A loop-based implementation of WireGuard that operates without requiring tun device privileges.
Based on the official WireGuard Go implementation.
This is a modified version of wireguard-go that replaces the tun device with a loop device implementation. Instead of creating network interfaces that require root/administrator privileges, this implementation creates a loop device that simply echoes back any packet it receives. This makes it suitable for:
- Testing WireGuard protocol implementations
- Running as a regular user without elevated privileges
- Development and debugging purposes
- Learning about WireGuard internals
$ wireguard-loop-go wg0
This will create a loop device interface with the specified name. The interface operates entirely in userspace and doesn't require special privileges.
The UAPI socket (used by wg command) is created at:
- With XDG_RUNTIME_DIR:
$XDG_RUNTIME_DIR/wireguard-loop/wg0.sock(typically/run/user/1000/wireguard-loop/wg0.sock) - Without XDG_RUNTIME_DIR:
/tmp/wireguard-loop/wg0.sock - With WG_SOCKET_DIR env var:
$WG_SOCKET_DIR/wg0.sock(for custom locations)
Since the standard wg tool looks for sockets in /var/run/wireguard/, you may need to create a symlink with sudo (which preserves your environment variables):
$ sudo mkdir -p /var/run/wireguard
$ sudo ln -s $XDG_RUNTIME_DIR/wireguard-loop/wg0.sock /var/run/wireguard/wg0.sock
After this, you can use wg(8) to configure the interface normally.
To run with more logging you may set the environment variable LOG_LEVEL=debug.
This requires an installation of the latest version of Go.
$ git clone https://github.com/KarpelesLab/wireguard-loop-go
$ cd wireguard-loop-go
$ go build -o wireguard-loop-go
Unlike the standard wireguard-go which uses a tun device to interface with the kernel's networking stack, wireguard-loop-go implements a simple loop device that:
- Receives packets from the WireGuard protocol layer
- Immediately sends them back to the sender
- Operates entirely in userspace without kernel interaction
This makes it a lightweight testing tool that can run without special privileges.
This project is licensed under the MIT License, same as the original wireguard-go.
Based on wireguard-go by Jason A. Donenfeld and the WireGuard contributors.