PRODUCTS

wolfGuard FIPS 140-3 Enable WireGuard

wolfGuard is a FIPS-compliant refactor of the WireGuard VPN, built using wolfCrypt’s FIPS 140-3 validated cryptography. It covers both the Linux kernel implementation and the WireGuard Go user space version. Designed as a transparent drop-in replacement, wolfGuard preserves the simplicity and performance of WireGuard while upgrading it with security that meets federal and regulated-industry requirements. It achieves this without requiring architectural changes and can coexist with traditional WireGuard on the same systems.

Please email us at facts@wolfssl.com with any questions or to learn more about FIPS 140-3 enabled WireGuard.

Download Now

Get the latest open source GPLv2 version now!

View README

Highlights

  • FIPS 140-3 backed cryptography via wolfCrypt
  • Drop-in replacement – no architectural or usage changes required
  • Can coexist with WireGuard on the same system
  • Performance boost with hardware acceleration (AES-GCM + SHA-256)
  • wolfGuard Linux (via wolfSSL kernel module)
  • wolfGuard Go (via wolfSSL’s Go bindings go-wolfssl)
  • Backed by commercial support and wolfSSL’s expertise
  • Runs in any environment that traditional WireGuard can run

Features

  • Secure tunneling service using FIPS-approved algorithms
  • Supports both kernel and user-space deployments
  • Compliance with FIPS 140-3, FedRAMP & CMMC 2.0
  • Authenticated, encrypted remote access
  • Algorithm replacements
    • Curve25519 → SECP256R1
    • XChaCHa20-Poly1305 → AES-256-GCM
    • Blake2s-HMAC → SHA-256-HMAC
    • SipHash → SHA-256
    • ChaCha20-DRBG → SHA-256 Hash-DRBG