Over the past years, ExpressVPN has been hard at work on the new Lightway protocol. The protocol is finally out of beta stage and is now available to all ExpressVPN users. If you’re wondering what to expect, our ExpressVPN Lightway review has the answers.
- Lightway is a new open-source VPN protocol created by ExpressVPN.
- Lightway UDP offers the fastest download speeds and is suitable for streaming, gaming and torrenting.
- If you’re sending large files, Lightway TCP (with ChaCha20 encryption) is your best bet, as it has the best upload speeds.
- Lightway offers all the benefits of WireGuard — including a lightweight codebase, better speed and minimal battery drain — but takes it a notch higher with stellar privacy, obfuscation and TCP support.
ExpressVPN labels Lightway as a modern VPN protocol, thanks to its faster speeds, better handling of network changes and modern encryption options. We took it out for a spin to verify the claim, and we were impressed overall.
In this article, we’ll walk you through various Lightway protocol attributes, from its underlying framework to its performance. Keep reading to learn how Lightway vs OpenVPN vs WireGuard compare. Be sure to keep an eye on our ExpressVPN review to learn how the protocol progresses.
Updated article format and added more recent information and data about Lightway
Lightway is a new ExpressVPN protocol built to support AES and ChaCha20 encryption options, and it offers both TCP and UDP tunneling options.
Yes, Lightway is secure. It gives you the option to use a TCP and AES encryption combination, which is as secure as they get. The icing on the cake: it’s much faster than older protocols.
No, Lightway isn’t based on WireGuard. It’s built around the wolfSSL cryptographic library, which is entirely different from WireGuard’s Noise protocol framework.
No, ExpressVPN doesn’t support the WireGuard protocol.
What Is ExpressVPN Lightway?
Lightway is a new open-source protocol designed specifically to increase the speed and reliability of a VPN connection. With the official launch, ExpressVPN has made it available on all platforms, including Android, iOS, Windows, Mac, Linux and routers.
Rather than building Lightway around an existing protocol, ExpressVPN built it from the ground up using the wolfSSL cryptography library. Doing so enabled ExpressVPN to create an incredibly lightweight protocol. The protocol has about 2,000 lines of code, which is fewer than any other protocol on the market.
This isn’t just important to nerds and crypto-enthusiasts, either. A lighter code means it takes less processing power, which in turn means better performance. OpenVPN has a notoriously large code base, which makes it slow to connect initially. Compare that to Lightway, which loads almost instantly, and it’s easy to see how the leaner code improves performance.
Beyond the lean core, Lightway works with both AES and ChaCha20 encryption standards and supports tunneling over TCP and UDP. Whether you prioritize speed or security, you can pick the suitable encryption combination to fit your needs. Plus, its open-source nature means that anyone is free to audit the code for anything suspicious.
How a VPN Connection Affects Your Internet Speed
A VPN slightly slows down your internet speeds. To help you understand how, think of your internet connection as a highway. When you connect to a VPN, it routes your traffic through a VPN server, essentially creating a detour on the highway. Plus, this detour is full of speed bumps in the form of encryption and decryption.
The extra steps (bumps) decrease your internet speed, but the magnitude of their impact depends on various factors, including:
- Distance to the remote server
- Remote VPN server load
- Your internet service provider’s (ISP) speed
- VPN protocol
The VPN protocol forms the basis of every VPN service as it sets the requisites to connect. Older protocols and those designed solely for online security are slow (as you’ll read in our VPN protocol guide). However, a modern protocol like Lightway keeps you secure online and at the same time reduces the impact on speed to negligible levels.
Lightway VPN Protocol Pros & Cons
- Fast connections, thanks to a lightweight codebase
- Solid online security & privacy
- Low processor load & battery consumption
- Always-on protection
- Not widely used & tested
- Currently not used by other VPN services
Benefits of ExpressVPN Lightway Over Other VPN Protocols
Now that you know a bit about Lightway, let’s talk about how it’s different from other VPN protocols.
1. Efficient Code
As we mentioned earlier, Lightway has an efficient codebase. Less code usually means a faster connection, but it has other benefits, like faster reconnection times. Beyond that, lightweight code helps in the security department too. For example, if there’s a bug or security issue, security researchers can audit and fix it quickly.
2. Modern Encryption Options
Even better, Lightway supports both AES-256 and ChaCha20 encryption standards. In comparison, the WireGuard protocol supports ChaCha20, whereas OpenVPN works with AES-256, but no other protocol supports both.
AES-256 has been the standard for a while, and it works wonders in most cases (read our guide to what AES is and our description of encryption for more). On the other hand, ChaCha20 is yet to catch on in the VPN market and isn’t as widely used as AES-256. That’s by no means a sign of frailty.
