WireGuard

Comprehensive WireGuard Analysis: The research performed a unified symbolic analysis of the WireGuard protocol (including WireGuard with cookies) using three tools (ProVerif, Tamarin, and Seic+), going beyond previous analyses in scope and depth of the threat model.

Threat Model Enhancements: The analysis incorporated a more comprehensive threat model than previous work, including:
- Read and write access to all keys.
- Pre-computation vulnerability: Modeling the impact of pre-computed values stored in memory, showing that its compromise can be as detrimental as private key compromise.

Security Property Verification: The analysis verified three key security properties:
- Message agreement.
- Key secrecy (including perfect forward secrecy).
- Anonymity.

Key Findings Regarding Security Properties:
- Compromise of initial static key distribution severely impacts all security properties.
- Compromise of the pre-shared key (PSK) jeopardizes all security properties; the PSK should be mandatory, not optional.
- The pre-computation significantly weakens security in some cases, mirroring the impact of private key compromise; its removal is recommended.
- WireGuard does not provide anonymity as claimed. Attacks were identified leveraging MAC values in the first two messages, revealing initiator and responder identities.

Proposed Anonymity Fixes: Three fixes for the anonymity flaws are proposed: removing MACs entirely or modifying the MAC computation to incorporate a secret key known only to the initiator and responder. These fixes have been formally verified.

Recommendations:
- Users should always use a pre-shared key.
- Secure initial static key distribution is crucial.
- Users should not rely on WireGuard for anonymity.
- Stakeholders should remove the pre-computation step to enhance security and address the anonymity vulnerabilities.

Methodology: The use of multiple tools (ProVerif and Tamarin, with Seic+ as a bridge) provided faster results from ProVerif and a more in-depth threat model analysis from Tamarin. The models and results are publicly available.

WireGuard is a new, fast, and simple VPN protocol now integrated into the Linux kernel (version 5.4 and later).

Installation on Ubuntu is straightforward using the apt package manager:
sudo apt install wireguard

Configuration involves generating private and public keys using wg genkey and wg pubkey.

The server and client configurations are managed through text files (e.g., wg0.conf), specifying private keys, IP addresses, listening ports, and peer public keys.

To route all client traffic through the VPN, use AllowedIPs = 0.0.0.0/0 in the client configuration. The server needs IP forwarding enabled (/proc/sys/net/ipv4/ip_forward = 1).

A persistent keep-alive setting (e.g., PersistentKeepalive = 30) is recommended to prevent connection drops caused by firewalls or NAT devices.

The server needs to explicitly allow the client by adding the client's public key and allowed IPs to the server's configuration using wg set.

WireGuard uses UDP, which is stateless, so the keep-alive setting is crucial for maintaining the connection.

Flexible configuration options allow for routing only specific traffic through the VPN, rather than all traffic.

00:00 Introduction
01:50 Installation on server & client
02:50 Create private and public server keys
04:24 Configure server interface
07:00 Create private and public client keys
07:34 Configure client interface
10:55 Add Client peer to the server configuration
12:03 Configure persistent keep-alive
13:58 Test the connection via ping
14:30 Configure the server to forward network packets
16:05 How to change clients traffic routing
17:10 Summary

---

💡 Support the creator: Patreon - Christian Lempa