Private WireGuard mesh, built for humans and AI agents.

What wg0.io Is

wg0.io is a managed control plane for WireGuard. Instead of hand-rolling wg0.conf files, distributing public keys over Slack, and praying nobody loses a PrivateKey, operators sign up, enroll devices, and watch a mesh form itself. Networks, devices, peers, routes, and access grants are managed from a web dashboard — and, increasingly, from machine-readable APIs that autonomous agents can call themselves.

The underlying transport is the real WireGuard protocol: kernel-fast, audited cryptography, ChaCha20-Poly1305, Noise IK handshake. wg0.io supplies the layer everyone re-invents badly: enrollment, key rotation, peer discovery, route reconciliation, NAT traversal, and a portal that makes the topology legible.

The product solves a problem every growing engineering team eventually faces. You need to interlink an office LAN with a cloud VPC and a remote engineer's laptop and a CI runner and — increasingly — a fleet of AI agents that need to reach internal services lawfully. Classic VPN concentrators force everything through a hub. Tailscale and ZeroTier do mesh, but treat AI agents as second-class citizens. wg0.io treats every participant — human, server, or agent — as a first-class member of the mesh.

Why "Agentic-AI-First" WireGuard Matters

Most VPN products were designed for two participants: an employee at a coffee shop and the corporate intranet. Agentic AI breaks that model. An autonomous agent might need to query a Postgres replica on an office LAN, write a Markdown file to a NAS, hit an internal HR API, and call a colleague's machine for code review — all in a single five-minute task. It needs a stable, auditable identity inside the tenant's perimeter, not a screen-scraped session through a jump host.

wg0.io's design treats agents as enrolled devices with their own keys, their own access grants, and their own audit trail. The platform exposes a Model Context Protocol (MCP) surface that an agent can call directly: list_networks, list_devices, provision_device, create_access_grant, get_network_traffic, health_check. The agent doesn't tunnel through a human's laptop. It joins the mesh as itself, with a scoped grant the operator approved, and every packet is attributable.

This matters for compliance. When a SOC 2 auditor asks "who accessed the staging database at 03:14 UTC?", the answer is a device ID, not a vague "the production service account." When an agent goes off the rails, the operator revokes one key, not a whole VPN credential.

Native LAN Placement vs. Classic VPN Routing

Classic VPN routing puts the client on a virtual subnet (10.8.0.0/24, 100.64.0.0/10 — whatever the concentrator hands out) and uses NAT to make it look like the office LAN. The client never is on the LAN. It's a guest with a translated address, which breaks broadcast/multicast discovery, mDNS, SMB browsing, license servers that pin to MAC, and anything that introspects source IPs.

wg0.io supports a different model. A device in host role can advertise the office LAN's actual CIDR (e.g. 192.168.10.0/24) into the mesh, and the connector handles the dance of MASQUERADE rules, source NAT, route tables, and proxy_arp so that a remote peer's traffic emerges on the office LAN with the office's own gateway behavior — not on a parallel overlay. To the file server, the remote engineer's laptop looks like a local box. To an agent reaching a printer or a smart panel, the LAN is just there.

The connector handles the gnarly parts so operators don't have to: iptables backend detection (nft vs. legacy), userspace WireGuard fallback for kernels without the module, dual-stack route reconciliation against the control plane's stated intent, and Table = off interface scoping so the connector doesn't hijack the host's default route by accident.

Core Concepts

The platform's API surface — visible through both the web dashboard and the MCP toolset — exposes a small, sharp vocabulary.

Networks, Devices, and Nodes

A network is a tenant's namespace. It has a CIDR, an admin, and a member list. A device is the physical or virtual machine. A node is a device's membership in a specific network. The same laptop can hold memberships in multiple networks, each with its own key and IP, so a contractor can be on Client A's mesh and Client B's mesh simultaneously without VPN profile-swapping.

Enrollment Tokens

A short-lived secret an operator generates in the dashboard and hands to a connector. The connector trades it for a node ID, a node IP, a private key (generated locally — never leaves the device), and a starting wg0.conf. Tokens are scoped to a network and can be one-use.

