WireGuard
What is WireGuard?
WireGuard is a modern, lightweight, and high-performance VPN protocol designed to create secure point-to-point connections. It uses state-of-the-art cryptography and is known for its simplicity, speed, and ease of deployment.
Why is WireGuard important?
Fast and Efficient – Minimal codebase and optimized performance make it faster than traditional VPNs like IPsec or OpenVPN.
Secure – Uses modern cryptographic primitives like Curve25519, ChaCha20, and Poly1305.
Cross-Platform – Works on Linux, Windows, macOS, Android, and iOS.
Easy to Configure – Simple configuration using public/private key pairs.
How WireGuard works (in simple steps):
Each device (peer) generates a public/private key pair.
Devices exchange public keys and configure allowed IPs.
A secure tunnel is established using the exchanged keys.
Encrypted packets are sent directly between peers using UDP.
Where is WireGuard used?
Remote Access VPNs for employees and developers.
Site-to-Site VPNs between branch offices or data centers.
Cloud Networking to securely connect cloud instances.
IoT and Embedded Devices due to its lightweight design.
Mobile Devices for secure and battery-efficient VPN connections.
Which OSI Layer does this protocol belong to?
WireGuard operates at the Network Layer (Layer 3) because: * It encapsulates IP packets (IPv4/IPv6) directly. * It handles routing and IP-level communication between peers. * It is protocol-agnostic and works below the transport layer.
Is WireGuard Windows specific?
No, WireGuard is not Windows-specific.
WireGuard is a cross-platform VPN protocol that supports Windows, Linux, macOS, iOS, and Android.
It is available as a kernel module on Linux and as a software package for other operating systems.
Is WireGuard Linux specific?
No, WireGuard is not Linux-specific.
While WireGuard was initially developed for Linux, it has since been ported to other platforms, including Windows, macOS, iOS, and Android.
It is natively supported as a kernel module on Linux, but it is available for other operating systems via software packages.
Which Transport Protocol is used by WireGuard?
WireGuard uses UDP (User Datagram Protocol) as its transport protocol.
UDP is preferred for its low latency and minimal overhead, making WireGuard highly efficient for VPN connections.
Which Port is used by WireGuard?
By default, WireGuard uses UDP port 51820.
This can be customized depending on the configuration, but port 51820 is the standard port for WireGuard communications.
Is WireGuard using Client-server model?
Yes, WireGuard uses the client-server model.
The WireGuard client establishes a secure, encrypted connection to a WireGuard server.
Once the connection is established, data is transmitted securely between the client and server.
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
WireGuard Version |
RFC |
Year |
Core Idea / Contribution |
|---|---|---|---|
WireGuard Protocol |
|||
RFC 9381 |
2023 |
Official specification of the WireGuard protocol as a VPN tunneling protocol using modern cryptography. |
|
Cryptographic Framework |
|||
N/A |
2018+ |
Based on the Noise Protocol Framework, which defines secure key exchange and encryption. |
|
UDP Transport |
|||
N/A |
WireGuard operates over UDP (default port 51820), not defined in a separate RFC. |
||
Linux Kernel Support |
|||
N/A (mainline) |
2020 |
Integrated into the Linux kernel (v5.6+), improving performance and native support. |
|
Cross-Platform Support |
|||
N/A |
Ongoing |
Implementations available for Windows, macOS, Android, iOS, and BSD systems |
Setup
Setup
Handshake Initiation
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
Handshake Initiation |
Sent by the client to initiate a secure session with the server. |
~148 bytes |
Message Type |
Identifies this as a handshake initiation message. |
1 |
|
Sender Index |
Random identifier for the initiating peer. |
4 |
|
Ephemeral Public Key |
Used for key exchange (Curve25519). |
32 |
|
Encrypted Static Public Key |
Clients static public key encrypted with servers public key. |
48 |
|
Encrypted Timestamp |
Prevents replay attacks. |
12 |
|
MACs |
Message authentication codes for validation. |
32 + 16 |
Handshake Response
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
Handshake Response |
Sent by the server in response to the initiation message |
~92 bytes |
Message Type |
Identifies this as a handshake response message |
1 |
|
Sender Index |
Random identifier for the responding peer |
4 |
|
Receiver Index |
Matches the clients sender index |
4 |
|
Ephemeral Public Key |
Servers ephemeral key for key exchange |
32 |
|
Encrypted Empty |
Used to finalize key confirmation |
16 |
|
MAC |
Message authentication code |
16 |
Cookie Reply
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
3 |
Cookie Reply |
Sent when a peer is under DoS attack to validate the sender |
~64 bytes |
Message Type |
Identifies this as a cookie reply message |
1 |
|
Receiver Index |
Matches the sender index of the peer |
4 |
|
Nonce |
Random value used in encryption |
24 |
|
Encrypted Cookie |
Encrypted token to validate sender |
32 |
Transport Data Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
4 |
Transport Data Packet |
Carries encrypted IP packets between peers after handshake |
Variable |
Message Type |
Identifies this as a transport data message |
1 |
|
Receiver Index |
Identifies the receiving peer |
4 |
|
Counter |
Prevents replay attacks |
8 |
|
Encrypted Payload |
Encrypted IP packet (IPv4/IPv6) |
Variable |
S.no |
Use Case |
Description |
|---|---|---|
1 |
Secure Remote Access |
Enables employees or users to securely connect to internal networks from remote locations. |
2 |
Site-to-Site VPN |
Connects multiple office or data center networks securely over the internet. |
3 |
Cloud Networking |
Establishes secure tunnels between cloud instances or between on-prem and cloud environments. |
4 |
Mobile VPN |
Provides fast, battery-efficient VPN connections for mobile devices (Android, iOS). |
5 |
IoT and Embedded Devices |
Ideal for lightweight, secure communication between IoT devices due to its minimal codebase. |
