In our release statement for the WireGuard beta test we mentioned that changes to our implementation might occur. We can now notify that two changes have been implemented:
The reason for this is that since we push all WireGuard keys to all servers, the additional firewall rules create inefficiencies and slower throughput. By enabling streaming services for all WireGuard users, our VPN servers no longer need to create thousands of routing rules.
Port forwards for WireGuard are now connected to specific keypairs, instead of all keypairs.
The reason for this is that our initial implementation had a bug, causing port forwards to only work for the keypair that was last created.
WireGuard is a registered trademark of Jason A. Donenfeld.