Access Grants

Identity-aware authorizations that say "device X may reach CIDR Y on port Z" or "agent A may reach service B." Grants are the layer above raw WireGuard AllowedIPs; they let operators write policy in human terms and let the control plane render the right kernel state on every node.

Upstream Exits and BYO Exit

Designated nodes that handle internet-bound traffic from peers who opted into full-tunnel ("route-all") mode. Used for exit-node patterns: send all browsing through a specific office's WAN, pin agent traffic through a known-good egress for geofencing, or wire a BYO Exit with Mullvad or Proton for privacy egress.

Gateway Exports and Shared Networks

Gateway exports are a controlled way to expose a slice of an internal LAN — a single host, a port, a subnet — to a network member without granting the full LAN. Shared networks provide cross-tenant connectivity, so an MSP can reach a client's gear or two companies can share a VPC without merging accounts.

Traffic Visibility and Endpoint History

Every peer relationship is observed. The control plane records direct vs. relayed connections, endpoint flips as devices roam between Wi-Fi and LTE, bytes-in/bytes-out per peer, and an endpoint history per device. Forensic-grade visibility you don't get from a typical commercial VPN.

Comparison vs. Tailscale, Twingate, ZeroTier, Raw WireGuard

vs. raw WireGuard. WireGuard ships you a kernel module, a config syntax, and a key generator. wg0.io ships you a product — enrollment, key distribution, peer discovery, route policy, traffic visibility, access grants, and an API for agents.

vs. Tailscale. Tailscale is excellent, but its identity model is human-first and its monetization assumes humans-per-seat. wg0.io is designed around agents-as-first-class-members, exposes its full surface via MCP for AI consumption, and has a native LAN placement model that doesn't force the 100.64.0.0/10 CG-NAT range on every device.

vs. Twingate. Twingate is a zero-trust gateway product — application-aware, identity-aware, but architected around proxies, not mesh. wg0.io exposes the network honestly: every peer can see what it's authorized to see, full L3 connectivity within the grant scope. For workloads that need real-IP visibility (databases, RDP, smart-home gear, anything industrial), mesh wins.

vs. ZeroTier. ZeroTier uses its own custom protocol with a heavier userspace footprint. wg0.io's commitment to upstream WireGuard means kernel-speed throughput on modern Linux, audited cryptography, and zero vendor lock at the protocol layer.

Tech Stack

• Data plane: Upstream WireGuard — kernel module on modern Linux, wireguard-go userspace fallback for older kernels (CentOS 7, Debian 9, Ubuntu 18.04, container platforms that don't expose kernel modules).
• Connector: A small bash/jq/curl entrypoint shipped as a hardened Alpine container. Detects iptables backend (nft vs. legacy, with dual-write fallback), handles NAT/MASQUERADE for host-mode advertised routes, runs a heartbeat/reconcile loop.
• Control plane (the "Brain"): API at connect.wg0.io. /api/v1/enroll/register for first-touch, /api/v1/nodes/{id}/heartbeat for liveness, /api/v1/nodes/{id}/config for desired-state pulls.
• MCP API: Model Context Protocol server exposing the full surface to agents — list/create/update/delete across networks, devices, nodes, access grants, gateway exports, upstream exits, shared networks, enrollment tokens, health checks, traffic queries.
• Web UI: Dashboard at wg0.io. Free signup, network creation, device enrollment, access-grant editor, traffic graphs. Mobile QR onboarding.

Who It's For

• Sysadmins and SREs managing distributed offices, branch networks, or hybrid cloud/on-prem fleets.
• Agentic-AI developers who need to give autonomous agents lawful, audited access to internal resources without leaking credentials.
• MSPs managing many client networks — shared networks and per-tenant isolation make multi-tenant operations clean.
• Distributed teams who want their laptops, dev VMs, and home labs to behave like one network.
• Compliance-sensitive shops that need attributable, per-device network identity rather than shared VPN credentials.