6 |
Developer Environments |
Used by developers to securely access test environments, CI/CD pipelines, or internal APIs. |
7 |
Privacy Protection |
Encrypts internet traffic to protect user privacy on public or untrusted networks. |
8 |
Mesh Networking |
Supports peer-to-peer encrypted communication in decentralized or mesh network setups. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Modern Cryptography |
Uses state-of-the-art cryptographic primitives like Curve25519,ChaCha20, Poly1305, BLAKE2s. |
2 |
Simplicity |
Minimal codebase (~4,000 lines), making it easier to audit and maintain. |
3 |
High Performance |
Designed for speed and low latency, outperforming traditional VPN protocols like IPsec and OpenVPN. |
4 |
Stateless Design |
No connection tracking; each packet is independent, improving security and scalability. |
5 |
UDP-Based Transport |
Operates over UDP, reducing overhead and improving NAT traversal. |
6 |
IP Layer Tunneling |
Encapsulates IP packets (IPv4/IPv6), functioning at OSI Layer 3. |
7 |
Key-Based Authentication |
Uses public/private key pairs for peer authentication instead of usernames/passwords. |
8 |
Roaming Support |
Seamlessly handles IP address changes without dropping the connection. |
9 |
Cross-Platform Compatibility |
Available on Linux, Windows, macOS, Android, iOS, and embedded systems. |
10 |
Easy Configuration |
Simple configuration using a single file per peer with clear syntax. |
Modern Cryptography - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Interface Initialization |
Start WireGuard interface |
Interface is up and running |
2 |
Key Generation |
Generate private/public key pair |
Keys are generated successfully |
3 |
Config File Validation |
Load valid config file |
No errors, config accepted |
4 |
Invalid Config File |
Load malformed config |
Error or rejection |
5 |
Peer Addition |
Add a peer to config |
Peer added successfully |
6 |
Handshake Initiation |
Initiate handshake with peer |
Handshake completes |
7 |
Handshake Failure |
Use wrong public key |
Handshake fails |
8 |
Data Transmission |
Send encrypted data |
Data received and decrypted |
9 |
Replay Attack Test |
Replay old packet |
Packet dropped |
10 |
Packet Tampering |
Modify encrypted packet |
Packet rejected |
11 |
MTU Size Test |
Send large packets |
Packets fragmented or dropped |
12 |
Interface Down |
Bring interface down |
Traffic stops |
13 |
Interface Up |
Bring interface up |
Traffic resumes |
14 |
Persistent Keepalive |
Enable keepalive |
Periodic packets sent |
15 |
No Keepalive |
Disable keepalive |
No periodic packets |
16 |
IP Address Assignment |
Assign IP to interface |
IP assigned successfully |
17 |
Route Injection |
Add route via WireGuard |
Route added |
18 |
Route Removal |
Remove route |
Route removed |
19 |
DNS Resolution |
Use DNS over VPN |
DNS queries resolved |
20 |
DNS Leak Test |
Check for DNS leaks |
No leaks detected |
21 |
IPv6 Support |
Use IPv6 addresses |
IPv6 traffic routed |
22 |
IPv4 Support |
Use IPv4 addresses |
IPv4 traffic routed |
23 |
Multiple Peers |
Add multiple peers |
All peers reachable |
24 |
Peer Removal |
Remove a peer |
Peer removed |
25 |
Interface Restart |
Restart WireGuard |
Interface reconnects |
26 |
Port Change |
Change listening port |
New port active |
27 |
Firewall Compatibility |
Use with firewall rules |
Traffic allowed/blocked as expected |
28 |
NAT Traversal |
Connect behind NAT |
Connection succeeds |
29 |
Roaming Support |
Change client IP |
Connection persists |
30 |
Endpoint Update |
Peer updates endpoint |
New endpoint accepted |
31 |
AllowedIPs Filtering |
Restrict IPs per peer |
Only allowed IPs routed |
32 |
Invalid AllowedIPs |
Use invalid IP range |
Config error |
33 |
Pre-shared Key |
Add PSK to peer config |
Extra encryption layer added |
34 |
No Pre-shared Key |
Remove PSK |
Connection still works |
35 |
Interface Statistics |
Check tx/rx stats |
Stats increment with traffic |
36 |
Log Monitoring |
Monitor logs |
Handshake and traffic logs visible |
37 |
Interface Persistence |
Reboot system |
Interface auto-starts |
38 |
Config Reload |
Reload config without restart |
Changes applied |
39 |
Performance Benchmark |
Measure throughput |
Meets expected bandwidth |
40 |
Latency Test |
Measure ping over VPN |
Acceptable latency |
41 |
Packet Loss Simulation |
Drop packets |
Connection handles loss |
42 |
Encryption Validation |
Inspect encryption method |
Uses ChaCha20-Poly1305 |
43 |
Key Rotation |
Rotate keys manually |
New keys accepted |
44 |
Key Expiry Handling |
Use expired keys |
Connection fails |
45 |
Time Sync Dependency |
Desync system clock |
Handshake fails |
46 |
Mobile Device Support |
Use on Android/iOS |
VPN connects |
47 |
OS Compatibility |
Test on Linux/Windows/macOS |
VPN works on all |
48 |
Config Import/Export |
Import/export config files |
Files parsed correctly |
49 |
Interface Isolation |
Block non-VPN traffic |
Only VPN traffic allowed |
50 |
Kill Switch |
Enable kill switch |
Traffic blocked if VPN drops |
Simplicity - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Minimal Config File |
Use only required fields in config |
VPN connects successfully |
2 |
Quick Setup |
Complete setup in under 5 minutes |
VPN operational within time |
3 |
One-Line Key Generation |
Generate keys with a single command |
Keys generated instantly |
4 |
Simple Peer Addition |
Add peer with minimal fields |
Peer connects successfully |
5 |
No GUI Required |
Configure via CLI only |
Fully functional VPN |
6 |
Easy Interface Start |
Use wg-quick up |
Interface starts without error |
7 |
Easy Interface Stop |
Use wg-quick down |
Interface stops cleanly |
8 |
Simple Status Check |
Use wg to check status |
Clear and concise output |
9 |
Minimal Dependencies |
Install without extra packages |
Installation succeeds |
10 |
Lightweight Binary |
Check binary size |
Small footprint (<1MB) |
11 |
Simple Routing Setup |
Add route via config |
Route works as expected |
12 |
No Daemon Needed |
Run without background service |
VPN functions normally |
13 |
Easy Config Reload |
Reload config without restart |
Changes applied instantly |
14 |
