diff --git a/docs/changelog.md b/docs/changelog.md
index 75177ac0..14a27ca3 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -1,3 +1,8 @@
+#### 2022/08/16
+
+* Add ip_version (route/dns) rule item
+* Add [WireGuard](/configuration/outbound/wireguard) outbound
+
 #### 2022/08/15
 
 * Add uid, android user and package rules support in [Tun](/configuration/inbound/tun) routing.
diff --git a/docs/configuration/outbound/index.md b/docs/configuration/outbound/index.md
index 20956816..17bf5556 100644
--- a/docs/configuration/outbound/index.md
+++ b/docs/configuration/outbound/index.md
@@ -20,8 +20,9 @@
 | `socks`       | [Socks](./socks)             |
 | `http`        | [HTTP](./http)               |
 | `shadowsocks` | [Shadowsocks](./shadowsocks) |
- | `vmess`       | [VMess](./vmess)             |
-  | `trojan`      | [Trojan](./trojan)           |
+| `vmess`       | [VMess](./vmess)             |
+| `trojan`      | [Trojan](./trojan)           |
+| `wireguard`   | [Wireguard](./wireguard)     |
 | `dns`         | [DNS](./dns)                 |
 | `selector`    | [Selector](./selector)       |
 
diff --git a/docs/configuration/outbound/wireguard.md b/docs/configuration/outbound/wireguard.md
new file mode 100644
index 00000000..87692291
--- /dev/null
+++ b/docs/configuration/outbound/wireguard.md
@@ -0,0 +1,136 @@
+### Structure
+
+```json
+{
+  "outbounds": [
+    {
+      "type": "wireguard",
+      "tag": "wireguard-out",
+      
+      "server": "127.0.0.1",
+      "server_port": 1080,
+      "local_address": [
+        "10.0.0.1",
+        "10.0.0.2/32"
+      ],
+      "private_key": "YNXtAzepDqRv9H52osJVDQnznT5AM11eCK3ESpwSt04=",
+      "peer_public_key": "Z1XXLsKYkYxuiYjJIkRvtIKFepCYHTgON+GwPq7SOV4=",
+      "pre_shared_key": "31aIhAPwktDGpH4JDhA8GNvjFXEf/a6+UaQRyOAiyfM=",
+      "mtu": 1408,
+      "network": "tcp",
+      
+      "detour": "upstream-out",
+      "bind_interface": "en0",
+      "routing_mark": 1234,
+      "reuse_addr": false,
+      "connect_timeout": "5s",
+      "tcp_fast_open": false,
+      "domain_strategy": "prefer_ipv6",
+      "fallback_delay": "300ms"
+    }
+  ]
+}
+```
+
+### WireGuard Fields
+
+#### server
+
+==Required==
+
+The server address.
+
+#### server_port
+
+==Required==
+
+The server port.
+
+#### local_address
+
+==Required==
+
+List of IP (v4 or v6) addresses (optionally with CIDR masks) to be assigned to the interface.
+
+#### private_key
+
+==Required==
+
+WireGuard requires base64-encoded public and private keys. These can be generated using the wg(8) utility:
+
+```shell
+wg genkey
+echo "private key" || wg pubkey
+```
+
+#### peer_public_key
+
+==Required==
+
+WireGuard peer public key.
+
+#### pre_shared_key
+
+WireGuard pre-shared key.
+
+#### mtu
+
+WireGuard MTU. 1408 will be used if empty.
+
+#### network
+
+Enabled network
+
+One of `tcp` `udp`.
+
+Both is enabled by default.
+
+### Dial Fields
+
+#### detour
+
+The tag of the upstream outbound.
+
+Other dial fields will be ignored when enabled.
+
+#### bind_interface
+
+The network interface to bind to.
+
+#### routing_mark
+
+!!! error ""
+
+    Linux only
+
+The iptables routing mark.
+
+#### reuse_addr
+
+Reuse listener address.
+
+#### connect_timeout
+
+Connect timeout, in golang's Duration format.
+
+A duration string is a possibly signed sequence of
+decimal numbers, each with optional fraction and a unit suffix,
+such as "300ms", "-1.5h" or "2h45m".
+Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
+
+#### domain_strategy
+
+One of `prefer_ipv4` `prefer_ipv6` `ipv4_only` `ipv6_only`.
+
+If set, the server domain name will be resolved to IP before connecting.
+
+`dns.strategy` will be used if empty.
+
+#### fallback_delay
+
+The length of time to wait before spawning a RFC 6555 Fast Fallback connection.
+That is, is the amount of time to wait for IPv6 to succeed before assuming
+that IPv6 is misconfigured and falling back to IPv4 if `prefer_ipv4` is set.
+If zero, a default delay of 300ms is used.
+
+Only take effect when `domain_strategy` is `prefer_ipv4` or `prefer_ipv6`.
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index 10d91a44..a15def59 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -62,6 +62,7 @@ nav:
           - Shadowsocks: configuration/outbound/shadowsocks.md
           - VMess: configuration/outbound/vmess.md
           - Trojan: configuration/outbound/trojan.md
+          - WireGuard: configuration/outbound/wireguard.md
           - DNS: configuration/outbound/dns.md
           - Selector: configuration/outbound/selector.md
       - Route:
diff --git a/outbound/wireguard.go b/outbound/wireguard.go
index 92285fe5..a49137ce 100644
--- a/outbound/wireguard.go
+++ b/outbound/wireguard.go
@@ -139,7 +139,7 @@ func NewWireGuard(ctx context.Context, router adapter.Router, logger log.Context
 	}
 	mtu := options.MTU
 	if mtu == 0 {
-		mtu = 1450
+		mtu = 1408
 	}
 	wireDevice, err := newWireDevice(localAddress, mtu)
 	if err != nil {