WireGuard VPNs – A New and Improved VPN Protocol?Last Updated by Gray Williams on November 13, 2018
People are wondering about the newest VPN protocol, WireGuard. The buzz is it’s the easiest to use, most secure, and effective available today. Corporate developers have their eye on it, hoping to build a backend infrastructure with a modern platform, so it’s time we took a closer look.
Initially released just for Linux operating systems but now compatible with many other platforms, including Mac; that’s why it’s time to evaluate this new technology and determine if it’s a good solution for consumers wanting a secure VPN.
It is rumored that NordVPN will soon be adding WireGuard capabilities, making them the first major VPN to adopt this technology.
What is WireGuard?
Oregon Senator Wyden stated that governments shouldn’t use outdated technologies such as IPsec and OpenVPN. He called for replacements that were more secure and endorsed WireGuard for use among government officials.
Jason A. Donenfeld, the founder of Edge Security, created the code. Some developers caution that it’s not yet stable enough and advise using it as an experimental project until all vulnerabilities are resolved. However, both Mullvad and AzireVPN have already implemented the software.
WireGuard appears to be the future of VPN protocols.
What is Different about WireGuard?
Jason Donenfeld is no stranger to online security. Having worked with both defensive and offensive applications which led him to develop route kit exfiltration methods that hid his presence within a network.
Throughout his work, he realized that the same methods used to infiltrate a network were the ones that would protect it. WireGuard contains many stealth features already integrated and provides a trustworthy VPN tunnel that out-performs the outdated technologies we use.
Why is Wireguard so Simple?
One of Donenfeld’s goals was to keep everything simple, feeling existing protocols instilled no confidence because of their size; the sheer magnitude of them allowing for bugs.
For mobile usage, WireGuard doesn’t transmit any packets other than real data, which reduces the usual chatter associated with a VPN and cuts down on available information for a packet sniffer. On top of that, it extends mobile battery life.
Encryption protocols on mainstream products prefer to use the OpenVPN system. This protocol features about 120,000 lines of code which makes it slow and complicated, plus challenging to secure. WireGuard uses a cryptographic foundation that utilizes fewer than 4,000 lines of code.
Wireguard Provides Strong Encryption
The heart of this encryption is Crypto essential Routing. It works by assigning public encryption keys to a list of VPN IP addresses allowed in the tunnel. On the network interface, a private key plus the list of IP addresses permit access; the key authenticates users with other peers.
In a server configuration, the application sends packets to the network with the source IP address that matches from the list of permitted IP addresses. Any time the system chooses to send a packet, it examines the destination IP first to determine its legitimacy.
IP Roaming on Both Ends
It’s simple to switch IP addresses from both ends without ever breaking the protocol. Users easily switch from their cellular, Wi-Fi, or other connection, without performing any further configurations.
While WireGuard is optimized to run on the Linux Kernel, it’s adaptable to other platforms. There’s no issue running the configurations on Android, macOS, or Ubuntu at this time. There is also a user-space portable version in the works which enables developers to include some VPN functionality to apps in the Play Store without root access.
Several ways to create point-to-point VPN tunnels exist. Both your device and the server must use the same protocol to communicate; the most commonly used is OpenVPN. The secure implementation works on any device as you long as you install an app.
IPsec, when used with IKEv2 authentication, is also popular. It integrates well with macOS, iOS, Linux, and Windows. It’s an excellent solution for devices that can’t install every app you desire.
PPTP and L2TP are some of the original security protocols, but only have 128-bit encryption and aren’t reliable to bypass geo blocks.
Both IPsec and OpenVPN feature huge codebases, which allow more room for attack and are difficult to audit. WireGuard’s simplified code is much easier to control.
Connecting to WireGuard is just like using a remote server with SSH. The user generates a set of private and public keys to exchange with a server. Unlike other protocols, WireGuard relies solely on your device’s network which allows it to route the traffic through a tunnel no matter what Internet connection you use.
With a regular VPN, you must reconnect to the server each time you switch from Wi-Fi to Ethernet, etc. With WireGuard you maintain your connection despite the need to change IP addresses and networks.
You’ll also see by the tests done through WireGuard, that there’s no comparison when it comes to speed.
The difference between WireGuard and IPsec protocols is massive regarding throughput. The improvement is a solution for people who aren’t happy with the speed of their VPN connection. Imagine the possibilities for streaming and online gaming.
WireGuard has a lower ping time then IPsec, and considerably lower compared to OpenVPN.
It’s exciting to see so much new technology around the corner. It’s time to replace the old security we’ve been using and protect ourselves further.
We plan to watch for news regarding updates to WireGuard and will gladly keep you updated in the future.