diff --git a/packages/network/wireguard-tools/config/system.d/wireguard.service.sample b/packages/network/wireguard-tools/config/system.d/wireguard.service.sample
new file mode 100644
index 0000000000..02904fddee
--- /dev/null
+++ b/packages/network/wireguard-tools/config/system.d/wireguard.service.sample
@@ -0,0 +1,13 @@
+[Unit]
+Description=WireGuard VPN Service
+After=network-online.target nss-lookup.target connman-vpn.service
+Wants=network-online.target nss-lookup.target connman-vpn.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/connmanctl connect vpn_service_name_goes_here
+ExecStop=/usr/bin/connmanctl disconnect vpn_service_name_goes_here
+
+[Install]
+WantedBy=multi-user.target
diff --git a/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample b/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample
new file mode 100644
index 0000000000..9ff945349e
--- /dev/null
+++ b/packages/network/wireguard-tools/config/wireguard/wireguard.config.sample
@@ -0,0 +1,14 @@
+[provider_wireguard]
+Type = WireGuard
+Name = WireGuard VPN Tunnel
+Host = 3.2.5.6
+Domain = my.home.network
+WireGuard.Address = 10.2.0.2/24
+WireGuard.ListenPort = 51820
+WireGuard.PrivateKey = qKIj010hDdWSjQQyVCnEgthLXusBgm3I6HWrJUaJymc=
+WireGuard.PublicKey = zzqUfWGIil6QxrAGz77HE5BGUEdD2PgHYnCg3CDKagE=
+WireGuard.PresharedKey = DfEYeVs04HS9XhKGM4/ZXHG3Qc4MFK2AJd8XouYDbRQ=
+WireGuard.DNS = 8.8.8.8, 1.1.1.1
+WireGuard.AllowedIPs = 0.0.0.0/0
+WireGuard.EndpointPort = 51820
+WireGuard.PersistentKeepalive = 25
diff --git a/packages/network/wireguard-tools/package.mk b/packages/network/wireguard-tools/package.mk
new file mode 100644
index 0000000000..9a440e57dc
--- /dev/null
+++ b/packages/network/wireguard-tools/package.mk
@@ -0,0 +1,31 @@
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv)
+
+PKG_NAME="wireguard-tools"
+PKG_VERSION="v1.0.20200121"
+PKG_SHA256="e7aa8985dfeb495eff4b90b1817ea6c44f59ed124bac9fc85f6ba78173beef29"
+PKG_LICENSE="GPLv2"
+PKG_SITE="https://www.wireguard.com"
+PKG_URL="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-$PKG_VERSION.tar.xz"
+PKG_DEPENDS_TARGET="toolchain linux libmnl"
+PKG_NEED_UNPACK="$LINUX_DEPENDS"
+PKG_LONGDESC="WireGuard VPN userspace tools"
+PKG_TOOLCHAIN="manual"
+PKG_IS_KERNEL_PKG="yes"
+
+pre_make_target() {
+  unset LDFLAGS
+}
+
+make_target() {
+  kernel_make KERNELDIR=$(kernel_path) -C src/ wg
+}
+
+makeinstall_target() {
+  mkdir -p $INSTALL/usr/bin
+    cp $PKG_DIR/scripts/wg-keygen $INSTALL/usr/bin
+    cp $PKG_BUILD/src/wg $INSTALL/usr/bin
+
+  mkdir -p $INSTALL/usr
+    cp -R $PKG_DIR/config $INSTALL/usr
+}
diff --git a/packages/network/wireguard-tools/scripts/wg-keygen b/packages/network/wireguard-tools/scripts/wg-keygen
new file mode 100755
index 0000000000..342e3add04
--- /dev/null
+++ b/packages/network/wireguard-tools/scripts/wg-keygen
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv)
+
+if [ -x /usr/bin/wg ]; then
+
+  umask 077
+  mkdir -p /storage/.cache/wireguard
+
+  if [ ! -f /storage/.cache/wireguard/privatekey ]; then
+    wg genkey > /storage/.cache/wireguard/privatekey
+  fi
+  if [ ! -f /storage/.cache/wireguard/publickey ]; then
+    wg pubkey < /storage/.cache/wireguard/privatekey > /storage/.cache/wireguard/publickey
+  fi
+  if [ ! -f /storage/.cache/wireguard/preshared ]; then
+    wg genpsk > /storage/.cache/wireguard/preshared
+  fi
+
+fi
+
+echo "WireGuard keys have been saved to /storage/.cache/wireguard/"
+
+exit 0
diff --git a/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf b/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf
new file mode 100644
index 0000000000..6557517671
--- /dev/null
+++ b/packages/network/wireguard-tools/tmpfiles.d/z_03_wireguard.conf
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: GPL-2.0
+# Copyright (C) 2019-present Team LibreELEC (https://libreelec.tv)
+
+d    /storage/.cache/wireguard   0755 root root - -