Help Center
WireGuard FAQ
-
What is WireGuard?
WireGuard is a new VPN protocol that utilizes “state-of-the-art” cryptography. It was designed to be faster, simpler, and considerably more performant compared to other VPN protocols. If you wish to learn more about it, visit the WireGuard website.
-
Which OS/Platforms are supported by WireGuard?
WireGuard is available on our Windows, macOS, Linux, iOS & Android clients.
On desktop apps, WireGuard can be selected in the IVPN app’s
Settings/Preferences
area -Connection
tab. On mobile apps, navigate toSettings
-VPN Protocol
area.If you would like to configure WireGuard on a native WireGuard app or WireGuard client on your router, see our manual setup guides here.
-
What cryptography is used in WireGuard?
WireGuard utilizes the following protocols and primitives:
ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539's AEAD construction
Curve25519 for ECDH
BLAKE2s for hashing and keyed hashing, as described in RFC7693
SipHash for hashtable keys
HKDF for key derivation, as described in RFC5869
Noise_IK handshake from Noise, building on the work of CurveCP, NaCL, KEA+, SIGMA, FHMQV, and HOMQV
All packets are sent over UDP -
How resilient is a WireGuard connection?
WireGuard is built for roaming. If your device changes networks, e.g. from Wi-Fi to a mobile/cellular, the connection will persist because as long as the client sends correctly authenticated data to our WireGuard VPN server, the server keeps the connection alive.
-
What ports do you use for WireGuard?
UDP 53 UDP 80 UDP 443 UDP 1194 UDP 2049 UDP 2050 UDP 30587 UDP 41893 UDP 48574 UDP 58237
-
What IP addresses are issued for WireGuard connections?
The IP address is randomly assigned from
172.16.0.0/12
range. -
Which servers can I connect to with WireGuard?
The full list of our WireGuard servers can be viewed on the server status page.
-
How many devices can I connect with WireGuard?
Two on the Standard and seven on the Pro plan.
-
Do I need to manually create and add public key in the Client Area when adding a new device?
No, when using the IVPN app keys are automatically generated and the public key is uploaded to our server the moment you select the WireGuard protocol in the app.
If you are not using an IVPN app, you can also generate and download a WireGuard configuration file in the Account Area using a key pair you have manually generated on your device or a key pair generated by us.
-
How do I verify that I am connected?
Our website shows a connection status at the top of the page or inside the ‘Menu’ on mobile devices. There is a green ‘Connected’ or a red ‘Disconnected’ dot, which indicates your status. Another way to ensure that you are properly connected to IVPN is to simply visit the DNS leak test website. As long as you see the revealed location matches the selected IVPN server & the IP address is different from the one provided by your ISP - this gives you reasonable assurance that your traffic is routed through the VPN service.
-
Does WireGuard support IPv6?
Yes.
-
Can I use Multi-hop with WireGuard?
Yes.
-
What DNS server is used when connecting with WireGuard?
We provide our own, secure and logless DNS server which is pushed and applied automatically to your device when you connect. The IP address of the standard DNS server is
172.16.0.1
. The AntiTracker DNS address is10.0.254.2
. The AntiTracker’s Hardcore Mode DNS address is10.0.254.3
.
Related Articles
- How many IPs do you have (in total or per server)?
- Why is the location of the server not accurate?
- How to verify Warrant Canary signature?
- How many devices or simultaneous connections can I have to IVPN?
- Device Management FAQ
Still have questions?
Get in touch and we'll get back to you in a few hours.
Contact supportInterested in privacy?
Read our latest privacy news and keep up-to-date on IVPN services.
Visit IVPN Blog