WireGuard

WireGuard tools are the userspace commands for configuring WireGuard tunnel interfaces across platforms. The core wg utility manages keys, peers, and runtime state, while wg-quick handles simple bring-up and teardown from config files.

• Generate private, public, and preshared keys and inspect interfaces, peers, endpoints, handshakes, and transfer counters on a host.
• Apply, append, sync, or export interface and peer configuration with set, setconf, addconf, syncconf, and showconf.
• Bring tunnels up or down from config files, derive routes from allowed IPs, and attach DNS or firewall hooks for simple VPN client or server setups.

• Core commands are non-interactive and wg show supports field-specific reads plus dump output, so shell scripts can inspect live tunnel state without parsing the pretty terminal view.
• Useful for local inspect-change-verify loops around peer rollout, key rotation, endpoint checks, and tunnel reloads; syncconf is designed to change config without disrupting current sessions.
• Automation limits are operational rather than conceptual: mutating flows usually need root, direct host access, and careful handling of private keys plus OS networking side effects.

• There is no native JSON output in the main CLI; machine-readable reads use tab and newline-oriented text, and the JSON helper lives only in contrib/.
• wg-quick is intentionally a simple wrapper around wg and system networking tools, so advanced environments may be better served by a dedicated network manager or direct wg plus OS commands.