The VPN industry is going crazy about this next generation WireGuard protocol. Its technology is very promising in regards to speed, security, and performance. However, like every new technology, especially the one that deals with your privacy and security, needs some time to settle. There aren’t that many WireGuard VPN providers yet and extensive real-world testing before mass adoption is necessary. This being said, let’s take a closer look at WireGuard itself.
Table of Contents
What is WireGuard
WireGuard is a modern VPN protocol that uses state-of-the-art cryptography. It applies the concept of crypto-key routing which allows easy setup, fast speeds, increased performance, and security. WireGuard is a cross-platform protocol that works on all OS and is considered as one of the most secure solutions to date.
The protocol creator Jason A. Donenfeld said that the new protocol is designed with simplicity in mind. The protocols such as OpenVPN and IPSec were developed more than 20 years ago with the old ideas and understanding about security and cryptography. This resulted in an extremely complex and hard-to-understand codebase.
WireGuard, on the other hand, uses fresh and modern science-based development techniques that resulted in a codebase with just around 5000 lines of code.
To get an idea of how straight-forward and easy to understand Wireguard’s code is – here’s a comparison of other VPN protocols by lines of code.
Advantages of WireGuard VPN
The connections made using this protocol solves the most common problems the VPN consumers face. Here are the advantages of WireGuard VPN:
High speed and performance
One thing that this VPN protocol outshines the others is the speed. The official website states that:
“[…] WireGuard lives inside the Linux kernel means that secure networking can be very high-speed […]”.
Such modern implementation not only contributes to fast speeds but to better overall performance on many devices too. For example, WireGuard also:
Reconnects and authenticates fast
Saves battery life on mobile devices
Has better roaming support for mobile devices
Has a more reliable and stable connection
Mobile device users should definitely see the advantages when using it. It is especially powerful when often changing networks from WiFi to cellular connections as it reconnects very quickly.
WireGuard uses state-of-the-art cryptography, which means it implements the newest and most modern scientific cryptographic techniques. The protocol uses such encryption algorithms such as:
Noise protocol framework
For more in-detail reading on cryptographic methods find it on the official website.
Secure and Auditable
Just like OpenVPN, WireGuard is an open-source project too. That means that the code is publicly visible and can be read by anyone. The security-first design principle of the protocol is what makes it easily auditable. The codebase is just around 5000 lines of code when in comparison OpenVPN alone takes up to 120 000 LoC.
Such a simple approach and small codebase have it’s security advantages:
Has a minimal attack surface
Less prone to vulnerabilities and bugs
In the early stages, WireGuard was released for a Linux Kernel, therefore it lacked the support for other OS. As soon as the heavy development started, the team released the drivers for platforms such as Windows, macOS, iOS, and Android.
The cross-platform support allowed the start of the wider protocol adoption in the industry. VPN providers started to get interested and implement the solutions on their apps.
Speaking of technicalities, WireGuard uses the concept of crypto-key routing. It basically uses the public key and IP address pairs to route and manage the connections. The extremely simple interface allows to set up the connections with a few command lines. It does not require managing the connection states or knowing what’s under the hood. All is taken care of by the protocol.
The concern with WireGuard VPN
While it all sounds amazing, there were some trade-offs made when designing the protocol. It comes with some drawbacks that are keeping away the VPN providers from mass adoption. As a VPN is a tool for privacy some technical challenges arise in regards to that.
Here’s why WireGuard is a concern for privacy:
Logs and stores the user’s IP address on the server
WireGuard has a default mechanism of storing the user’s IP addresses on the server’s RAM memory. Even though the IP addresses are deleted after rebooting the server or restarting the WG interface, this is not enough for the cybersecurity companies that offer a no-log policy.
WireGuard VPN providers must come up with ways of complying with the no-logs policies to ensure the privacy of their users. Only a few VPN services came up with a solution implied by the WireGuard’s design. For example, NordVPN solved the logging issue with it’s double NAT system (NordLynx). Read it on their blog how they made it work.
Internally assigns a static IP address
A few WireGuard VPN providers pointed out that it’s not ideal how the protocol assigns static IP addresses, even if it’s only internally. The public key and IP address pairing mechanism could potentially leak your IP address externally.
This, of course, can only happen if you have some malicious apps that can access your IP address or are experiencing a WebRTC leak. On the other hand, WebRTC IP leak can expose your IP when using other VPN protocols anyways.
