WireGuard VPNs – A New and Improved VPN Protocol?

Last Updated by Gray Williams on November 13, 2018

People are wondering about the newest VPN protocol, WireGuard. The buzz is it’s the easiest to use, most secure, and effective available today. Corporate developers have their eye on it, hoping to build a backend infrastructure with a modern platform, so it’s time we took a closer look.
WireGuard vpn protocol

Initially released just for Linux operating systems but now compatible with many other platforms, including Mac; that’s why it’s time to evaluate this new technology and determine if it’s a good solution for consumers wanting a secure VPN.

It is rumored that NordVPN will soon be adding WireGuard capabilities, making them the first major VPN to adopt this technology.

What is WireGuard?

Oregon Senator Wyden stated that governments shouldn’t use outdated technologies such as IPsec and OpenVPN. He called for replacements that were more secure and endorsed WireGuard for use among government officials.

Edge Security

WireGuard is the newest open source venture that speeds up VPNs while making them more secure than they previously were. It explicitly claims to be better than OpenVPN and IPsec protocols.

Jason A. Donenfeld, the founder of Edge Security, created the code. Some developers caution that it’s not yet stable enough and advise using it as an experimental project until all vulnerabilities are resolved. However, both Mullvad and AzireVPN have already implemented the software.

WireGuard appears to be the future of VPN protocols.

What is Different about WireGuard?

Jason Donenfeld is no stranger to online security. Having worked with both defensive and offensive applications which led him to develop route kit exfiltration methods that hid his presence within a network.

Throughout his work, he realized that the same methods used to infiltrate a network were the ones that would protect it. WireGuard contains many stealth features already integrated and provides a trustworthy VPN tunnel that out-performs the outdated technologies we use.

Why is Wireguard so Simple?

One of Donenfeld’s goals was to keep everything simple, feeling existing protocols instilled no confidence because of their size; the sheer magnitude of them allowing for bugs.

Keeping WireGuard simplistic, in theory, should mean fewer vulnerabilities to exploit. As far as cryptography goes, WireGuard implements modern applications such as Curve 25519, ChaCha20, Poly1305 plus BLAKE2, and SipHash2-4. What makes it more secure is that there’s no cipher agility.

For mobile usage, WireGuard doesn’t transmit any packets other than real data, which reduces the usual chatter associated with a VPN and cuts down on available information for a packet sniffer. On top of that, it extends mobile battery life.

Encryption protocols on mainstream products prefer to use the OpenVPN system. This protocol features about 120,000 lines of code which makes it slow and complicated, plus challenging to secure. WireGuard uses a cryptographic foundation that utilizes fewer than 4,000 lines of code.

Wireguard Provides Strong Encryption

Virtual Private Network (VPN) The heart of this encryption is Crypto essential Routing. It works by assigning public encryption keys to a list of VPN IP addresses allowed in the tunnel. On the network interface, a private key plus the list of IP addresses permit access; the key authenticates users with other peers.

In a server configuration, the application sends packets to the network with the source IP address that matches from the list of permitted IP addresses. Any time the system chooses to send a packet, it examines the destination IP first to determine its legitimacy.

IP Roaming on Both Ends

It’s simple to switch IP addresses from both ends without ever breaking the protocol. Users easily switch from their cellular, Wi-Fi, or other connection, without performing any further configurations.

Flexibility

While WireGuard is optimized to run on the Linux Kernel, it’s adaptable to other platforms. There’s no issue running the configurations on Android, macOS, or Ubuntu at this time. There is also a user-space portable version in the works which enables developers to include some VPN functionality to apps in the Play Store without root access.

Comparing Protocols

Several ways to create point-to-point VPN tunnels exist. Both your device and the server must use the same protocol to communicate; the most commonly used is OpenVPN. The secure implementation works on any device as you long as you install an app.

IPsec, when used with IKEv2 authentication, is also popular. It integrates well with macOS, iOS, Linux, and Windows. It’s an excellent solution for devices that can’t install every app you desire.

PPTP and L2TP are some of the original security protocols, but only have 128-bit encryption and aren’t reliable to bypass geo blocks.

While it might sound like there’s plenty of options available, there’s something to consider; OpenVPN is old technology. It’s been around for almost 20 years, is slow, and wasn’t designed for use on a mobile device.

Both IPsec and OpenVPN feature huge codebases, which allow more room for attack and are difficult to audit. WireGuard’s simplified code is much easier to control.

Connecting to WireGuard is just like using a remote server with SSH. The user generates a set of private and public keys to exchange with a server. Unlike other protocols, WireGuard relies solely on your device’s network which allows it to route the traffic through a tunnel no matter what Internet connection you use.

With a regular VPN, you must reconnect to the server each time you switch from Wi-Fi to Ethernet, etc. With WireGuard you maintain your connection despite the need to change IP addresses and networks.

Comparing Speed

You’ll also see by the tests done through WireGuard, that there’s no comparison when it comes to speed.
WireGuard vpn protocol throughput

The difference between WireGuard and IPsec protocols is massive regarding throughput. The improvement is a solution for people who aren’t happy with the speed of their VPN connection. Imagine the possibilities for streaming and online gaming.

WireGuard vpn protocol ping time

WireGuard has a lower ping time then IPsec, and considerably lower compared to OpenVPN.

Final Thoughts

WireGuard is still in the process of development, and while there’s plenty of information available, it is not a completed project. Once WireGuard is ready, we see no reason why it wouldn’t become the best way to secure your Internet traffic.

It’s exciting to see so much new technology around the corner. It’s time to replace the old security we’ve been using and protect ourselves further.

We plan to watch for news regarding updates to WireGuard and will gladly keep you updated in the future.

Gray Williams
Gray Williams is an experienced data and communications engineer and cross-platform copy and content writer and editor with a keen interest in cybersecurity. He has been working with and researching, VPNs and other online privacy tools for many years.