Simple Log Output |
View logs for interface |
Logs are readable and minimal |
15 |
Clear Error Messages |
Trigger config error |
Error message is understandable |
16 |
Simple IP Assignment |
Assign IP in config |
IP assigned correctly |
17 |
Easy Port Change |
Change listening port |
New port active |
18 |
Simple NAT Traversal |
Connect behind NAT |
Connection succeeds |
19 |
Minimal Peer Config |
Use only public key and endpoint |
Peer connects |
20 |
Easy Key Rotation |
Replace keys manually |
New keys accepted |
21 |
Simple DNS Setup |
Add DNS in config |
DNS queries routed through VPN |
22 |
No Extra Encryption Setup |
Use built-in ChaCha20 |
Encryption works out of the box |
23 |
Simple IPv6 Support |
Add IPv6 address in config |
IPv6 traffic routed |
24 |
Easy IPv4 Support |
Add IPv4 address in config |
IPv4 traffic routed |
25 |
Simple Peer Removal |
Remove peer from config |
Peer disconnected |
26 |
Easy Interface Restart |
Restart interface with one command |
Interface reconnects |
27 |
Simple Config Sharing |
Share config via text file |
Peer connects using shared config |
28 |
No GUI Debugging |
Troubleshoot using CLI only |
Issues resolved |
29 |
Simple Firewall Rules |
Add basic rules for port |
Traffic allowed |
30 |
Easy Mobile Setup |
Use QR code for mobile config |
Mobile connects easily |
31 |
Simple QR Code Generation |
Generate QR from config |
QR scanned successfully |
32 |
Easy Config Backup |
Copy config file |
Backup works |
33 |
Simple Interface Monitoring |
Use wg show |
Real-time stats visible |
34 |
Minimal Log Requirements |
No verbose logging needed |
Logs remain clean |
35 |
Simple Kill Switch Setup |
Add kill switch rule |
Traffic blocked if VPN drops |
36 |
Easy Config Import |
Import config on new device |
VPN connects |
37 |
Simple OS Compatibility |
Use same config on Linux/macOS/Windows |
Works across OS |
38 |
Easy Peer Discovery |
Use static IP or DNS |
Peer reachable |
39 |
Simple Interface Naming |
Use wg0, wg1, etc. |
Interface recognized |
40 |
Easy MTU Configuration |
Set MTU in config |
MTU applied |
41 |
Simple Pre-shared Key Setup |
Add PSK in config |
Extra encryption enabled |
42 |
No Certificate Management |
No need for CA or certs |
VPN works without PKI |
43 |
Simple Config Validation |
Check config syntax |
Errors shown clearly |
44 |
Easy Integration with Systemd |
Use systemd service |
Interface auto-starts |
45 |
Simple Roaming Support |
Change IP without reconnecting |
Connection persists |
46 |
Easy Endpoint Update |
Peer updates endpoint |
New endpoint accepted |
47 |
Simple AllowedIPs Setup |
Add AllowedIPs in config |
Traffic routed correctly |
48 |
Minimal Resource Usage |
Monitor CPU/memory usage |
Low usage observed |
49 |
Simple Upgrade Process |
Upgrade WireGuard package |
No config changes needed |
50 |
Easy Documentation Access |
Use man wg or official docs |
Clear and concise guidance |
High Performance - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Throughput Benchmark |
Measure max data transfer rate |
High Mbps/Gbps throughput |
2 |
Latency Measurement |
Ping over VPN |
Low latency (near native) |
3 |
CPU Usage Test |
Monitor CPU during traffic |
Low CPU utilization |
4 |
Memory Usage Test |
Monitor RAM usage |
Minimal memory footprint |
5 |
Multi-Core Utilization |
Use multiple cores |
Efficient parallel processing |
6 |
Encryption Speed |
Measure ChaCha20 performance |
Fast encryption/decryption |
7 |
Handshake Speed |
Time to complete handshake |
Sub-second handshake |
8 |
Reconnection Time |
Time to reconnect after drop |
Reconnects quickly |
9 |
Packet Processing Rate |
Measure packets/sec |
High PPS rate |
10 |
Interface Load Test |
Simulate heavy traffic |
Stable performance |
11 |
Concurrent Connections |
Add multiple peers |
Handles all peers efficiently |
12 |
High Bandwidth Streaming |
Stream HD/4K video |
Smooth playback |
13 |
File Transfer Speed |
Transfer large files |
Fast transfer rate |
14 |
Gaming Performance |
Play online games |
Low ping, no lag |
15 |
VoIP Quality |
Make voice/video calls |
Clear audio/video |
16 |
Performance on Mobile |
Test on Android/iOS |
Efficient battery and bandwidth use |
17 |
Performance on Low-End Device |
Use on Raspberry Pi or similar |
Acceptable performance |
18 |
Performance on VM |
Run in virtual machine |
Comparable to host performance |
19 |
Performance on Container |
Run in Docker |
Efficient operation |
20 |
Performance on Cloud |
Deploy on cloud instance |
High throughput |
21 |
Performance with IPv6 |
Use IPv6 traffic |
No degradation |
22 |
Performance with IPv4 |
Use IPv4 traffic |
No degradation |
23 |
Performance with NAT |
Connect behind NAT |
Maintains speed |
24 |
Performance with Roaming |
Change IP during session |
No noticeable delay |
25 |
Performance with Firewall |
Use with strict firewall |
No performance drop |
26 |
Performance with VPN Cascade |
Chain with another VPN |
Acceptable performance |
27 |
Performance with Kill Switch |
Enable kill switch |
No performance impact |
28 |
Performance with DNS |
Use DNS over VPN |
Fast resolution |
29 |
Performance with Compression |
Use compressed traffic |
Improved throughput |
30 |
Performance with UDP Flood |
Simulate UDP flood |
Handles gracefully |
31 |
Performance with Packet Loss |
Introduce packet loss |
Maintains connection |
32 |
Performance with Jitter |
Introduce jitter |
Stable connection |
33 |
Performance with MTU Tuning |
Adjust MTU size |
Optimized throughput |
34 |
Performance with Large MTU |
Use jumbo frames |
Improved efficiency |
35 |
Performance with Small MTU |
Use small MTU |
No fragmentation issues |
36 |
Performance with Pre-shared Key |
Add PSK |
No performance drop |
37 |
Performance with Logging |
Enable verbose logging |
Minimal impact |
38 |
Performance with Monitoring |
Use monitoring tools |
No slowdown |
39 |
Performance with System Load |
Run under CPU stress |
Maintains VPN speed |
40 |
Performance with Background Apps |
Run other apps |
No interference |
41 |
Performance with File Sync |
Use Dropbox/OneDrive |
Fast sync |
42 |
Performance with CDN Access |
Access CDN content |
Low latency |
43 |
