On Monday, WireGuard founder and lead developer Jason Dunnfield Advertise WireGuard is a new release for Windows. The release is a godsend for administrators who hope to implement WireGuard as an alternative to traditional end-user VPNs in a business environment, while adding many new features that will make their lives easier – or simply make their implementation possible, in environments where this is otherwise possible.
If you haven’t heard of WireGuard yet, it is a relatively new VPN protocol that features advanced encryption. Performed from the ground up as an exercise in well-written, streamlined, maximally secure and performing code – and it succeeded in achieving these goals well enough to have Linus Torvalds who is rarely seen Seal of approval.
Those who are already using WireGuard on Windows will receive a clear in-app prompt to download and install the new version, which works fine. New users can download WireGuard directly From their website.
The “Download Installer” button is targeted at Windows end users, this examines the user’s system to determine which MSI installer to fetch and execute, based on the user’s system architecture. Types of sysadmin may also be browse Direct List MSIs, for use with automated Active Directory Group Policy deployments.
WireGuard for Windows currently supports x86_64, x86 (32-bit), ARM, and ARM64 architectures.
Improved tunnel management for Windows users
Perhaps the most requested feature of the Windows app for WireGuard is the ability for non-premium users to activate and deactivate WireGuard tunnels via the application user interface. Until version 0.3.1, WireGuard only allowed members of the Administrators group to open the user interface, let alone do anything inside it.
As of version 0.3.1, this restriction has been finally removed. Non-premium users can be added to the Windows Builtin “Network Configuration Operators” group – once they become members of this group, if And only if the required registry key is added and a DWORD value is set, can they manage their own tunneling in their corporate LAN.
Another step is necessary to enable the Limited UI – you need to open it
regeditCreate the key
HKLMSOFTWAREWireGuard, Then create a DWORD in
HKLMSOFTWAREWireGuardLimitedOperatorUI And set it on
1. (Do not be confused in not having
HKLMSOFTWAREWireGuard Itself – you’ll need to create that too.)
Non-premium users who are allowed into WireGuard Club can see available tunnels and start and stop those tunnels. They cannot see the tunnels’ public keys – and most importantly, they cannot add, remove, or edit these tunnels.
Non-premium users also can’t exit the WireGuard app itself – they can close the dialog well, but the “Quit WireGuard” item is missing from the context menu in the system tray. This is because closing the WireGuard app from the system tray doesn’t just get rid of the icon, or even disable WireGuard tunnel services – it’s actually Uninstall operations Those services in full. (The services are automatically reinstalled the next time the administrator launches the WireGuard app.)
Also new in WireGuard for Windows 0.3.1, it is possible to activate multiple tunnels simultaneously from the GUI. This feature is also the registration gateway for now – to use it, you’ll need to create a
DWORD in a
HKLMSoftwareWireGuardMultipleSimultaneousTunnels And set it to 1. Without creating it and setting it
DWORD, WireGuard for Windows 0.3.1 continues to behave like previous versions, activating one tunnel from the GUI will deactivate any other tunnels automatically.