1. What is WireGuard?

    WireGuard is a new VPN protocol that utilizes “state-of-the-art” cryptography. It was designed to be faster, simpler and considerably more performant compared to other VPN protocols. If you wish to learn more about it, visit the WireGuard website.

  2. Which OS/Platforms are supported by WireGuard?

    WireGuard is available on our Windows, macOS (10.14+), iOS & Android clients. You can also connect using most of the Linux distros. Setup guides can be found in the Client Area - VPN Accounts - WireGuard tab.

  3. What cryptography is used in WireGuard?

    WireGuard utilizes the following protocols and primitives:

    ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction
    Curve25519 for ECDH
    BLAKE2s for hashing and keyed hashing, as described in RFC7693
    SipHash24 for hashtable keys
    HKDF for key derivation, as described in RFC5869
    Noise_IK handshake from Noise, building on the work of CurveCP, NaCL, KEA+, SIGMA, FHMQV, and HOMQV
    All packets are sent over UDP
  4. How resilient is a WireGuard connection?

    WireGuard is built for roaming. If your device changes networks, e.g. from WiFi to a mobile/cellular, the connection will persist because as long as the client sends correctly authenticated data to our WireGuard VPN server, the server keeps the connection alive.

  5. What ports do you use for WireGuard?

    UDP 2049
    UDP 2050
    UDP 53
    UDP 30587
    UDP 41893
    UDP 48574
    UDP 58237
  6. What IP addresses are issued for WireGuard connections?

    The IP address is randomly assigned from range.

  7. Which servers I can connect to with WireGuard?

    The full list of our WireGuard servers can be viewed in the Client Area - VPN Accounts - WireGuard tab - WireGuard Server List page or in our native client’s server selection area when WireGuard is enabled.

  8. How many devices I can connect with WireGuard?

    2 on the Standard and 7 on the Pro plan.

  9. Do I need to manually create and add public key in the Client Area when adding a new device?

    When using our native clients for Windows, macOS, iOS & Android, public keys are generated automatically the moment you select WireGuard protocol. They can be viewed & regenerated directly from the ‘WireGuard’ section within the IVPN client Settings area & deleted in the Client Area - VPN Accounts - WireGuard tab - WireGuard Key Management page.

    For Linux, keys can be obtained via the following command:

    $ wg genkey | tee privatekey | wg pubkey > publickey
  10. What happens if I delete a public key?

    If you purposefully or accidentally deleted public keys from the Client Area, new keys will be automatically generated upon selecting the WireGuard protocol in the IVPN Client.

    In case the public key was deleted while your device was connected to one of the WireGuard servers, the IVPN Client will stay connected, however, you will have no internet access. You will need to disconnect and either relog into the IVPN client or click on the ‘Re-generate Keys’ button under the ‘WireGuard’ details/configuration area.

    Linux users can generate a new pair of keys via the following command:

    $ wg genkey | tee privatekey | wg pubkey > publickey

    Your new public key has to be manually added in the Client Area - VPN Accounts - WireGuard tab - WireGuard Key Management page.

  11. How do I verify that I am connected?

    Our website shows a connection status at the top of the page or inside the 'Menu' on mobile devices. There is a blue 'Connected' or a red 'Disconnected', which indicates your status. Another way to ensure that you are properly connected to IVPN is to simply visit the dns leak test website. As long as you see the revealed location matches the selected IVPN server & the IP address is different to the one provided by your ISP - this gives you reasonable assurance that your traffic is routed through the VPN service.

  12. Does Port Forwarding work with WireGuard?

    Port Forwarding cannot be used with WireGuard at this time.

  13. Does WireGuard support IPv6?

    IVPN does not support IPv6 across any VPN protocols, WireGuard included.

  14. Can I use Multihop with WireGuard?

    Multihop is not available when used with WireGuard at this time.

  15. What DNS server is used when connecting with WireGuard?

    We provide our own, secure and absolutely logless DNS server which is pushed and applied automatically to your device when you connect. The IP address of the DNS server is