Performance with Cloud Storage |
Use Google Drive/S3 |
Fast uploads/downloads |
44 |
Performance with Remote Desktop |
Use RDP/VNC |
Smooth experience |
45 |
Performance with SSH |
Use SSH over VPN |
No lag or delay |
46 |
Performance with Git |
Clone/push large repos |
Fast operations |
47 |
Performance with Web Browsing |
Browse websites |
Pages load quickly |
48 |
Performance with Video Calls |
Use Zoom/Teams/Meet |
No buffering |
49 |
Performance with Speed Test |
Run speedtest.net |
High download/upload speeds |
50 |
Performance with Multiple Routes |
Use multiple AllowedIPs |
Efficient routing |
Stateless Design - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Stateless Handshake |
Initiate handshake without prior state |
Handshake succeeds |
2 |
Stateless Peer Reconnect |
Reconnect peer after IP change |
Peer reconnects without session tracking |
3 |
Stateless Packet Handling |
Send packet without session context |
Packet processed correctly |
4 |
No Session Table |
Inspect for session tracking |
No session table maintained |
5 |
Stateless Key Exchange |
Exchange keys without stateful negotiation |
Keys exchanged successfully |
6 |
Stateless NAT Traversal |
Traverse NAT without connection state |
Connection established |
7 |
Stateless Roaming |
Change client IP mid-session |
Connection persists |
8 |
Stateless Peer Timeout |
Wait for peer inactivity |
No session timeout mechanism |
9 |
Stateless Packet Replay |
Replay old packet |
Packet dropped |
10 |
Stateless Packet Loss |
Drop packets mid-stream |
No session disruption |
11 |
Stateless Peer Restart |
Restart peer device |
Peer reconnects without issue |
12 |
Stateless Server Restart |
Restart server |
Clients reconnect automatically |
13 |
Stateless Interface Restart |
Restart WireGuard interface |
No session recovery needed |
14 |
Stateless Connection Logging |
Check logs for session tracking |
Only handshake and packet logs |
15 |
Stateless Peer Discovery |
No active peer discovery |
Peers connect only when sending data |
16 |
Stateless Firewall Traversal |
Traverse firewall without session pinning |
Connection succeeds |
17 |
Stateless Load Balancing |
Switch between servers |
No session migration needed |
18 |
Stateless Failover |
Failover to backup server |
Seamless transition |
19 |
Stateless Packet Inspection |
Inspect packet headers |
Minimal metadata, no session ID |
20 |
Stateless Protocol Overhead |
Measure protocol overhead |
Very low overhead |
21 |
Stateless UDP Transport |
Use UDP for transport |
Stateless by design |
22 |
Stateless Peer Removal |
Remove peer from config |
No lingering session |
23 |
Stateless Peer Addition |
Add peer dynamically |
Peer connects immediately |
24 |
Stateless Key Rotation |
Rotate keys |
No session reset required |
25 |
Stateless Packet Encryption |
Encrypt packet without session context |
Packet encrypted correctly |
26 |
Stateless Packet Decryption |
Decrypt packet without session context |
Packet decrypted correctly |
27 |
Stateless Interface Monitoring |
Monitor interface for state |
No session state observed |
28 |
Stateless Peer Monitoring |
Monitor peer activity |
Only last handshake timestamp |
29 |
Stateless Connection Recovery |
Recover from network drop |
Connection resumes without session sync |
30 |
Stateless VPN Kill Switch |
Enable kill switch |
No session state needed |
31 |
Stateless DNS Resolution |
Use DNS over VPN |
DNS queries routed statelessly |
32 |
Stateless Peer IP Change |
Change peer IP |
Connection persists |
33 |
Stateless Peer Endpoint Update |
Update endpoint in config |
New endpoint used immediately |
34 |
Stateless Interface Shutdown |
Shut down interface |
No session cleanup required |
35 |
Stateless Interface Boot |
Boot interface |
Peers connect as needed |
36 |
Stateless Peer Sync |
Sync peer config across devices |
No session sync needed |
37 |
Stateless Config Reload |
Reload config |
No session disruption |
38 |
Stateless Peer Rotation |
Rotate between multiple peers |
No session state retained |
39 |
Stateless Packet Timing |
Send packets at irregular intervals |
All packets processed |
40 |
Stateless Packet Duplication |
Send duplicate packets |
Duplicates ignored |
41 |
Stateless Peer Logging |
Log peer activity |
Only handshake and traffic logs |
42 |
Stateless Interface Logging |
Log interface activity |
No session logs |
43 |
Stateless Peer Expiry |
Remove inactive peer |
No session timeout needed |
44 |
Stateless Peer Sync After Reboot |
Reboot client |
Peer reconnects without session |
45 |
Stateless Server Sync After Reboot |
Reboot server |
Clients reconnect automatically |
46 |
Stateless Peer Migration |
Move peer to new network |
Connection persists |
47 |
Stateless Packet Fragmentation |
Send fragmented packets |
Reassembled without session |
48 |
Stateless Packet Reordering |
Send out-of-order packets |
Packets processed correctly |
49 |
Stateless Peer Scaling |
Add many peers |
No session tracking overhead |
50 |
Stateless Protocol Inspection |
Analyze protocol behavior |
Stateless by design |
UDP-Based Transport - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
UDP Port Binding |
Bind to default UDP port (51820) |
Port bound successfully |
2 |
Custom UDP Port |
Use a non-default UDP port |
VPN functions normally |
3 |
UDP Packet Transmission |
Send encrypted packets over UDP |
Packets transmitted successfully |
4 |
UDP Packet Reception |
Receive packets on WireGuard interface |
Packets received and decrypted |
5 |
UDP NAT Traversal |
Connect through NAT |
Connection established |
6 |
UDP Hole Punching |
Establish peer-to-peer connection behind NAT |
Peers connect directly |
7 |
UDP Packet Loss Handling |
Drop random packets |
Connection remains stable |
8 |
UDP Packet Reordering |
Send packets out of order |
Packets processed correctly |
9 |
UDP Packet Duplication |
Duplicate packets |
Duplicates ignored |
10 |
UDP Fragmentation |
Send large packets |
Packets fragmented and reassembled |
11 |
UDP MTU Tuning |
Adjust MTU size |
Optimized performance |
12 |
UDP Port Scan Detection |
Scan WireGuard port |
Port appears closed unless handshake initiated |
