boringtun

BoringTun is Cloudflare's implementation of the WireGuard protocol, written in Rust. WireGuard is a modern VPN (virtual private network) protocol known for being fast and relatively simple compared to older VPN technologies. BoringTun is specifically a userspace implementation, meaning it runs as a normal program rather than inside the operating system's kernel, which makes it portable across different platforms.

The project comes in two forms. The first is a command-line tool called boringtun-cli that creates WireGuard tunnels on Linux and macOS. The second is a library that other applications can include to add WireGuard support, and it is designed to work on mobile platforms. Cloudflare uses this library in its 1.1.1.1 apps on iOS and Android, and the README states it runs on millions of consumer devices and thousands of Cloudflare servers.

The library supports a wide range of platforms: standard 64-bit and ARM Linux, macOS, Windows (library only), iOS, and Android. It exposes bindings for C, C++, Swift, C#, and Java, so it can be integrated into apps written in those languages without needing to call it from Rust directly.

Installation as a command-line tool is done through Cargo, the Rust package manager, with a single command. Running a tunnel follows the same configuration interface as standard WireGuard tools, so existing WireGuard configurations and management scripts work without changes.

The README notes the project is currently being restructured and the master branch should not be relied on directly. The stable release is available through crates.io, Rust's package registry. The project is released under the 3-Clause BSD License.