> Quick Start Demo FAQ More Code Bluesky X

🔌 wireplug

Seamless roaming for WireGuard®

wireplug is a connectivity coordinator for roaming WireGuard peers. It allows anyone to establish a secure mesh VPN.


Highlights

Quick Start

Install on macOS

wireplug currently relies on Cargo for installation: 
$ brew install rust wireguard-go
$ cargo install --git https://github.com/alpn/wireplug --tag v0.1.0 wireplugd
Use wireplugd to create a config file with a randomly generated private key: 
# This requires root access to write the config file to /etc
$ sudo wireplugd wg0 --generate-config

The public key associated with your new private key will also appear in the config file.

  • Share this public key with your peers.
  • Edit the config file at /etc/wireplugd.wg0 as needed.
Finally, start wireplugd:

$ sudo wireplugd wg0

Install on Linux

wireplug currently relies on Cargo for installation: 
$ cargo install --git https://github.com/alpn/wireplug --tag v0.1.0 wireplugd
Use wireplugd to create a config file with a randomly generated private key: 
# This requires root access to write the config file to /etc
$ sudo wireplugd wg0 --generate-config
The public key associated with your new private key will also appear in the config file.
  • Share this public key with your peers.
  • Edit the config file at /etc/wireplugd.wg0 as needed.
Create a new WireGuard interface: 
$ sudo ip link add dev wg0 type wireguard
Finally, start wireplugd:

$ sudo wireplugd wg0

Install on Windows

# TODO

Install on OpenBSD

wireplug currently relies on Cargo for installation: 
$ cargo install --git https://github.com/alpn/wireplug --tag v0.1.0 wireplugd
Follow the example in man 4 wg to create a new WireGuard interface using ifconfig(8) and hostname.if(5). You don't need to specify values for wgport, wgpka, and wgendpoint. Once the interface is created, run the following command to retrieve the public key associated with your new private key (wgpubkey): 
$ doas ifconfig wg0 | grep 'wgpubkey' | cut -d ' ' -f 2
Share this public key with your peers.
Finally, start wireplugd: 
$ doas wireplugd wg0

Demo

FAQ

How Does It Work?

Each device on the network runs a lightweight background daemon that monitors network changes. When a change is detected, it updates other peers through a central coordination server. The daemon will handle connectivity hurdles like NAT traversal and will connect peers locally whenever they are on the same network. Network participants can roam freely between networks and geographic locations while maintaining their peer-to-peer connectivity.

How Is This Different From X?

Most existing projects in this space are run by VC-funded companies and have different goals. Some of them offer an open-source client, but not the server. All of them require creating an account which is subject to ever-changing terms and conditions. wireplug, on the other hand, sees itself as a foundational, free, internet infrastructure, more akin to Root DNS servers and IXPs than a startup company. Its goal is to allow individuals and small teams to use the internet as it was originally intended, in a distributed, peer-to-peer manner. It focuses on simplicity and understandability, very much in the spirit of WireGuard itself.

Who Is This For?

wireplug is geared toward WireGuard users who want to continue having full control over their keys and network topology, but also be able to roam freely between networks. wireplug makes this possible by handling NAT traversal and automatic endpoint updating.

Can I Self-Host It?

Of course. By default, wireplug connects to a coordination server run by wireplug.org. Users may choose to run their own instances, but a special effort has been made so they never have to. The protocol is deliberately simple and was designed so that clients share only the absolutely necessary information with the coordination server.


Stay updated

We share project news and announcements across these channels:

Need More?

The service is free and open to use. For teams that require additional support, we offer paid consulting, training and workshops, and custom development to help fund ongoing development and maintenance. Contact us for details.

WireGuard® is a registered trademark of Jason A. Donenfeld. wireplug is not an official WireGuard project.
Copyright © 2026. All rights reserved.