diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index b8270fa..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "wireguard-go"]
-	path = wireguard-go
-	url = https://git.zx2c4.com/wireguard-go
diff --git a/wireguard-go b/wireguard-go
deleted file mode 160000
index 88ff67f..0000000
--- a/wireguard-go
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 88ff67fb6f55456e46877b71aa5d33060468f95e
diff --git a/wireguard-go-bridge/Makefile b/wireguard-go-bridge/Makefile
index 6898949..d957e0c 100644
--- a/wireguard-go-bridge/Makefile
+++ b/wireguard-go-bridge/Makefile
@@ -48,39 +48,27 @@ $(GOROOT)/bin/go: .cache/$(GOBUILDTARBALL)
 	mkdir -p "$(GOROOT)"
 	tar -C "$(GOROOT)" --strip-components=1 -xzf - < .cache/$(GOBUILDTARBALL) || { rm -rf "$(GOROOT)"; exit 1; }
 	patch -p1 -f -N -r- -d "$(GOROOT)" < goruntime-boottime-over-monotonic.diff || { rm -rf "$(GOROOT)"; exit 1; }
+	touch $@
 
 $(shell test "$$(cat "$(BUILDDIR)/.gobuildversion" 2>/dev/null)" = "$(GOBUILDVERSION_CURRENT)" || rm -f "$(DESTDIR)/libwg-go.a")
 
-define copy-src-to-build
-$(subst $(1),$(BUILDDIR)/,$(2)): $(2)
-	@mkdir -vp "$$(dir $$@)"
-	@cp -vp "$$<" "$$@"
-$(BUILDDIR)/.prepared: $(subst $(1),$(BUILDDIR)/,$(2))
-endef
-
-$(foreach FILE,$(UPSTREAM_FILES),$(eval $(call copy-src-to-build,../wireguard-go/,$(FILE))))
-$(foreach FILE,$(DOWNSTREAM_FILES),$(eval $(call copy-src-to-build,src/,$(FILE))))
-
-$(BUILDDIR)/.prepared: $(GOROOT)/bin/go
-	cd "$(BUILDDIR)" || exit $$?; $(foreach ARCH,$(ARCHS),CGO_CFLAGS="$(CFLAGS_PREFIX) $(ARCH)" CGO_LDFLAGS="$(CFLAGS_PREFIX) $(ARCH)" GOARCH="$(GOARCH_$(ARCH))" go get -tags ios || { ret=$$?; chmod -fR +w "$(GOPATH)/pkg/mod"; rm -rf "$(GOPATH)/pkg/mod"; exit $$ret; };)
-	chmod -fR +w "$(GOPATH)/pkg/mod"
-	touch "$@"
-
 define libwg-go-a
-$(BUILDDIR)/libwg-go-$(1).a: $(BUILDDIR)/.prepared
-	cd "$(BUILDDIR)" || exit $$$$?; \
+$(BUILDDIR)/libwg-go-$(1).a: $(GOROOT)/bin/go
 	CGO_CFLAGS="$(CFLAGS_PREFIX) $(ARCH)" \
 	CGO_LDFLAGS="$(CFLAGS_PREFIX) $(ARCH)" \
 	GOARCH="$(GOARCH_$(1))" \
 	go build -tags ios -ldflags=-w -v -o "$(BUILDDIR)/libwg-go-$(1).a" -buildmode c-archive && go version > "$(BUILDDIR)/.gobuildversion"; \
+	chmod -fR +w "$(GOPATH)/pkg/mod"; \
 	ret=$$$$?; \
 	rm -f "$(BUILDDIR)/libwg-go-$(1).h"; \
 	exit $$$$ret
 endef
 $(foreach ARCH,$(ARCHS),$(eval $(call libwg-go-a,$(ARCH))))
 
-$(DESTDIR)/wireguard-go-version.h: ../wireguard-go/version.go
-	sed -n 's/.*WireGuardGoVersion = "\(.*\)"/#define WIREGUARD_GO_VERSION "\1"/p' "$^" > "$@"
+$(DESTDIR)/wireguard-go-version.h: go.mod $(GOROOT)/bin/go
+	go get -d -tags ios; chmod -fR +w "$(GOPATH)/pkg/mod"
+	wggo="$(GOPATH)/pkg/mod/$$(sed -n 's/.*\(golang\.zx2c4\.com\/wireguard\) \(.*\)$$/\1@\2/p' go.mod)"; \
+	sed -n 's/.*WireGuardGoVersion = "\(.*\)"/#define WIREGUARD_GO_VERSION "\1"/p' "$$wggo/device/version.go" > "$@"
 
