Compare · vs WireGuard

WireGuard is one of the eight Beacons transports.

WireGuard is a wonderfully small, fast, audited Layer-3 tunneling protocol. It has no identity model, no access control, no audit trail — those are out of scope by design. Beacons builds those layers around WireGuard (and seven other transports) so the protocol stays simple and the platform stays complete.

What WireGuard gives you

Strong modern crypto. Tiny kernel module. Excellent throughput. A keypair on each side. Static configuration. Linux-native, ported everywhere.

It is the right primitive to build on. We do.

What Beacons adds — without changing WireGuard

Identity: every WireGuard endpoint is a `did:oas`-rooted peer with lineage, attestations, and capability tokens.

Access control: the WireGuard interface configuration is generated from policy, not edited by hand.

Audit: every configuration push is a hash-chained event anchored on Sigil.

Multi-transport: when a device cannot run WireGuard, Beacons uses one of the other seven transports — and the policy engine never knows the difference.

If you only need raw WireGuard

Use it. You do not need Beacons. Beacons is for organizations that need the layers above WireGuard, not for replacing the protocol itself.

Open a fleet

The mesh that fits agents and humans.

A `did:oas`-rooted private mesh that ships peer configurations to any device, anywhere, by policy — not by hand.

Open consoleRead the quickstart