13 |
UDP Firewall Traversal |
Allow UDP port through firewall |
VPN traffic allowed |
14 |
UDP Port Blocking |
Block UDP port |
VPN fails to connect |
15 |
UDP Port Forwarding |
Forward port on router |
VPN connects through forwarded port |
16 |
UDP Performance Benchmark |
Measure throughput over UDP |
High performance observed |
17 |
UDP Latency Test |
Measure latency over UDP |
Low latency |
18 |
UDP with IPv4 |
Use IPv4 addresses |
Traffic routed correctly |
19 |
UDP with IPv6 |
Use IPv6 addresses |
Traffic routed correctly |
20 |
UDP with Dual Stack |
Use both IPv4 and IPv6 |
Dual stack supported |
21 |
UDP with Mobile Network |
Connect over 4G/5G |
VPN connects reliably |
22 |
UDP with Wi-Fi |
Connect over Wi-Fi |
VPN connects reliably |
23 |
UDP with Ethernet |
Connect over wired LAN |
VPN connects reliably |
24 |
UDP with Satellite |
Connect over satellite link |
VPN connects with higher latency |
25 |
UDP with VPN-over-VPN |
Tunnel WireGuard over another VPN |
UDP packets encapsulated |
26 |
UDP with Proxy |
Attempt to use HTTP/SOCKS proxy |
Fails (UDP not supported by proxy) |
27 |
UDP with IDS/IPS |
Monitor UDP traffic with IDS |
Encrypted traffic detected but not inspected |
28 |
UDP with QoS |
Apply QoS rules to UDP port |
Traffic prioritized |
29 |
UDP with Load Balancer |
Use UDP-aware load balancer |
Traffic distributed correctly |
30 |
UDP with Failover |
Switch to backup server on failure |
Seamless transition |
31 |
UDP with VPN Gateway |
Route traffic through WireGuard gateway |
All traffic tunneled |
32 |
UDP with Docker |
Run WireGuard in container |
UDP traffic flows correctly |
33 |
UDP with VM |
Run WireGuard in virtual machine |
UDP traffic flows correctly |
34 |
UDP with Cloud Provider |
Deploy on AWS/GCP/Azure |
UDP traffic allowed with proper rules |
35 |
UDP with Port Knocking |
Use port knocking before enabling UDP port |
VPN connects after knock |
36 |
UDP with Dynamic IP |
Change public IP |
VPN reconnects automatically |
37 |
UDP with Static IP |
Use static IP |
VPN connects reliably |
38 |
UDP with DNS Endpoint |
Use domain name instead of IP |
DNS resolves and connects |
39 |
UDP with Dynamic DNS |
Use DDNS for endpoint |
VPN reconnects after IP change |
40 |
UDP with Pre-shared Key |
Add PSK to UDP connection |
Extra encryption layer added |
41 |
UDP with Packet Inspection |
Inspect UDP packets |
Encrypted and unreadable |
42 |
UDP with Port Randomization |
Use random source port |
VPN still connects |
43 |
UDP with Port Restriction |
Use restricted port range |
VPN adapts and connects |
44 |
UDP with IPv6 NAT |
Use NAT66 |
VPN connects if supported |
45 |
UDP with IPv4 NAT |
Use NAT44 |
VPN connects reliably |
46 |
UDP with Firewall Logging |
Log UDP traffic |
Logs show encrypted packets |
47 |
UDP with Packet Delay |
Introduce artificial delay |
VPN remains stable |
48 |
UDP with Packet Jitter |
Introduce jitter |
VPN remains stable |
49 |
UDP with Packet Corruption |
Corrupt UDP packets |
Corrupted packets dropped |
50 |
UDP with UDP Flood Attack |
Simulate UDP flood |
VPN remains stable or throttles |
IP Layer Tunneling - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
IP Packet Encapsulation |
Send IP packet through tunnel |
Packet encapsulated in UDP |
2 |
IPv4 Tunneling |
Tunnel IPv4 traffic |
IPv4 packets routed securely |
3 |
IPv6 Tunneling |
Tunnel IPv6 traffic |
IPv6 packets routed securely |
4 |
Dual Stack Tunneling |
Use both IPv4 and IPv6 |
Both types tunneled correctly |
5 |
ICMP Tunneling |
Send ping through tunnel |
ICMP packets encapsulated |
6 |
TCP Tunneling |
Send TCP traffic |
TCP packets tunneled securely |
7 |
UDP Tunneling |
Send UDP traffic |
UDP packets tunneled securely |
8 |
DNS Tunneling |
Resolve DNS over tunnel |
DNS queries routed securely |
9 |
HTTP Tunneling |
Access web pages |
HTTP packets tunneled |
10 |
HTTPS Tunneling |
Access secure websites |
HTTPS packets tunneled |
11 |
IP Fragmentation |
Send fragmented IP packets |
Fragments reassembled correctly |
12 |
IP Reassembly |
Receive fragmented packets |
Reassembled successfully |
13 |
IP Header Inspection |
Inspect tunneled packet headers |
IP headers visible inside UDP payload |
14 |
IP Routing |
Route IP packets via WireGuard |
Routing works as configured |
15 |
IP Forwarding |
Enable IP forwarding |
Packets forwarded through tunnel |
16 |
IPsec Comparison |
Compare with IPsec |
WireGuard uses simpler IP tunneling |
17 |
GRE Comparison |
Compare with GRE tunneling |
WireGuard uses encrypted UDP instead |
18 |
MPLS Compatibility |
Test with MPLS network |
IP packets tunneled correctly |
19 |
VLAN Compatibility |
Tunnel traffic from VLAN |
VLAN traffic encapsulated |
20 |
QoS Tagging |
Preserve QoS tags in IP header |
Tags retained |
21 |
TTL Preservation |
Check TTL value after tunneling |
TTL decremented correctly |
22 |
DSCP Preservation |
Check DSCP field |
DSCP retained |
23 |
IPsec Bypass |
Use WireGuard instead of IPsec |
Traffic routed via WireGuard |
24 |
Tunnel MTU Test |
Test MTU size for IP packets |
MTU respected |
25 |
Tunnel Performance |
Measure throughput of tunneled IP traffic |
High performance observed |
26 |
Tunnel Latency |
Measure latency of tunneled IP traffic |
Low latency |
27 |
Tunnel Stability |
Maintain tunnel during network changes |
Tunnel remains stable |
28 |
Tunnel Recovery |
Recover tunnel after drop |
Tunnel reestablished |
29 |
Tunnel with NAT |
Tunnel IP traffic behind NAT |
NAT traversal successful |
30 |
Tunnel with Firewall |
Tunnel through firewall |
Traffic allowed if port open |
31 |
Tunnel with Mobile Network |
Tunnel IP traffic over 4G/5G |
Tunnel stable |
32 |
Tunnel with Wi-Fi |
Tunnel IP traffic over Wi-Fi |
Tunnel stable |
33 |
Tunnel with Ethernet |
Tunnel IP traffic over LAN |
Tunnel stable |
34 |
Tunnel with Satellite |
Tunnel IP traffic over satellite |
Tunnel works with higher latency |
35 |
Tunnel with VPN Cascade |
Tunnel IP traffic through multiple VPNs |
Traffic encapsulated multiple times |
36 |
Tunnel with Docker |
Tunnel traffic from container |
Container traffic routed |
37 |
Tunnel with VM |
Tunnel traffic from virtual machine |
