WireGuard

Proto: protos/proto/vx/proxy/wireguard/config.proto

WireGuard is used only as an outbound DeviceConfig (this proto has no *ServerConfig).

DeviceConfig

secretKey

string

Local interface private key (WireGuard key format)

endpoint

string[]

Device-level endpoint host list (optional)

peers

PeerConfig[]

Remote peers; see PeerConfig

mtu

int32

TUN interface MTU

numWorkers

int32

Number of encryption worker threads

reserved

bytes

WireGuard protocol reserved bytes (3 bytes, used to bypass blocking)

noKernelTun

bool

When true, use userspace TUN only; do not use kernel WireGuard

{
  "@type": "type.googleapis.com/vx.proxy.wireguard.DeviceConfig",
  "secretKey": "...",
  "isClient": true,
  "peers": [
    {
      "publicKey": "...",
      "endpoint": "vpn.example.com:51820",
      "allowedIps": ["0.0.0.0/0", "::/0"]
    }
  ]
}

PeerConfig

publicKey

string

Peer public key

preSharedKey

string

Optional pre-shared key (PSK)

endpoint

string

Peer endpoint host:port

keepAlive

uint32

Persistent keepalive interval (seconds)

allowedIps

string[]

List of IP CIDRs routed through this peer

Outbounds
TCP header masking — wireguard header type

WireGuard

DeviceConfig

PeerConfig

Comments

On this page

WireGuard

DeviceConfig

PeerConfig

Related

Comments

On this page