NymVPN does not currently provide standalone WireGuard configuration files. This feature is on the roadmap, but the zk-nym credential system requires a different approach to authentication than traditional WireGuard setups.
Unlike protocols like IPSec that rely on static keys and configuration files, NymVPN uses rotating anonymous credentials to prevent persistent identifiers.
Why NymVPN does not use standard WireGuard config files?
NymVPN authenticates users through zk-nyms, a zero-knowledge credential system that ensures anonymous network access. Unlike traditional VPNs where a static config file grants permanent access, NymVPN credentials rotate regularly. A WireGuard config file would expire at the next rotation, requiring you to generate a new zk-nym credential and reconfigure your connection each time.
This design is intentional. Static config files create persistent identifiers that can be linked to your network activity over time. Credential rotation prevents that linkability.
This approach enhances privacy and security, preventing persistent identifiers from being linked to network activity.
Router and firewall support (OpenWRT, pfSense)
WireGuard support for routers, firewalls, and other network-level devices is on the NymVPN public roadmap. This is one of the most requested features across support tickets and community discussions.
In the meantime, learn about VPN router setup options and how router-level VPN protection works.
The challenge is implementing router-level WireGuard without compromising the zk-nym privacy system. The team is exploring approaches that maintain credential rotation and anonymous access at the network device level.
You can track progress via our public roadmap, and we encourage you to stay tuned for updates!