VM traffic routed |
38 |
Tunnel with Cloud Instance |
Tunnel traffic from cloud server |
Cloud traffic routed securely |
39 |
Tunnel with IPv6 NAT |
Tunnel through NAT66 |
Tunnel works if supported |
40 |
Tunnel with IPv4 NAT |
Tunnel through NAT44 |
Tunnel works reliably |
41 |
Tunnel with Dynamic IP |
Change public IP |
Tunnel reconnects automatically |
42 |
Tunnel with Static IP |
Use static IP |
Tunnel remains stable |
43 |
Tunnel with DNS Endpoint |
Use domain name for endpoint |
DNS resolves and tunnel connects |
44 |
Tunnel with Dynamic DNS |
Use DDNS for endpoint |
Tunnel reconnects after IP change |
45 |
Tunnel with Pre-shared Key |
Add PSK to tunnel |
Extra encryption layer added |
46 |
Tunnel with Packet Delay |
Introduce delay |
Tunnel remains stable |
47 |
Tunnel with Packet Jitter |
Introduce jitter |
Tunnel remains stable |
48 |
Tunnel with Packet Corruption |
Corrupt IP packets |
Corrupted packets dropped |
49 |
Tunnel with Packet Replay |
Replay IP packets |
Replay protection active |
50 |
Tunnel with IPsec Gateway |
Route traffic through IPsec gateway |
WireGuard tunnel bypasses IPsec |
Key-Based Authentication - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Key Pair Generation |
Generate private and public key |
Keys generated successfully |
2 |
Key Format Validation |
Check key format (Base64, 32 bytes) |
Valid format confirmed |
3 |
Key Length Check |
Verify key length |
256-bit keys |
4 |
Private Key Protection |
Ensure private key is not exposed |
Key remains secure |
5 |
Public Key Sharing |
Share public key with peer |
Peer accepts key |
6 |
Key Pair Matching |
Match public key to private key |
Keys match |
7 |
Invalid Key Pair |
Use mismatched keys |
Handshake fails |
8 |
Missing Public Key |
Omit public key in config |
Peer not authenticated |
9 |
Missing Private Key |
Omit private key in config |
Interface fails to start |
10 |
Duplicate Public Key |
Use same public key for multiple peers |
Conflict or overwrite |
11 |
Key Rotation |
Replace keys manually |
New keys accepted |
12 |
Key Rotation Detection |
Detect key change on peer |
Handshake re-initiated |
13 |
Key Expiry Simulation |
Simulate expired key |
Connection fails |
14 |
Key Revocation |
Remove peer’s public key |
Peer no longer connects |
15 |
Key Reuse Prevention |
Use same key across multiple devices |
Security warning or conflict |
16 |
Key Logging Protection |
Ensure keys are not logged |
Logs do not contain keys |
17 |
Key Storage Security |
Store keys securely on disk |
Keys not world-readable |
18 |
Key in Environment Variable |
Load key from environment variable |
Interface starts successfully |
19 |
Key in Config File |
Load key from config file |
Interface starts successfully |
20 |
Key in External File |
Reference key from external file |
Key loaded correctly |
21 |
Key with Pre-shared Key |
Combine public key with PSK |
Extra encryption layer added |
22 |
Key with AllowedIPs Restriction |
Use key with IP filtering |
Only allowed IPs routed |
23 |
Key with Endpoint Change |
Change endpoint, keep key |
Peer reconnects |
24 |
Key with Roaming |
Change IP, keep key |
Peer reconnects |
25 |
Key with NAT Traversal |
Use key behind NAT |
Peer connects successfully |
26 |
Key with Firewall |
Use key with UDP port open |
Peer connects successfully |
27 |
Key with IPv6 |
Use key with IPv6 address |
Peer connects successfully |
28 |
Key with IPv4 |
Use key with IPv4 address |
Peer connects successfully |
29 |
Key with DNS Endpoint |
Use key with domain name endpoint |
DNS resolves and connects |
30 |
Key with Dynamic DNS |
Use DDNS with key |
Peer reconnects after IP change |
31 |
Key with QR Code |
Generate QR from config with key |
Mobile peer connects |
32 |
Key with Mobile Device |
Use key on Android/iOS |
Peer connects successfully |
33 |
Key with Cloud Instance |
Use key on cloud server |
Peer connects successfully |
34 |
Key with Docker Container |
Use key in container |
Peer connects successfully |
35 |
Key with Virtual Machine |
Use key in VM |
Peer connects successfully |
36 |
Key with Config Reload |
Reload config with new key |
New key accepted |
37 |
Key with Interface Restart |
Restart interface with same key |
Peer reconnects |
38 |
Key with Peer Removal |
Remove peer’s key |
Peer disconnected |
39 |
Key with Peer Addition |
Add new peer with key |
Peer connects |
40 |
Key with Logging Enabled |
Enable logs |
Keys not exposed |
41 |
Key with Monitoring Tools |
Use wg show |
Keys partially masked |
42 |
Key with Systemd Integration |
Load key via systemd unit |
Interface starts successfully |
43 |
Key with Config Import |
Import config with key |
Peer connects |
44 |
Key with Config Export |
Export config with key |
Peer connects |
45 |
Key with Backup/Restore |
Backup and restore config with key |
Peer reconnects |
46 |
Key with Multiple Interfaces |
Use same key on multiple interfaces |
Interfaces operate independently |
47 |
Key with Multiple Peers |
Use different keys for each peer |
All peers connect |
48 |
Key with Performance Benchmark |
Test speed with key-based auth |
High performance maintained |
49 |
Key with Stateless Design |
Authenticate without session state |
Peer connects on demand |
50 |
Key with UDP Transport |
Authenticate over UDP |
Handshake completes |
Roaming Support - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
IP Change During Session |
Change client IP mid-session |
VPN remains connected |
2 |
Wi-Fi to Mobile Switch |
Switch from Wi-Fi to mobile data |
VPN reconnects automatically |
3 |
Mobile to Wi-Fi Switch |
Switch from mobile data to Wi-Fi |
VPN reconnects automatically |
4 |
Roaming Across Networks |
Move between different networks |
VPN maintains connection |
5 |
Roaming with NAT |
Change NAT IP address |
VPN adapts and reconnects |
6 |
Roaming with Dynamic IP |
Use ISP with dynamic IP |
VPN reconnects after IP change |
7 |
Roaming with Static IP |
Use static IP |
VPN remains stable |
8 |
Roaming with DNS Endpoint |
Use domain name for endpoint |
DNS resolves new IP |
9 |
Roaming with DDNS |
Use dynamic DNS for endpoint |
VPN reconnects after IP update |
10 |
Roaming with Mobile Hotspot |