 $(DESTDIR)/libwg-go.a: $(foreach ARCH,$(ARCHS),$(BUILDDIR)/libwg-go-$(ARCH).a)
 	@mkdir -vp "$(DESTDIR)"
diff --git a/wireguard-go-bridge/src/api-ios.go b/wireguard-go-bridge/api-ios.go
similarity index 64%
rename from wireguard-go-bridge/src/api-ios.go
rename to wireguard-go-bridge/api-ios.go
index d3d9201..dd66648 100644
--- a/wireguard-go-bridge/src/api-ios.go
+++ b/wireguard-go-bridge/api-ios.go
@@ -1,4 +1,4 @@
-/* SPDX-License-Identifier: GPL-2.0
+/* SPDX-License-Identifier: MIT
  *
  * Copyright (C) 2018-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
  */
@@ -18,6 +18,7 @@ import (
 	"bytes"
 	"errors"
 	"golang.org/x/sys/unix"
+	"golang.zx2c4.com/wireguard/device"
 	"golang.zx2c4.com/wireguard/tun"
 	"log"
 	"math"
@@ -45,12 +46,16 @@ func (l *CLogger) Write(p []byte) (int, error) {
 	return len(p), nil
 }
 
-var tunnelHandles map[int32]*Device
+type tunnelHandle struct {
+	*device.Device
+	*device.Logger
+}
+
+var tunnelHandles = make(map[int32]tunnelHandle)
 
 func init() {
-	versionString = C.CString(WireGuardGoVersion)
-	roamingDisabled = true
-	tunnelHandles = make(map[int32]*Device)
+	versionString = C.CString(device.WireGuardGoVersion)
+	device.RoamingDisabled = true
 	signals := make(chan os.Signal)
 	signal.Notify(signals, unix.SIGUSR2)
 	go func() {
@@ -70,7 +75,7 @@ func init() {
 
 //export wgEnableRoaming
 func wgEnableRoaming(enabled bool) {
-	roamingDisabled = !enabled
+	device.RoamingDisabled = !enabled
 }
 
 //export wgSetLogger
@@ -80,21 +85,26 @@ func wgSetLogger(loggerFn uintptr) {
 
 //export wgTurnOn
 func wgTurnOn(settings string, tunFd int32) int32 {
-	logger := &Logger{
+	logger := &device.Logger{
 		Debug: log.New(&CLogger{level: 0}, "", 0),
 		Info:  log.New(&CLogger{level: 1}, "", 0),
 		Error: log.New(&CLogger{level: 2}, "", 0),
 	}
 
-	tun, _, err := tun.CreateTUNFromFD(int(tunFd))
+	err := unix.SetNonblock(int(tunFd), true)
+	if err != nil {
+		logger.Error.Println(err)
+		return -1
+	}
+	tun, err := tun.CreateTUNFromFile(os.NewFile(uintptr(tunFd), "/dev/tun"), 0)
 	if err != nil {
 		logger.Error.Println(err)
 		return -1
 	}
 	logger.Info.Println("Attaching to interface")
-	device := NewDevice(tun, logger)
+	device := device.NewDevice(tun, logger)
 
-	setError := ipcSetOperation(device, bufio.NewReader(strings.NewReader(settings)))
+	setError := device.IpcSetOperation(bufio.NewReader(strings.NewReader(settings)))
 	if setError != nil {
 		logger.Error.Println(setError)
 		return -1
@@ -112,7 +122,7 @@ func wgTurnOn(settings string, tunFd int32) int32 {
 	if i == math.MaxInt32 {
 		return -1
 	}
-	tunnelHandles[i] = device
+	tunnelHandles[i] = tunnelHandle{device, logger}
 	return i
 }
 
@@ -132,10 +142,10 @@ func wgSetConfig(tunnelHandle int32, settings string) int64 {
 	if !ok {
 		return 0
 	}
-	err := ipcSetOperation(device, bufio.NewReader(strings.NewReader(settings)))
+	err := device.IpcSetOperation(bufio.NewReader(strings.NewReader(settings)))
 	if err != nil {
-		device.log.Error.Println(err)
-		return err.int64
+		device.Error.Println(err)
+		return err.ErrorCode()
 	}
 	return 0
 }
@@ -148,7 +158,7 @@ func wgGetConfig(tunnelHandle int32) *C.char {
 	}
 	settings := new(bytes.Buffer)
 	writer := bufio.NewWriter(settings)
-	err := ipcGetOperation(device, writer)
+	err := device.IpcGetOperation(writer)
 	if err != nil {
 		return nil
 	}
@@ -158,46 +168,18 @@ func wgGetConfig(tunnelHandle int32) *C.char {
 
 //export wgBindInterfaceScope
 func wgBindInterfaceScope(tunnelHandle int32, ifscope int32) {
-	var operr error
 	device, ok := tunnelHandles[tunnelHandle]
 	if !ok {
 		return
 	}
-	device.log.Info.Printf("Binding sockets to interface %d\n", ifscope)
-	bind := device.net.bind.(*NativeBind)
-	for bind.ipv4 != nil {
-		fd, err := bind.ipv4.SyscallConn()
-		if err != nil {
-			device.log.Error.Printf("Unable to bind v4 socket to interface:", err)
-			break
-		}
-		err = fd.Control(func(fd uintptr) {
-			operr = unix.SetsockoptInt(int(fd), unix.IPPROTO_IP, unix.IP_BOUND_IF, int(ifscope))
-		})
-		if err == nil {
-			err = operr
-		}
-		if err != nil {
-			device.log.Error.Printf("Unable to bind v4 socket to interface:", err)
-		}
-		break
+	device.Info.Printf("Binding sockets to interface %d\n", ifscope)
+	err := device.BindSocketToInterface4(uint32(ifscope))
+	if err != nil {
+		device.Error.Printf("Unable to bind v4 socket to interface:", err)
 	}
-	for bind.ipv6 != nil {
-		fd, err := bind.ipv6.SyscallConn()
-		if err != nil {
-			device.log.Error.Printf("Unable to bind v6 socket to interface:", err)
-			break
-		}
-		err = fd.Control(func(fd uintptr) {
-			operr = unix.SetsockoptInt(int(fd), unix.IPPROTO_IPV6, unix.IPV6_BOUND_IF, int(ifscope))
-		})
-		if err == nil {
-			err = operr
-		}
-		if err != nil {
-			device.log.Error.Printf("Unable to bind v6 socket to interface:", err)
-		}
-		break
+	err = device.BindSocketToInterface6(uint32(ifscope))
+	if err != nil {
+		device.Error.Printf("Unable to bind v6 socket to interface:", err)
 	}
 }
 
