Wondering what’s WireGuard VPN? No WireGuard isn’t some new VPN service, working its way to the market. In fact, it is a new open-source VPN protocol that simplifies the process of data encryption. It assures to be faster and more reliable than OpenVPN and IKEv2; generally regarded as the two best protocols available today.
WireGuard aficionados are openly prophesying that this “protocol of the tomorrow” will transcend every existing VPN tunneling choice.
But is this true? Will WireGuard put an end to the underlying VPN problems we see today, such as speed reductions and connection failures?
Also read: Best VPN for Nintendo Switch
Out of the three VPN services that currently support WireGuard, NordVPN is the only service I experiment with that offers a complete WireGuard solution. Its NordLynx update is available now and features an innovative solution to the privacy issues surrounding WireGuard.
New WireGuard Protocol -What’s So Exciting About it?
VPNs’ different protocols have pros and cons (e.g., faster speed usually means less secure), but the inherent advantages of WireGuard are various.
Aside from outpacing both OpenVPN and IKEv2 during speed testing, WireGuard was built with ease of use. Even manual network configuration will be quite easy when the protocol is deployed on a large scale.
One of the grounds for the new protocol’s speed and simplicity is a streamlined approach to encryption.
Substantially, instead of working with the very great, ready-made encryption techniques most VPNs use, WireGuard developers have reassembled the elements that make up those algorithms (known as”primitives”) in new ways. The idea is to gain speed without losing security.
WireGuard is also way too less bloated than that of OpenVPN, with only 4,000 lines of code. For example, OpenVPN has 70,000 lines of code.
This small coding guarantees regular, thorough auditing and improvement, which means fewer vulnerabilities than other protocols have.
Possible Hazards of Using WireGuard Now
Notwithstanding its many positives, even WireGuard’s WireGuard’s primary developer, Jason Donenfeld, still classifies it as experimental. This means your experience with WireGuard might not equate those impressive speed test results because of potential stability issues.
And there are some security concerns at present. The most grave is the process through which WireGuard assigns IP addresses. Both OpenVPN and IKEv2 dynamically assign IP addresses. This means your VPN doesn’t issue you the same IP address every time you connect.
WireGuard can’t dynamically assign IP addresses in this way. Instead, you get the same static IP address every time you connect. To attach this static IP address, WireGuard servers have to log and store your real IP address and your timestamps to “remember” which VPN IP to connect you to and to identify when you no longer need it.
Storing your identifiable information in this manner is in direct contradiction of most VPN privacy policies. Many services have issued statements saying that they will not implement WireGuard until these issues are rectified.
The creator himself is quick to caution VPN users against relying on the new protocol, recognizing that there’s plenty of work is in completion process before a stable version is ready for release.
Having said that, some VPNs aren’t waiting. Several services have taken steps to resolve WireGuard’s WireGuard’s risks by adding their own custom security measures on top.
Advantages of WireGuard VPN
Here are some of the ‘benefits’ that WireGuard offers:
WireGuard uses the following protocols and primitives, as explained on its site:
- ChaCha20 for symmetric encryption, authenticated with Poly1305, using RFC7539’s AEAD construction
- Curve25519 for ECDH
- BLAKE2s for hashing and keyed hashing, described in RFC7693
- SipHash24 for hashtable keys
- HKDF for key derivation, as described in RFC5869
The minimal and straightforward codebase
WireGuard stands out in terms of its codebase, which is currently about 3,800 lines. This is in stark contrast to OpenVPN and OpenSSL, which combined have around 600,000 lines. IPSec is also bulky at approximately 400,000 total lines with XFRM and StrongSwan together.
What are the advantages of a smaller code base?
- It is much easier to audit. OpenVPN would take a large team many days to audit. One person can read through WireGuard’s codebase in a few hours.
- More accessible to audit = easier to find vulnerabilities, which helps keep WireGuard secure
- Much smaller attack surface in comparison to OpenVPN and IPSec
- Better performance
While the smaller code base is an advantage, it also reflects some limitations, as discussed below.
Speeds can be a limiting factor with VPNs – for many different reasons. WireGuard is designed to offer significant improvements in the area of performance:
A combination of extremely high-speed cryptographic primitives and the fact that WireGuard lives inside the Linux kernel means that secure networking can be very high-speed. It is suitable for both small embedded devices like smartphones and fully loaded backbone routers.
Theoretically, WireGuard should offer improved performance in the way of:
- Faster speeds
- Better battery life with phones/tablets
- Better roaming support (mobile devices)
- More reliability
- Faster at establishing connections/reconnections (faster handshake)
WireGuard should be beneficial for mobile VPN users. With WireGuard, if your mobile device changes network interfaces, such as switching from WiFi to mobile/cell data, the connection will remain as long as the VPN client continues to send authenticated data to the VPN server.
Cross-platform ease of use
Although full implementation has been somewhat delayed, WireGuard should work very well across different platforms. WireGuard supports Mac OS, Android, iOS, and Linux, with Windows support still in development.
Another interesting feature with WireGuard is that it utilizes public keys for identification and encryption, whereas OpenVPN uses certificates. This does create some issues for utilizing WireGuard is a VPN client; however, such as key generation and management.
A few VPNs have already integrated full WireGuard support into their lineup of VPN clients. See, for example, with NordVPN.
Now merged into Linux kernel and released from beta.
On March 29, 2020, it was announced that WireGuard would be officially included in the 5.6 Linux kernel. This is big news that many privacy enthusiasts have been waiting for.
Additionally, WireGuard is now out of beta with the release of version 1.0 for Linux. You can get more info on WireGuard for different operating systems here.
With these two developments, WireGuard is now considered stable and ready for widespread use. The previous warning on the official website about WireGuard being “not yet complete” has been removed.
Is WireGuard better than OpenVPN?
Every VPN protocol has its benefits and flaws. WireGuard has proven to be faster than OpenVPN. It’s also less complicated and less bloated.
However, OpenVPN has undergone years of testing and auditing. WireGuard has yet to be independently audited and is still undergoing testing by its creators.
Until WireGuard’s privacy issues have been rectified or circumvented, OpenVPN is still the safer option – even if WireGuard is the faster one.
Can I use WireGuard Now?
Many VPNs have stated that they won’t implement WireGuard support until the protocol has been thoroughly tested and independently audited. Others say that they’re waiting for WireGuard’s creators to come up with a more robust privacy solution that won’t invalidate the VPN’s logging policy.
At the moment, only three VPNs give you WireGuard support: NordVPN, IVPN, and Mullvad.
Each VPN has added its privacy measures on top of the protocol that makes it safer to use.
WireGuard has been hailed as the future of VPNs. The speed and security tests I conducted on it yield fascinating results.
Nevertheless, even the team behind WireGuard admits that the protocol isn’t thoroughly tested or complete. It seems like we’ll have to wait a little longer before WireGuard is in good enough shape to be implemented in VPNs across the board.
But some VPN services are ahead of the game and are either working with WireGuard or coming up with their own solutions to the protocol’s current privacy issues.
Of all of these, NordVPN offers the most comprehensive and trustworthy WireGuard solution. NordLynx is incredibly fast, reliable, and secure while maintaining NordVPN’s high standards when it comes to privacy and logging.