On the contrary, ChaCha20 offers similar security to AES-256 while handling network changes with ease. It’s also fast, particularly on mobile, and is an excellent option for devices that don’t support hardware-accelerated AES encryption.
3. Better Online Security
Lightway uses the secure wolfSSL cryptographic library. Security experts have vetted the library and found that it meets security standards, including the FIPS 140-2 standard — a security approval program for cryptographic libraries. Besides that, when independent auditor Cure53 audited the protocol in 2021, the firm found no critical security issues.
Even better, Lightway supports TCP tunneling, which delivers better security than a UDP connection, albeit at the expense of speed. It also supports ExpressVPN’s perfect forward secrecy (PFS), which offers dynamic encryption keys that are constantly changed to maintain top-notch security.
4. Always-On Protection
In practice, the streamlined code means that Lightway handles drops well. As we’ll get to in a moment, Lightway secures your device almost instantaneously. So if you’re using ExpressVPN on your mobile device and are experiencing dropouts, Lightway can keep up with the fluctuating network.
This is where Lightway gets interesting. Even when your device is switching networks — say from LTE to WiFi (or vice versa) — the Lightway session remains. That means once you have internet access, ExpressVPN is ready to go, without the need to renegotiate the connection.
5. Battery Saver
Lastly, the Lightway protocol is a battery saver. The small codebase means it consumes less processing power compared to other protocols. Consequently, with reduced processor load comes improved battery life for your device.
Lightway Protocol Drawbacks
Before the official release, we had users complain that Lightway was buggy, especially on Windows 10 devices. That issue seems to have been resolved and everything has worked just fine since its official release. When we tried out the VPN protocol, it ticked all the boxes and didn’t ruin our experience in any way.
One quibble is that Cure53 pointed out 14 issues with the protocol. However, the security firm gave it the thumbs up since none of the issues met the threshold for critical severity.
ExpressVPN Protocols: Lightway vs OpenVPN vs IKEv2
To better understand where Lightway stands in terms of performance, we benchmarked it against other ExpressVPN protocols. However, because WireGuard isn’t an option with ExpressVPN, we didn’t use it in our speed tests. We ran multiple tests on different servers around the world and averaged them out in the table below.
|OpenVPN (UDP)||Lightway (UDP)||IKEv2|
|Download: 3 (-4.8 percent)||Download: 3.12 (-0.95 percent)||Download: 3.09 (-1.9 percent)|
|Upload: 2.44 (-18 percent)||Upload: 2.67 (-10.4 percent)||Upload: 2.4 (-19.5 percent)|
The Lightway protocol is the clear winner in terms of both upload and download speed. IKEv2 came a close second, while OpenVPN seems to be losing its edge over the modern protocols.
We tested the protocols for IP and DNS leaks, and they came out clean, proving they all pack a punch on the security front. However, with a choice of TCP and UDP plus AES and ChaCha20 options, Lightway has a slight advantage over the rest. It gives you multiple ways to configure the VPN to achieve the ideal balance of speed and online security.
ExpressVPN Lightway UDP vs TCP
The Lightway protocol gives you an option to use TCP or UDP tunneling protocols. Both options transmit your traffic across networks, but they work differently, and one is better suited for certain online activities than the other.
To begin with, transmission control protocol (TCP) is a connection-oriented protocol. In other words, it first establishes a connection between the communicating servers before sending data packets in sequence. It maintains the connection until the last data packet reaches the destination, after which it closes that tunnel.
TCP guarantees better reliability and security than UDP and is good for unsecured networks like public WiFi. However, creating, maintaining and terminating connections adds overhead to your connection, thus slowing down your internet speeds.
On the other hand, the user datagram protocol (UDP) is a connectionless protocol. It’s lightweight, and unlike TCP, doesn’t need to establish a connection first to send traffic. As a result, it skips the overhead of the TCP protocol, and thus is faster and perfect for activities like streaming, gaming and torrenting. On the flip side, UDP isn’t as secure as a TCP connection.
Our First Impressions of Lightway
To test how ExpressVPN’s Lightway performs in the real world, we took it for a spin in a batch of speed tests. ExpressVPN gives you four different settings to choose from. You can pick between a UDP or TCP connection, and you can use either the AES or ChaCha20 encryption protocol. The results of our speed tests were quite interesting.
Lightway Protocol Speed Tests
|Location:||UDP with AES:||UDP with ChaCha20:|
|Average:||447 (+23 times)||3.12 (-2.5 percent)||2.67 (-11 percent)||425 (+22 times)||3.11 (-2.8 percent)||2.47 (-18 percent)|
|Location:||TCP with AES:||TCP with ChaCha20:|
|Average:||482 (+25)||2.66 (-16.9 percent)||2.86 (-4.67 percent)||473 (+25 times)||2.78 (-13.1 percent)||2.84 (-5.3 percent)|
Lightway UDP is faster than the TCP connection, especially when it comes to download speed. To be precise, UDP with AES encryption is nearly seven times faster than the TCP plus AES combination. On the other hand, UDP plus ChaCha20 has five times faster download speeds than TCP with the same encryption.