diff --git a/wireguard-go-bridge/go.mod b/wireguard-go-bridge/go.mod
new file mode 100644
index 0000000..82d4128
--- /dev/null
+++ b/wireguard-go-bridge/go.mod
@@ -0,0 +1,8 @@
+module golang.zx2c4.com/wireguard/ios
+
+go 1.12
+
+require (
+	golang.org/x/sys v0.0.0-20190302025703-b6889370fb10
+	golang.zx2c4.com/wireguard v0.0.0-20190303043202-244a98e380fa
+)
diff --git a/wireguard-go-bridge/go.sum b/wireguard-go-bridge/go.sum
new file mode 100644
index 0000000..dc78250
--- /dev/null
+++ b/wireguard-go-bridge/go.sum
@@ -0,0 +1,10 @@
+github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA=
+golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 h1:jsG6UpNLt9iAsb0S2AGW28DveNzzgmbXR+ENoPjUeIU=
+golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95 h1:fY7Dsw114eJN4boqzVSbpVHO6rTdhq6/GnXeu+PKnzU=
+golang.org/x/net v0.0.0-20190301231341-16b79f2e4e95/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190302025703-b6889370fb10 h1:xQJI9OEiErEQ++DoXOHqEpzsGMrAv2Q2jyCpi7DmfpQ=
+golang.org/x/sys v0.0.0-20190302025703-b6889370fb10/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.zx2c4.com/wireguard v0.0.0-20190303043202-244a98e380fa h1:t/IV/5G9uPXXDoaOrk+Lx2VsFhbqWGYFE+GEl160Yzc=
+golang.zx2c4.com/wireguard v0.0.0-20190303043202-244a98e380fa/go.mod h1:Koyxt99ZAZcr8lJuisBNX9vnaqKVNGcITeWOI1Zkmsw=
diff --git a/wireguard-go-bridge/src/queueconstants.go b/wireguard-go-bridge/src/queueconstants.go
deleted file mode 100644
index 85dfa1e..0000000
--- a/wireguard-go-bridge/src/queueconstants.go
+++ /dev/null
@@ -1,16 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0
- *
- * Copyright (C) 2017-2019 WireGuard LLC. All Rights Reserved.
- */
-
-package main
-
-/* Fit within memory limits for iOS */
-
-const (
-	QueueOutboundSize          = 1024
-	QueueInboundSize           = 1024
-	QueueHandshakeSize         = 1024
-	MaxSegmentSize             = 1700
-	PreallocatedBuffersPerPool = 1024
-)
diff --git a/wireguard-go-bridge/src/tun/api-ios.go b/wireguard-go-bridge/src/tun/api-ios.go
deleted file mode 100644
index 8d3413e..0000000
--- a/wireguard-go-bridge/src/tun/api-ios.go
+++ /dev/null
@@ -1,46 +0,0 @@
-/* SPDX-License-Identifier: GPL-2.0
- *
- * Copyright (C) 2017-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- */
-
-package tun
-
-import (
-	"golang.org/x/sys/unix"
-	"net"
-	"os"
-)
-
-func CreateTUNFromFD(tunFd int) (TUNDevice, string, error) {
-	err := unix.SetNonblock(tunFd, true)
-	if err != nil {
-		return nil, "", err
-	}
-	file := os.NewFile(uintptr(tunFd), "/dev/tun")
-	tun := &nativeTun{
-		tunFile: file,
-		events:  make(chan TUNEvent, 5),
-		errors:  make(chan error, 5),
-	}
-	name, err := tun.Name()
-	if err != nil {
-		return nil, "", err
-	}
-	tunIfindex, err := func() (int, error) {
-		iface, err := net.InterfaceByName(name)
-		if err != nil {
-			return -1, err
-		}
-		return iface.Index, nil
-	}()
-	if err != nil {
-		return nil, "", err
-	}
-	tun.routeSocket, err = unix.Socket(unix.AF_ROUTE, unix.SOCK_RAW, unix.AF_UNSPEC)
-	if err != nil {
-		return nil, "", err
-	}
-	go tun.routineRouteListener(tunIfindex)
-
-	return tun, name, nil
-}