[kaylynb]

WireGuard is great, but I think it's really undersold when it's described as being just a vpn. It's really an encrypted tunnel that is configured like a network adapter in the Linux network stack.

This lets you configure it with stuff like systemd-networkd and unit files, or easily spin up a tunnel with a few `ip` commands, and setup some simple nftables rules to do all sorts of stuff.

I do use it as a vpn as well, but it's so much easier to setup than, say, OpenVPN, where you need to create tun/br interfaces and then tie them together with a service, etc. That said, OpenVPN and other actual VPN software does more than just a tunnel (like pushing routes, config settings, etc), so WireGuard cannot replace everything by itself.

The documentation is rather sparse, but there isn't much to it either. The manpages have what you need to know and the rest is just general Linux network stack knowledge.

[DaniloDias]

Is there an application for containers? E.g. a way to set up an encrypted tunneling interface between containers that would allow you to avoid using TLS between the containers?

[eliaspro]

There isn't really a need for a separate application to do this. Just create a WireGuard interface and move it to the container's namespace.

[nielsole]

There is a wireguard network plugin for kubernetes

[terrywang]

Gravitational has built something called wormhole (clashes with magic wormhole, bad naming, isn't? Some other hold can be better) https://github.com/gravitational/wormhole

It can be used to replace flannel if encryption in transit is required.

[AirborneUnicorn]

Could you provide a link?