If the results are anything to go by, Lightway UDP is the best option for speed-intensive activities like streaming, gaming and torrenting.
However, Lightway TCP has the best upload speeds of any ExpressVPN protocol. TCP with ChaCha20 offers speeds that are about three times faster than UDP plus ChaCha20 options. Given TCP’s stellar security, that means you can safely send large, sensitive files without lag or annoying delays.
We noted much faster reconnection times with Lightway than with other VPN protocols. As any VPN user knows, there’s a few seconds between starting the connection and actually being secured by the VPN tunnel. In our experience with Lightway, the connection was pretty much instantaneous. It may not seem like a big deal, but it makes a huge difference, especially on mobile.
NordVPN’s NordLynx vs ExpressVPN’s Lightway Protocols
When NordVPN launched the NordLynx protocol in 2020, it improved the service’s speed consistency. It also increased speeds on the whole and put NordVPN on the verge of surpassing ExpressVPN as the fastest VPN on the market (read NordVPN review for more).
Two years later, ExpressVPN dropped the promising Lightway to shore up its reputation as the best VPN service, and it’s delivering the desired results. We put the new protocols side by side to see how they compare:
Similarities Between Lightway and NordLynx
Although they are still a work in progress, both Lightway and NordLynx protocols have shown that they have all the makings of a modern VPN protocol. One common theme about the protocols is the lean codebase. Lightway has 2,000 lines of code, while NordLynx has double the number, but it’s still lean by industry standards.
In terms of performance, the protocols have improved speed and connection times. Lightway in particular establishes the connection in less than a second, most of the time. Not to mention it’s more than twice as fast as OpenVPN.
Differences Between NordLynx and ExpressVPN Lightway
The protocols also exhibit subtle differences, which we’ve detailed in the table below.
|Framework:||Uses the wolfSSL cryptographic library||Built around WireGuard, which uses the Noise protocol framework|
|Tunneling protocol support:||Supports TCP and UDP tunneling protocols||Supports UDP tunneling protocol only|
|Encryption protocol:||Supports both AES and ChaCha20 encryption||Supports ChaCha20 encryption cipher only|
|Obfuscation:||Easy to add obfuscation, thanks to its support for plugin infrastructure||Doesn’t support obfuscation|
|IP allocation:||Assigns a unique IP address to each user as they connect||Uses the Network Address Translation (NAT) system to create two local network interfaces for each connection|
|Source code availability:||Open-source protocol with a publicly available source code on GitHub||Built on top of an open-source protocol, but its source code isn’t yet publicly available|
ExpressVPN opted to build Lightway from scratch using the wolfSSL cryptographic library, rather than creating it on top of an existing protocol — a wise move. It gave them the opportunity to not only sidestep the shortcomings of other protocols but to also improve upon their strengths.
For example, NordLynx doesn’t support TCP connection nor obfuscation, a problem carried over from its underlying WireGuard framework. Obfuscation adds an extra layer of stealth to your traffic, hiding the fact that you’re using a VPN, which can be crucial if you’re using the VPN in a country where it’s illegal to do so, such as China.
NordLynx denies you the chance to make the most of obfuscation. Additionally, you can’t opt in to the more secure TCP tunneling protocol because NordLynx doesn’t support it. Thankfully, Lightway supports all these options, making it an excellent choice for unsecured networks and highly restrictive environments.
Besides that, Lightway is open source, meaning the door is open for public scrutiny. In other words, security researchers can audit the source code to pinpoint its flaws. This means that patches to Lightway’s vulnerabilities will most likely come more frequently, and the protocol could evolve faster than NordLynx. Plus, being open source makes it available for other VPN providers to implement it, further fueling its popularity.
Final Thoughts: The Future of Lightway
The Lightway protocol improves upon the speed and reliability that ExpressVPN is known for. We’re always happy to see a service offering its work to the world in an open-source format, and we hope NordVPN follows suit with NordLynx. We’re fairly optimistic about Lightway’s future application for secure connections, thanks to its support for obfuscation and TCP tunneling.
However, the new protocol hasn’t yet been pushed to the limits, and maybe (just maybe) Lightway’s flaws will be laid bare once that’s done. For now, we can only make the most of its excellent capability and hope that Lightway won’t wither with time. You can use ExpressVPN’s 30-day money-back guarantee to try out the protocol without a hassle.
Have you used the Lightway protocol? Did you like the performance? We’d like to hear about your Lightway experience in the comment section below. As always, thanks for reading.