Here are some common terms used in the Pro Custodibus documentation. See also our WireGuard Terminology blog post for a few other general networking and WireGuard terms.
A computer running an operating system with a network stack, such as a server, laptop, mobile phone, tablet, or Internet-of-Things (IoT) device.
A host running WireGuard.
When we use the general term “host” in the context of Pro Custodibus, we typically mean a WireGuard host.
The Pro Custodibus UI uses this icon for WireGuard hosts:
A lightweight daemon that runs on each monitored host and sends WireGuard usage and audit logs to the Pro Custodibus servers. If configured to do so, it can also update the host’s WireGuard and network configuration.
When we use the general term “agent” in the context of Pro Custodibus, we typically mean the Pro Custodibus agent.
The Pro Custodibus UI uses this icon for agents:
A software device that connects a host to a network. It may represent a physical connection through a wired or wireless network card on the computer (such interfaces typically would be given names like
wl0), or it may represent an entirely virtual connection (such as the connection to a WireGuard network).
A WireGuard network interface running on a host. The same host may have many different interfaces.
A host sends traffic to a WireGuard network through its interface to the network. From the perspective of a host, an interface is the local side of its connection to a network.
The convention for naming WireGuard interfaces is to prefix them with the lowercase letters
wg, and use a digit (usually starting with
0) to distinguish among multiple interfaces of the same type on a host (so on a host with two interfaces, the interfaces typically would be named
When we use the general term “interface” in the context of Pro Custodibus, we typically mean a WireGuard interface.
The Pro Custodibus UI uses this icon for WireGuard interfaces:
The combination of IP address and port (such as
192.0.2.1:51820) to which traffic for a member of a WireGuard network is sent. From the perspective of a host, an endpoint is the remote side of its connection to another member.
When we use the general term “endpoint” in the context of Pro Custodibus, we typically mean a WireGuard endpoint.
The Pro Custodibus UI uses this icon for WireGuard endpoints:
The identity of a member of a WireGuard network. The same host may be a member of many distinct networks, appearing as a different peer to each.
Each peer uses a unique X25519 key pair to authenticate itself to other peers. The public part of this key pair, its “public key” (typically represented as a 44-character base64-encoded string like
O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik=), uniquely identifies the peer.
The Pro Custodibus UI uses this icon for WireGuard peers:
From the perspective of a host, one of the identities the host itself uses to connect to one or more of its WireGuard networks.
From the perspective of a host, the identity of a different member of one or more of the host’s WireGuard networks.
When we use the general term “peer” in the context of Pro Custodibus, we typically mean a remote peer.
A virtual private network, using private IP addresses (such as in the
192.168.0.0/16 blocks), to connect two or more peers via a secure tunnel through other physical public and private networks.
The same host may be part of many different, overlapping networks. From the perspective of a host, a network consists of the peers to which it can connect via a specific interface.