Switch to mobile hotspot |
VPN reconnects |
11 |
Roaming with Public Wi-Fi |
Connect to public Wi-Fi |
VPN reconnects securely |
12 |
Roaming with Captive Portal |
Connect through captive portal |
VPN reconnects after login |
13 |
Roaming with VPN Gateway |
Use VPN gateway across networks |
Tunnel remains active |
14 |
Roaming with IPv6 |
Change IPv6 address |
VPN adapts |
15 |
Roaming with IPv4 |
Change IPv4 address |
VPN adapts |
16 |
Roaming with Dual Stack |
Switch between IPv4 and IPv6 |
VPN remains connected |
17 |
Roaming with DNS Cache |
Use cached DNS entries |
VPN reconnects using cached IP |
18 |
Roaming with DNS TTL |
Use short TTL for endpoint DNS |
DNS resolves new IP quickly |
19 |
Roaming with Firewall |
Change to network with strict firewall |
VPN reconnects if port allowed |
20 |
Roaming with Port Forwarding |
Use port forwarding on new network |
VPN reconnects |
21 |
Roaming with UDP Hole Punching |
Maintain connection through NAT |
VPN reconnects using hole punching |
22 |
Roaming with Pre-shared Key |
Use PSK with roaming |
VPN reconnects securely |
23 |
Roaming with Peer Update |
Peer updates endpoint IP |
Connection re-established |
24 |
Roaming with Endpoint Change |
Change endpoint manually |
VPN reconnects |
25 |
Roaming with Interface Restart |
Restart interface after IP change |
VPN reconnects |
26 |
Roaming with System Sleep |
Sleep and resume system |
VPN reconnects |
27 |
Roaming with Airplane Mode |
Enable and disable airplane mode |
VPN reconnects |
28 |
Roaming with Network Fluctuation |
Simulate unstable network |
VPN maintains or restores connection |
29 |
Roaming with VPN Cascade |
Use WireGuard over another VPN |
VPN reconnects through tunnel |
30 |
Roaming with Docker Container |
Roam with containerized client |
VPN reconnects |
31 |
Roaming with Virtual Machine |
Roam with VM client |
VPN reconnects |
32 |
Roaming with Cloud Instance |
Change IP of cloud instance |
VPN reconnects |
33 |
Roaming with Mobile App |
Use WireGuard mobile app |
VPN reconnects automatically |
34 |
Roaming with Desktop App |
Use WireGuard desktop app |
VPN reconnects automatically |
35 |
Roaming with Systemd Service |
Use systemd to manage interface |
VPN auto-restarts on IP change |
36 |
Roaming with Interface Monitoring |
Monitor interface for IP change |
VPN reconnects on change |
37 |
Roaming with Peer Monitoring |
Monitor peer endpoint change |
VPN adapts to new endpoint |
38 |
Roaming with DNS Failover |
Use multiple DNS records |
VPN reconnects using alternate IP |
39 |
Roaming with Multiple Peers |
Switch between peers |
VPN reconnects to available peer |
40 |
Roaming with Load Balancer |
Use DNS load balancing |
VPN reconnects to new IP |
41 |
Roaming with IPv6 NAT |
Roam through NAT66 |
VPN reconnects if supported |
42 |
Roaming with IPv4 NAT |
Roam through NAT44 |
VPN reconnects reliably |
43 |
Roaming with Packet Loss |
Drop packets during IP change |
VPN recovers |
44 |
Roaming with Packet Delay |
Delay packets during IP change |
VPN recovers |
45 |
Roaming with Packet Reordering |
Reorder packets during IP change |
VPN handles correctly |
46 |
Roaming with DNSSEC |
Use DNSSEC for endpoint resolution |
VPN reconnects securely |
47 |
Roaming with VPN Kill Switch |
Enable kill switch |
Traffic blocked until VPN reconnects |
48 |
Roaming with Logging Enabled |
Log roaming events |
Logs show IP change and reconnection |
49 |
Roaming with Monitoring Tools |
Use wg show to monitor |
Endpoint updates visible |
50 |
Roaming with Performance Test |
Measure reconnection time |
Reconnects within seconds |
Cross-Platform Compatibility - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Linux Compatibility |
Install and run on Ubuntu/Debian |
VPN connects successfully |
2 |
Windows Compatibility |
Install and run on Windows 10/11 |
VPN connects successfully |
3 |
macOS Compatibility |
Install and run on macOS |
VPN connects successfully |
4 |
Android Compatibility |
Use WireGuard app on Android |
VPN connects successfully |
5 |
iOS Compatibility |
Use WireGuard app on iOS |
VPN connects successfully |
6 |
FreeBSD Compatibility |
Install and run on FreeBSD |
VPN connects successfully |
7 |
OpenBSD Compatibility |
Install and run on OpenBSD |
VPN connects successfully |
8 |
Raspberry Pi Compatibility |
Run on Raspberry Pi OS |
VPN connects successfully |
9 |
Docker Container Support |
Run inside Docker container |
VPN connects successfully |
10 |
Virtual Machine Support |
Run inside VM (e.g., VirtualBox, VMware) |
VPN connects successfully |
11 |
Cloud VM Support |
Run on AWS/GCP/Azure instance |
VPN connects successfully |
12 |
Cross-Platform Key Sharing |
Use same key on different OS |
Keys accepted and VPN connects |
13 |
Config File Portability |
Use same config across OS |
Config works without modification |
14 |
CLI Support on Linux |
Use wg and wg-quick commands |
Commands execute correctly |
15 |
GUI Support on Windows |
Use WireGuard GUI |
Interface starts and connects |
16 |
GUI Support on macOS |
Use WireGuard GUI |
Interface starts and connects |
17 |
Mobile App UI Consistency |
Compare Android and iOS apps |
Similar UI and functionality |
18 |
Systemd Integration on Linux |
Use systemd to manage interface |
Interface auto-starts |
19 |
Launch Agent on macOS |
Use launchd for auto-start |
Interface auto-starts |
20 |
Windows Service Integration |
Use Windows service for auto-start |
Interface auto-starts |
21 |
IPv4 Support on All Platforms |
Route IPv4 traffic |
IPv4 works on all OS |
22 |
IPv6 Support on All Platforms |
Route IPv6 traffic |
IPv6 works on all OS |
23 |
DNS Resolution on All Platforms |
Use DNS over VPN |
DNS queries resolved securely |
24 |
MTU Configuration on All Platforms |
Set MTU in config |
MTU applied correctly |
25 |
Interface Naming Consistency |
Use wg0, wg1, etc. |
Interface recognized across OS |
26 |
Log File Access |
Access logs on each OS |
Logs available and readable |
27 |
Performance Benchmark on Linux |
Measure throughput |
High performance observed |
28 |
Performance Benchmark on Windows |
Measure throughput |
High performance observed |
29 |
