Glossary¶
This glossary provides definitions for key terms and concepts used throughout the Waveshift documentation.
A¶
Access Point¶
A device that allows wireless devices to connect to a wired network using Wi-Fi.
Access Server¶
Public WireGuard server that allows connection to the Waveshift Controller from anywhere. Created with wavectl access-servers --add N.
Anonymity Set¶
The group of users whose traffic your traffic blends in with. Larger anonymity sets provide better privacy protection.
AWS (Amazon Web Services)¶
Cloud computing platform where Waveshift Control Plane and PoPs are deployed.
B¶
Bandwidth¶
The maximum rate of data transfer across a given path in the network.
Bearer Router¶
The router that provides internet connectivity to the Waveshift system. Typically a GL.iNet Beryl configured for internet access.
Blackfire Technology¶
The company that develops and maintains Waveshift.
C¶
Cloudflare¶
Cloud-based service that provides security and performance features. Waveshift optionally integrates with Cloudflare WARP for traffic normalisation.
Cloudflare WARP¶
A privacy-focused VPN service using WireGuard protocol. When integrated with Waveshift, provides massive anonymity sets and traffic normalisation.
Control Hub¶
A GL.iNet Brume2 router flashed with Waveshift firmware that manages and coordinates all connected nodes. Entry point for control data traffic to the Control Plane.
Control Plane (WCP)¶
The cloud-hosted part of Waveshift (running in AWS) responsible for managing and coordinating nodes and PoPs. Provides the web-based user interface.
D¶
Drand¶
A distributed randomness beacon supported by cryptographic institutions (Cloudflare, EPFL, etc.). Used by Waveshift to ensure high-quality entropy for cryptographic key generation.
DNS over HTTPS (DoH)¶
Method of encrypting DNS queries to prevent ISPs or network operators from seeing which websites you're accessing.
E¶
Egress Location¶
The geographic location (AWS region) where your internet traffic exits to the public internet.
Egress Server¶
See PoP (Point of Presence).
Entropy¶
Randomness collected by systems for use in cryptography. High-quality entropy is essential for generating secure encryption keys.
F¶
Firmware¶
Software permanently programmed onto Waveshift routers (Control Hub and Nodes). Based on OpenWrt with Waveshift-specific features.
G¶
GL.iNet¶
Manufacturer of the router hardware used in Waveshift systems (Brume2 for Control Hub, Slate AX for Nodes, Beryl for Bearer).
H¶
Hub¶
See Control Hub.
I¶
IAM (Identity and Access Management)¶
AWS service for managing access to AWS resources. Waveshift creates specific IAM roles for its components.
Infra.json¶
Deprecated. Previous name for configuration file. Now called wavectl.json.
K¶
Kasm Workspaces¶
Containerized browser environments for secure web browsing. Waveshift integrates with Kasm to provide isolated, secure browsing with configurable egress locations.
Killswitch (VPN)¶
Security feature that blocks all internet traffic if the VPN connection drops, preventing data leaks.
M¶
Mesh Network¶
Network topology where devices connect directly and non-hierarchically to as many other devices as possible in the same network.
N¶
Node¶
A GL.iNet Slate AX router flashed with Waveshift firmware. Allows non-Waveshift devices to be bootstrapped into the Waveshift network by providing local network connectivity with automatic VPN routing.
O¶
OpenWrt¶
Open-source Linux-based firmware for routers. Waveshift firmware is based on OpenWrt with custom features.
P¶
P2P (Peer-to-Peer)¶
Direct communication between devices on the same PoP without traffic going through the public internet.
PoP (Point of Presence)¶
An on-demand AWS infrastructure deployment that provides WireGuard VPN server, optional Cloudflare integration, and optional Kasm Workspaces. Also called Egress Server.
Proteus¶
Internal code name for the Waveshift orchestration system that manages AWS infrastructure deployment.
R¶
Route53¶
AWS DNS service used by Waveshift for private hosted zones and internal service discovery.
S¶
SSM (AWS Systems Manager)¶
AWS service for managing EC2 instances. Waveshift uses SSM for secure shell access to infrastructure without requiring SSH keys.
Site¶
In wavectl context, refers to a physical location with hub router and nodes. Sites are registered and managed via wavectl sites commands.
T¶
Traffic Normalisation¶
Process of blending your internet traffic with millions of other users to make it indistinguishable. Achieved through Cloudflare WARP integration.
V¶
VPC (Virtual Private Cloud)¶
Isolated section of AWS cloud where Waveshift infrastructure is deployed. Each deployment creates its own VPC with subnets, security groups, and networking.
VPN (Virtual Private Network)¶
Encrypted network connection. Waveshift uses WireGuard VPN protocol for all connections.
W¶
WARP¶
See Cloudflare WARP.
Waveshift¶
Comprehensive networking platform that combines hardware nodes, cloud infrastructure, and privacy features for secure internet access and private mesh networking.
wavectl¶
Command-line interface tool for deploying and managing Waveshift infrastructure on AWS.
wavectl.json¶
Configuration file created by wavectl init that stores AWS settings, identity provider, and site information. Must be in current directory when running wavectl commands.
WCP (Waveshift Control Plane)¶
See Control Plane.
WireGuard¶
Modern, fast VPN protocol using state-of-the-art cryptography (Curve25519, ChaCha20). Used by Waveshift for all VPN connections.
WUI (Waveshift User Interface)¶
Web-based interface (accessed at http://10.1.0.1 when connected to Control Hub) for managing Waveshift network, creating PoPs, and administering users.
Additional Resources¶
- FAQ - Frequently asked questions
- How Waveshift Works - System architecture explained
- Troubleshooting - Common issues and solutions
This glossary is regularly updated. If you need a definition for a term not listed here, please contact support@blackfire.tech