Terminology

Here are some common terms used in the Pro Custodibus documentation. See also our WireGuard Terminology blog post for a few other general networking and WireGuard terms.

Host

A computer running an operating system with a network stack, such as a server, laptop, mobile phone, tablet, or Internet-of-Things (IoT) device.

WireGuard Host

A host running WireGuard.

When we use the general term “host” in the context of Pro Custodibus, we typically mean a WireGuard host.

The Pro Custodibus UI uses this icon for WireGuard hosts: Host Icon

Monitored Host

A host running the Pro Custodibus agent software.

Pro Custodibus Agent

A lightweight daemon that runs on each monitored host and sends WireGuard usage and audit logs to the Pro Custodibus servers. If configured to do so, it can also update the host’s WireGuard and network configuration.

When we use the general term “agent” in the context of Pro Custodibus, we typically mean the Pro Custodibus agent.

The Pro Custodibus UI uses this icon for agents: Agent Icon

Network Interface

A software device that connects a host to a network. It may represent a physical connection through a wired or wireless network card on the computer (such interfaces typically would be given names like eth0 or wl0), or it may represent an entirely virtual connection (such as the connection to a WireGuard network).

WireGuard Interface

A WireGuard network interface running on a host. The same host may have many different interfaces.

A host sends traffic to a WireGuard network through its interface to the network. From the perspective of a host, an interface is the local side of its connection to a network.

The convention for naming WireGuard interfaces is to prefix them with the lowercase letters wg, and use a digit (usually starting with 0) to distinguish among multiple interfaces of the same type on a host (so on a host with two interfaces, the interfaces typically would be named wg0 and wg1).

When we use the general term “interface” in the context of Pro Custodibus, we typically mean a WireGuard interface.

The Pro Custodibus UI uses this icon for WireGuard interfaces: Interface Icon

WireGuard Endpoint

The combination of IP address and port (such as 192.0.2.1:51820) to which traffic for a member of a WireGuard network is sent. From the perspective of a host, an endpoint is the remote side of its connection to another member.

When we use the general term “endpoint” in the context of Pro Custodibus, we typically mean a WireGuard endpoint.

The Pro Custodibus UI uses this icon for WireGuard endpoints: Endpoint Icon

WireGuard Peer

The identity of a member of a WireGuard network. The same host may be a member of many distinct networks, appearing as a different peer to each.

Each peer uses a unique X25519 key pair to authenticate itself to other peers. The public part of this key pair, its “public key” (typically represented as a 44-character base64-encoded string like O2onvM62pC1io6jQKm8Nc2UyFXcd4kOmOsBIoYtZ2ik=), uniquely identifies the peer.

The Pro Custodibus UI uses this icon for WireGuard peers: Peer Icon

Local Peer

From the perspective of a host, one of the identities the host itself uses to connect to one or more of its WireGuard networks.

Remote Peer

From the perspective of a host, the identity of a different member of one or more of the host’s WireGuard networks.

When we use the general term “peer” in the context of Pro Custodibus, we typically mean a remote peer.

WireGuard Network

A virtual private network, using private IP addresses (such as in the 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16 blocks), to connect two or more peers via a secure tunnel through other physical public and private networks.

The same host may be part of many different, overlapping networks. From the perspective of a host, a network consists of the peers to which it can connect via a specific interface.