Performance Benchmark on macOS |
Measure throughput |
High performance observed |
30 |
Performance Benchmark on Android |
Measure throughput |
Acceptable performance |
31 |
Performance Benchmark on iOS |
Measure throughput |
Acceptable performance |
32 |
Config Import on Mobile |
Import config via QR code |
VPN connects successfully |
33 |
Config Export from Desktop |
Export config to mobile |
Config works on mobile |
34 |
Roaming Support on Mobile |
Switch networks on mobile |
VPN reconnects automatically |
35 |
Roaming Support on Desktop |
Switch networks on laptop |
VPN reconnects automatically |
36 |
Firewall Compatibility on All OS |
Use with OS-specific firewall |
VPN traffic allowed |
37 |
NAT Traversal on All OS |
Connect behind NAT |
VPN connects successfully |
38 |
Kill Switch on Linux |
Block traffic if VPN drops |
Traffic blocked |
39 |
Kill Switch on Windows |
Block traffic if VPN drops |
Traffic blocked |
40 |
Kill Switch on macOS |
Block traffic if VPN drops |
Traffic blocked |
41 |
IPv6 Leak Protection |
Prevent IPv6 leaks |
No leaks detected |
42 |
DNS Leak Protection |
Prevent DNS leaks |
No leaks detected |
43 |
Update Compatibility |
Upgrade WireGuard version |
Configs remain compatible |
44 |
Multi-User Support on Windows |
Use with multiple user accounts |
VPN works per user |
45 |
Multi-User Support on Linux |
Use with multiple user accounts |
VPN works per user |
46 |
Multi-User Support on macOS |
Use with multiple user accounts |
VPN works per user |
47 |
Battery Usage on Mobile |
Monitor battery impact |
Efficient usage observed |
48 |
Background Operation on Mobile |
Run VPN in background |
VPN remains active |
49 |
App Store Availability |
Available on Google Play and App Store |
Easy installation |
50 |
Open Source Availability |
Source code available for all platforms |
Builds and runs successfully |
Easy Configuration - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Minimal Config File |
Use only required fields |
VPN connects successfully |
2 |
Config File Syntax Validation |
Check for syntax errors |
Errors clearly reported |
3 |
Config File with Comments |
Add comments to config |
Comments ignored, config works |
4 |
Config File with Extra Spaces |
Add whitespace in config |
Config still valid |
5 |
Config File with Tabs |
Use tabs instead of spaces |
Config still valid |
6 |
Config File with Inline Comments |
Add inline comments |
Config still valid |
7 |
Config File with Multiple Peers |
Add multiple peers |
All peers recognized |
8 |
Config File with DNS Entry |
Add DNS entry |
DNS queries routed through VPN |
9 |
Config File with MTU |
Set MTU value |
MTU applied correctly |
10 |
Config File with Table Format |
Use INI-style format |
Parsed correctly |
11 |
Config File with IPv6 |
Add IPv6 address |
IPv6 traffic routed |
12 |
Config File with IPv4 |
Add IPv4 address |
IPv4 traffic routed |
13 |
Config File with Endpoint Hostname |
Use domain name instead of IP |
DNS resolves and connects |
14 |
Config File with Port Number |
Specify custom port |
Port used correctly |
15 |
Config File with AllowedIPs |
Define AllowedIPs |
Traffic routed as specified |
16 |
Config File with PersistentKeepalive |
Enable keepalive |
Keepalive packets sent |
17 |
Config File with Pre-shared Key |
Add PSK |
Extra encryption layer added |
18 |
Config File with Multiple Interfaces |
Define multiple interfaces |
All interfaces start correctly |
19 |
Config File with External Includes |
Reference external files |
Config loads successfully |
20 |
Config File with QR Code |
Generate QR from config |
Mobile device connects |
21 |
Config File with Environment Vars |
Use env vars for keys |
Keys loaded correctly |
22 |
Config File with Systemd |
Use with systemd unit |
Interface auto-starts |
23 |
Config File with Launchd (macOS) |
Use with launchd |
Interface auto-starts |
24 |
Config File with Windows Service |
Use with Windows service |
Interface auto-starts |
25 |
Config File with Comments Only |
Use config with only comments |
Interface does not start |
26 |
Config File with Invalid IP |
Use malformed IP address |
Error reported |
27 |
Config File with Invalid Port |
Use invalid port number |
Error reported |
28 |
Config File with Invalid Key |
Use malformed key |
Error reported |
29 |
Config File with Duplicate Keys |
Use same key for multiple peers |
Warning or error shown |
30 |
Config File with Missing Fields |
Omit required fields |
Interface fails to start |
31 |
Config File with Extra Fields |
Add unsupported fields |
Ignored or error shown |
32 |
Config File with Inline Key |
Embed key directly |
Key accepted |
33 |
Config File with External Key File |
Reference key from file |
Key loaded successfully |
34 |
Config File with Backup/Restore |
Backup and restore config |
VPN reconnects |
35 |
Config File with GUI Import |
Import config via GUI |
Interface starts |
36 |
Config File with CLI Import |
Import config via CLI |
Interface starts |
37 |
Config File with Mobile Export |
Export config to mobile |
Mobile connects successfully |
38 |
Config File with Peer Removal |
Remove peer from config |
Peer disconnected |
39 |
Config File with Peer Addition |
Add peer to config |
Peer connects |
40 |
Config File with Interface Restart |
Restart interface with same config |
Interface reconnects |
41 |
Config File with Interface Rename |
Rename interface in config |
Interface recognized |
42 |
Config File with IPv6 Only |
Use only IPv6 |
VPN connects |
43 |
Config File with IPv4 Only |
Use only IPv4 |
VPN connects |
44 |
Config File with DNS Only |
Use DNS without IP |
DNS resolves and connects |
45 |
Config File with Static IP |
Use static IP |
VPN connects |
46 |
Config File with Dynamic IP |
Use dynamic IP |
VPN reconnects after change |
47 |
Config File with Roaming Enabled |
Enable roaming |
VPN reconnects on IP change |
48 |
Config File with Logging Enabled |
Enable logging |
Logs show connection details |
49 |
Config File with Compression |
Add compression (if supported externally) |
Traffic compressed |
50 |
Config File with Comments in Peer |
Add comments in [Peer] section |
Config still valid |
Reference links