alt.hn

4/21/2026 at 9:26:25 PM

WireGuard for Windows Reaches v1.0

 https://lists.zx2c4.com/pipermail/wireguard/2026-April/009580.html

by zx2c4

4/23/2026 at 9:23:42 PM

The NSI filter-driver interception is the standout move in this release and it's worth not skimming past. When the documented API (NotifyIpInterfaceChange with MibParameterNotification) doesn't fire for MTU changes, Microsoft confirms the bug in 2021, and the fix never ships, you either live with a 3-second polling loop or you attach a filter driver to \Device\Nsi using IoAttachDeviceToDeviceStack, reverse engineer IOCTL_NSI_SET_ALL_PARAMETERS, and pull MTU straight out of NSI_IP_INTERFACE_RW while the change is being dispatched. That's a very different level of Windows kernel work from 'port Linux WireGuard to another OS.' The NetAdapterCx-helper trick (NdisWdfGetAdapterContextFromAdapterHandle) that kills the Reserved-field ticking time bomb is the quieter fix but arguably more important for the next decade of reliability.

by cwkcw

4/24/2026 at 12:55:18 AM

I feel like this kind of "API only kinda works" behavior is emblematic of MSFT. So many times I feel like what I want was anticipated, 90% of the work was done, and the rest is left to me to make a dodgy hack of.

by EvanAnderson

4/23/2026 at 11:18:21 PM

Thx claude

by acedTrex

4/23/2026 at 9:37:19 PM

Very impressive work, WireGuard is a phenomenal piece of software, congrats on getting to 1.0

I can see Raymond Chen’s eye twitching at some of those (clever and necessary!) undocumented workarounds though :D

Windows is just a different world I guess

by jaydenmilne

4/23/2026 at 10:27:51 PM

wireguard on windows and linux are extraordinarily solid at my org.

However, we have a lot of difficulty with macOS, seemingly with rather basic OS-level bugs that don't seem to be their fault: the big one is that a wireguard profile distributed by MDM for a system seems to work for the logged in user, but not for any other user. Seems to be a keychain issue.

While I don't expect any support, there does not seem to be a system to support getting pull requests reviewed and mainlined (including a PR that might address my need). Even tried IRC.

by twarge

4/24/2026 at 11:33:36 AM

Do you deploy a script per-user with mdm/intune to set up the wireguard tunnel whenever someone initially logs into a laptop?

I've investigated a few options for non-admin wireguard on Windows and it's all pretty messy.

by Incipient

4/24/2026 at 12:13:46 AM

Interestingly enough, Tailscale, that is build on top of Wireguard, work flawlessly on Mac.

by ekropotin

4/24/2026 at 5:29:30 AM

Not really, I always have to choose an exit node for Tailscale to allow me internet access on Mac while connected to a Tailnet on cellular.

by simfree

4/24/2026 at 12:03:35 AM

[flagged]

by loloquwowndueo

4/24/2026 at 12:28:31 AM

Very glad to see this maintained again, for years I thought it was abandoned and feared that it would break with a Windows update or something.

That said, I've been using it for quite a while and it's been surprisingly bug-free despite the lack of updates, which nowadays is quite impressive in its own right.

by bakugo