var img = document.createElement('img'); img.src = "" + location.pathname; = "border:0"; img.alt = "tracker"; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(img,s);
Skip to main content

cunīcu logo

GitHub build goreportcard Codecov License GitHub go.mod Go version Go Reference

cunīcu is currently still in an Alpha state and not usable yet 🚧

cunīcu is a user-space daemon managing WireGuard® interfaces to establish a mesh of peer-to-peer VPN connections in harsh network environments.

To achieve this, cunīcu utilizes a signaling layer to exchange peer information such as public encryption keys, hostname, advertised networks and reachability information to automate the configuration of the networking links. From a user perspective, cunīcu alleviates the need of manual configuration such as exchange of public keys, IP addresses, endpoints, etc.. Hence, it adopts the design goals of the WireGuard project, to be simple and easy to use.

Thanks to Interactive Connectivity Establishment (ICE), cunīcu is capable to establish direct connections between peers which are located behind NAT firewalls such as home routers. In situations where ICE fails, or direct UDP connectivity is not available, cunīcu falls back to using TURN relays to reroute traffic over an intermediate hop or encapsulate the WireGuard traffic via TURN-TCP.

It relies on the awesome pion/ice package for ICE as well as bundles the a Go user-space implementation of WireGuard in a single binary for systems in which WireGuard kernel support has not landed yet.

With these features, cunīcu can be used to quickly build multi-agent systems or connect field devices such as power grid monitoring infrastructure into a fully connected mesh. Within the ERIGrid 2.0 project, cunīcu is used to interconnect smart grid laboratories for geographically distributed simulation of energy systems.

The project is currently actively developed by Steffen Vogel at the Institute for Automation of Complex Power Systems (ACS) of RWTH Aachen University

Getting started

To use cunīcu follow these steps on each host:

  1. Install cunīcu
  2. Configure your WireGuard interfaces using wg, wg-quick or NetworkManager
  3. Start the cunīcu daemon by running: sudo cunicu daemon

Make sure that in step 2. you have created WireGuard keys and exchanged them by hand between the hosts. cunīcu does not (yet) discover available peers. You are responsible to add the peers to the WireGuard interface by yourself.

After the cunīcu daemons have been started, they will attempt to discover valid endpoint addresses using the ICE protocol (e.g. contacting STUN servers). These ICE candidates are then exchanged via the signaling server and cunīcu will update the endpoint addresses of the WireGuard peers accordingly. Once this has been done, the cunīcu logs should show a line state=connected.


  • Steffen Vogel (@stv0g, Institute for Automation of Complex Power Systems, RWTH Aachen University)

Join us

Please feel free to join our Slack channel #cunicu in the Gophers workspace and say 👋.


The project name cunīcu [kʊˈniːkʊ] is derived from the latin noun cunīculus which means rabbit, a rabbit burrow or underground tunnel. We have choosen it as a name for this project as cunīcu builds tunnels between otherwise hard to reach network locations. It has been changed from the former name wice in order to broaden the scope of the project and avoid any potential trademark violations.


cunīcu is licensed under the Apache 2.0 license.

Funding acknowledgement

The project has been initiated by Steffen Vogel while working at the Institute for Automation of Complex Power Systems (ACS) of RWTH Aachen University.

European Flag The development of cunīcu has been supported by the ERIGrid 2.0 project of the H2020 Programme under Grant Agreement No. 870620


WireGuard and the WireGuard logo are registered trademarks of Jason A. Donenfeld.