WireGuard

WireGuard Protocol
Written by: Per-Erik Eriksson

If you are currently using or intend to use a VPN, consider which protocol it employs. The differences are colossal because they all perform differently.

WireGuard is a relatively new VPN protocol that has significantly impacted the industry. Although relatively new on the market, WireGuard has gained acceptance across the cybersecurity sphere thanks to its faster speeds and upgraded encryption.

But is WireGuard as safe and trustworthy as its older competitor OpenVPN? Does it come with any drawbacks? Our article will answer these and many other questions about this open-source communication protocol.

What Is WireGuard?

WireGuard is a VPN protocol created in 2017 for the Linux kernel but is now also available on Mac, Windows, iOS, and Android. At that time, existing protocols, like OpenVPN and IPsec, yielded unsatisfactory results and were hard to configure. Instead of trying to adapt the existing codes to its needs, WireGuard creator, Jason A. Donenfeld, created an entirely new protocol that utilizes less code and a more efficient cryptographic algorithm. This resulted in a more secure counterpart to OpenVPN.

How Does WireGuard Work?

WireGuard can be used in two ways — as a standalone protocol or via a VPN service provider. It comes with improved security features, speed, and ease of use, thanks to several technologies it utilizes, namely Curve25519, ChaCha20, and Poly1305. The first one allows WireGuard to conceal connections through key pairing. The other two help it with encryption.

Based on symmetric encryption, WireGuard creates a secure encrypted tunnel between two devices utilizing advanced cryptography. The software works even if the IP address of the client device changes. For example, you don’t have to wait thirty seconds for the VPN to reconnect when switching from mobile data to Wi-Fi.

WireGuard Pros and Cons

Although WireGuard has an entire suite of impressive features, this modern VPN protocol also has a few drawbacks. Let’s examine both in detail.

Pros

  • Speed — This VPN protocol uses high-speed cryptography code. Furthermore, since it runs within the Linux kernel, its performance and bandwidth are way faster than all other protocol solutions. Therefore, it is suitable for small embedded devices like smartphones and fully loaded routers.
  • Performance — Besides improved speed, WireGuard has enhanced performance in several other areas. This includes better battery life with tablets and phones, better roaming support with mobile devices, and faster connection/reconnection times.
  • Security — Unlike other VPN protocols, WireGuard uses secure and efficient components, such as the cryptographic key routing process. It doesn’t utilize the industry standard encryption techniques but combines public encryption keys with authorized VPN IP addresses to ensure higher security.
  • Deployment — WireGuard client or server software is easy to install. You can download the ready-to-use desktop and mobile apps through the relevant platform’s app store. On the server side, installing WireGuard is similar to configuring SSH, which most IT professionals are familiar with.
  • Codebase — Having only 4,000 lines of code makes WireGuard easy to work with, audit, and inspect for potential weaknesses.
  • Agility — WireGuard lets you connect and reconnect quickly across networks. Unlike other VPN protocols, it stays connected even when others fail.

Cons

  • Privacy concerns — Privacy is WireGuard’s weak spot. Privacy concerns arise from the fact that users must log their data, violating most VPN providers’ privacy policies.
  • Obfuscation — WireGuard doesn’t obfuscate natively. This is essential in evading censorship, such as the Great Firewall of China. Although it’s not easy to bring obfuscation and WireGuard together because it should take place at the layer above, it is still possible.

Which VPNs Support WireGuard?

Many commercial VPN providers have jumped on the WireGuard bandwagon in light of its significant benefits for the average end user. Here are a few of them:

  • NordVPN — The first major VPN to adopt it was NordVPN. The provider modified the open-source WireGuard software and created a proprietary protocol — NordLynx.
  • Surfshark VPN — Another one was Surfshark, known for implementing next-gen security features to its service, including WireGuard. As opposed to static IP addresses, Surfshark provides dynamic IP addresses for its WireGuard users, which ensures their online privacy.
  • Mullvad — This Swedish VPN provider was one of the early adopters of WireGuard. Like NordVPN, all Mullvad apps include full WireGuard support. It’s a privacy-focused VPN service that doesn’t keep logs.
  • IPVanish — IPVanish was among the last to implement the WireGuard tunneling protocol, but it marked a significant upgrade to the provider’s services. 

However, the list doesn’t end here, many other VPN providers are utilizing the WireGuard protocol. VyprVPN, OVPN, AzireVPN, ProtonVPN, Private Internet Access, TorGuard, and CyberGhost are just a few.

WireGuard vs. OpenVPN

OpenVPN has long been the industry standard in VPN protocols. However, even though it was robust and secure, its speed was less than optimal. Compared to the competition, WireGuard offers a noticeable performance boost.

WireGuard utilizes fewer lines of code, only about 4,000. That may seem like a lot at first glance, but it is nothing compared to the over 100,000 lines of code OpenVPN is built upon. The number of lines can even reach 400,000 if one wants to use all the features. This means that WireGuard is 25% to 100% less bulky than OpenVPN, and it is easier for developers to find and fix bugs and security breaches.

Another thing that sets WireGuard apart from OpenVPN is speed. Its connections are significantly faster (over 58%), revolutionizing VPN performance. This also means you should get a more reliable connection and less battery drainage when using a WireGuard VPN on a mobile device.

You can see the speed difference between these two protocols in Surfshark in the table below. We ran the test across three cities located on different continents.

CityOpen VPN D/U speedWireGuard D/U speed
New York City167/77 Mbps385/196 Mbps
Berlin220/277 Mbps431/151 Mbps
Singapore221/246 Mbps504/484 Mbps

Conclusion

Even though older VPN protocols like IPSec and OpenVPN are effective, they could be better. Thus, it’s no wonder WireGuard took the world by storm when it appeared on the market. Aside from being secure, it is fast and lightweight. It is known for its small codebase and focuses on the latest encryption methods, making it one of today’s most reliable VPN protocols.

FAQ

Is WireGuard the best VPN protocol?

Despite OpenVPN’s popularity, it was developed over 20 years ago, and internet technology has advanced significantly since 2001. WireGuard has been a game-changer ever since it was launched. Security experts have already given it credit for making a breakthrough in the VPN protocol market.

Is WireGuard better than OpenVPN?

Yes, WireGuard is generally better than OpenVPN. Compared to OpenVPN, WireGuard is faster, simpler, and easier to set up. Plus, it has a small code base. As a result, even lightweight platforms can use this protocol quickly and securely.

Can WireGuard be hacked?

Due to its proven cryptographic technology, WireGuard is nearly impossible to hack. It is very secure as it uses state-of-the-art cryptographic algorithms and ciphers. In addition to being easier to audit, its small codebase offers a smaller attack surface.

Related articles