A Pure Hardware Design and Implementation on FPGA of WireGuard-based VPN Gateway

In the face of rising dangers to the internal network due to remote cooperation, VPN gateways are an important tool for organisational network administrators, and the appropriate execution of VPN gateway functions is a vital component in safeguarding the internal network. The VPN gateway confronts security risks from the underlying cryptographic algorithm library, the current operating system, and the central processor as the number of attackers grows and attack methods evolve. In this paper, we propose a pure hardware logic VPN gateway to address security threats from the cryptographic algorithm library, operating system, and CPU by independently implementing the WireGuard protocol’s underlying cryptographic algorithm and building the WireGuard protocol’s hardware logic circuit on the FPGA platform. Actual testing on the NetFPGA-1G-CML platform reveals that the system’s network throughput can reach 35Mbps/s, whereas the network throughput of the software’s WireGuard VPN is 23Mbps/s under the same network settings. Simultaneously, the delay statistics of 300 repetitions of data packet encryption were performed. The encryption latency was less than 20 microseconds when the data packet size was the default MTU.098