Jason Donenfeld ships WireGuard for Windows and WireGuardNT v1.0 after resolving two long-standing kernel-level blockers on Windows.
Key Takeaways
NDIS pointer fix: replaced a fragile hack using the device object’s Reserved field with NdisWdfGetAdapterContextFromAdapterHandle(), a stable Win10+ API originally added for NetAdapterCx.
MTU notification hack: Microsoft’s NotifyIpInterfaceChange() never fires for MTU changes (a known bug since 2021, still unfixed); Donenfeld reverse-engineered \Device\Nsi and intercepts IOCTL_NSI_SET_ALL_PARAMETERS to detect MTU changes instantly instead of polling every 3 seconds.
42 bug/correctness fixes ship in this release; the codebase now compiles in C23 mode, enabling typeof() but keeping __declspec(align(n)) over standard alignas() due to struct-alignment ergonomics.
DNS fallback for Windows 10 pre-1809: reverse-engineered netsh.exe’s registry writes plus ControlService(SERVICE_CONTROL_PARAMCHANGE) to Dnscache, avoiding the ugly subprocess-and-parse path on frozen old OS versions.
Available via the built-in updater or direct installer; project sustains itself via donations from VPN providers and large company sponsors.