After extensive testing on their Linux app, NordVPN just released the WireGuard protocol for its Windows, macOS, Android, and iOS users. It tested the next-generation protocol in regards to security and privacy.
To tackle the WireGuard’s IP address logging issue, NordVPN engineered a double NAT system around the WireGuard protocol and called it NordLynx. This WireGuard VPN provider already offered great speeds, but with NordLynx it got even faster. You can easily connect with NordLynx on any of their apps by selecting the option in the settings screen.
Windows App Example, but the same on any other (mobile included):
NordVPN has been a secure and audited no-logs provider. It has no IP or DNS leaks and has multiple features to protect your internet traffic:
CyberSec – ads and malicious website blocker
Obfuscated Servers – hides VPN traffic circumvents censorship in restricted countries
Double-VPN – double encryption with multi-hop VPN
Onion Over VPN – anonymizes traffic by routing it via Tor Network
WireGuard available on Win, Mac, iOS, Android and Linux
Easy to set up WG with just a button click
The best privacy solution for WG with Double NAT (NordLynx)
Strict no-logs policy
Next-generation encryption with double VPN servers
This Swedish WireGuard VPN Provider was one of the first ones who supported the new and secure protocol since 2017. Now as the technology developed AzireVPN allows to use this speedy protocol on Windows, macOS, iOS, Android, Linux, and routers.
It has specific WireGuard clients for every OS or configuration files available for import.
This service is a privacy-focused service that keeps no-logs. Their network is not that big with 12 key locations around the world, but it has unlimited bandwidth, allows P2P, and even supports IPv6 traffic.
AzireVPN uses strong encryption offered by WireGuard, their servers do not have hard-drives to avoid any logging being stored on their servers and it accepts payments with multiple cryptocurrencies – even with DogeCoin (much wow!).
Supports WireGuard on Windows, macOS, iOS, Android, Linux, and routers
TorGuard has full WireGuard support on Mac and smartphones. It does not currently have an app for Windows users, though. The setting up is not as straight-forward as NordVPN, as you have to enable the setting on your account panel, download the config files, and import them so you could create the WireGuard tunnel.
TorGuard has a no-logs policy and keeps no information about the connections on any servers. It has great speeds, unlimited bandwidth, a decent server network in 50+ countries around the world.
This WireGuard VPN provider also has lots of technical and customizable features such as port forwarding, SSL based VPNs, traffic obfuscation, Dedicated IPs. By default, it has no IP or DNS leaks and an internet kill switch.
Supports WireGuard on macOS, iOS, Android, Linux, and routers
Private Internet Access is a well-known VPN service in the industry. It recently released its beta version of WireGuard for Windows, Mac, Linux, Android, and iOS.
PIA states that “Private Internet Access has supplemented the core WireGuard VPN tunneling software with additional protections to ensure that the server-client connection remains private and no IP addresses are leaked”.
This WireGuard VPN provider has a strict no-log policy, all essential privacy features such as internet kill switch, IP leak protection, and blocks ads and trackers.
Private Internet Access has a great server network with more than 3000+ servers in 67 locations. Many of them support P2P traffic and have unlimited bandwidth.
However, for the moment you need to sign up for Beta testing to try WireGuard connections.
Mullvad is a WireGuard VPN provider that allows connecting with this protocol on all platforms. The native mobile apps use it all the time, so no need to set it up. Linux and Mac have it as a default setting and in Windows, you need to turn in on in the app.
The service is aware of the privacy issues and has implemented methods to tackle the existing problems. It has the option to regenerate keys, also, it manages the connection handshakes so the real IPs are not stored.
Supports WireGuard on Windows, macOS, iOS, Android, Linux, and routers
Mobile apps use WireGuard by default
Allows to regenerate the crypto-keys for privacy
Strict no-logs policy
600+ servrs in 36+ countries
30-day money-back guarantee
WireGuard VPN is the next big thing in the industry. It is secure, fast, and uses the most modern technology to reach outstanding performance. However, since it’s a fairly new protocol not many VPN providers have it on their apps. WireGuard’s inner mechanisms come short in regards to privacy, therefore VPN companies try to engineer ways to ensure their user’s safety. So far the best solution is offered by NordVPN and their Double NAT system called NordLynx. The solution is the easiest as it requires only to select a setting in the app.
CyberWaters is a mixed crew of cyber security enthusiasts with a keen interested in data privacy, security and technology behind it. We provide cyber security related content and give advise on best practices and tools how to stay safe and secure online.