended)

Step 1: Install WireGuard by following the official instructions

Step 2: Run our configuration script

curl -LO https://www.azirevpn.com/dl/azirevpn-wg.sh && chmod +x ./azirevpn-wg.sh && ./azirevpn-wg.sh

Step 3: Turn on WireGuard

wg-quick up azirevpn-se1

azirevpn-wg.sh sha256 checksum: e8a586bb168b927064e6fa9530f95efd0a8b8465f7d6f95efe9a2c26ad7e57de


Manual Configuration without Script

If you for some reason do not want to use our script which create a configuration file for you then this guide is for you.

We will start by using the wg(8) tool to generate private and public keys as seen in the example below.

AzireVPN conf file

wg genkey | tee privatekey | wg pubkey > publickey
cat privatekey
65G7oyb9jGxFXSCceTuFPHjjbPF2WVOCeNJ1SgPzzWk=
cat publickey
oP4Hdje7viyO+6Hz6QKQgHqD55w+Km9uZ0shmTFU0GI=

You are now ready to authenticate to our service by sending your login credentials and public key. As seen in the example below, we use curl to post the data to our WireGuard server in Stockholm.

API request

curl -d username=REPLACE --data-urlencode password=REPLACE --data-urlencode pubkey=REPLACE https://api.azirevpn.com/v1/wireguard/connect/se1
{ "status": "success", "data": { "DNS": "193.180.164.2, 2a03:8600:1001::2", "Address": "10.18.1.182/24, 2a03:8600:1001:1080::10b4/64", "PublicKey": "bdR5gm5vcrm9N9I7BeQqHOgrmQApSGIe9qc1homBjk8=", "Endpoint": "193.180.164.60:51820" } }

Now that our service has your public key we can begin to setup the interface on your computer.

In this guide we'll be using the utility wg-quick(8) to help us setup our interface.

Let's start by creating a configuration file in /etc/wireguard/ folder. Name it azirevpn-se1.conf and include the example below but replace the data with the one you got in our curl response.

/etc/wireguard/azirevpn-se1.conf example file

[Interface] PrivateKey = 65G7oyb9jGxFXSCceTuFPHjjbPF2WVOCeNJ1SgPzzWk= DNS = 193.180.164.2, 2a03:8600:1001::2 Address = 10.18.1.182/24, 2a03:8600:1001:1080::10b4/64 [Peer] PublicKey = bdR5gm5vcrm9N9I7BeQqHOgrmQApSGIe9qc1homBjk8= Endpoint = 193.180.164.60:51820 AllowedIPs = 0.0.0.0/0, ::/0

The commands below show you how to connect and disconnect your interface.

  • Start WireGuard

    wg-quick up azirevpn-se1
  • Stop WireGuard

    wg-quick down azirevpn-se1

For a more detailed response from our API, add list=1, and you will get a response as seen below.

API request

curl -d list=1 -d username=REPLACE --data-urlencode password=REPLACE --data-urlencode pubkey=REPLACE https://api.azirevpn.com/v1/wireguard/connect/se1
{ "status": "success", "data": { "endpoint_pubkey": "cfaaJyh8e2vf1hK8A/GT1FMXO8oO1H7uosOhlZMWDSM=", "endpoint_ipv4_dns_addr": "193.180.164.2", "endpoint_ipv4_dns_port": 53, "endpoint_ipv6_dns_addr": "2a03:8600:1001::2", "endpoint_ipv6_dns_port": 53, "endpoint_ipv4_addr": "193.180.164.60", "endpoint_ipv4_port": 51820, "endpoint_ipv6_addr": "2a03:8600:1001:1337::1081", "endpoint_ipv6_port": 51820, "ipv4_addr": "193.180.164.115", "ipv4_gw": "193.180.164.113", "ipv4_addr_netmask": 28, "ipv6_addr": "2a03:8600:1001:1080::1001", "ipv6_gw": "2a03:8600:1001:1060::1", "ipv6_addr_netmask": 64, "ipv6_pd": "2a03:8600:100c::", "ipv6_pd_netmask": 56 } }

Resources

"WireGuard" is a registered trademark of Jason A. Donenfeld.