If you’re up to date with the best VPNs, you’ve probably heard of WireGuard. It’s a new VPN protocol that’s designed to be easier to implement and more secure than OpenVPN. Based on initial testing, that seems to be the case. However, established services like ExpressVPN are still worried about how WireGuard will affect user privacy (read our ExpressVPN review).
In this guide, we’re going to explore what WireGuard is and why it might be the future for VPNs. We’ll talk a little bit about why WireGuard is so special, how it compares to OpenVPN and why so many people are up in arms about WireGuard’s privacy. At the end, we’ll give you a few recommendations for VPNs that currently support WireGuard.
What Is WireGuard?
The short answer is that WireGuard is much faster than OpenVPN while providing similar security. It’s a bit more risky when it comes to privacy, though, because the VPN server is forced to store user IP addresses in RAM. Still, we’ve seen multiple VPN providers get around this issue and, in the process, provide a glimpse at how fast VPNs will be in the future.
Breaking Down WireGuard
WireGuard is a free, open-source communication protocol that provides a streamlined alternative to OpenVPN. We’ve been recommending OpenVPN as the default protocol for years — read our VPN protocol breakdown to learn why — so after hearing about the new kid on the block, we naturally had a few questions.
The core difference is that WireGuard is far easier to understand and implement, compared to OpenVPN and other VPN protocols (we’ll talk specifically about the OpenVPN comparison in a moment).
Most VPN protocols have way too much code (OpenVPN and IPSec are around 500,000 lines each). As of 2018, WireGuard has only 4,000 lines of code, all while still establishing an encrypted connection.
In fact, WireGuard is so impressive that Linux creator Linus Torvalds referred to it as “a work of art.” Remember, this is the same guy who willingly referred to himself as “a really unpleasant person.”
Torvalds’ support doesn’t come as much of a surprise now. WireGuard is built to run as a module inside the Linux kernel, and as of a few months ago, it is officially part of the Linux kernel.
The streamlined code is due to the fact that WireGuard negotiates a connection similar to SSH. If you’re unaware, SSH is used to provide a secure connection to a remote computer.
WireGuard does something similar, except you’re connecting to a VPN. At the beginning of the connection, there’s a handshake that happens with the network, establishing that the sender and recipient have the proper symmetric keys.
This handshake is renegotiated throughout the connection, too, providing perfect forward secrecy. Although there are already some VPNs with perfect forward secrecy (read our ProtonVPN review for an example), this needs to be configured manually with OpenVPN. With WireGuard, it’s baked in.
VPNs That Use WireGuard
- NordVPN — Uses WireGuard to get even greater speeds
- PIA — The most cost-effective way to use WireGuard
- Mullvad — A super-anonymous service
Is WireGuard Secure?
WireGuard is impressive, but we have to talk about security before making any recommendations. For years, we’ve suggested using OpenVPN with AES-256 (read our description of encryption to learn why). WireGuard doesn’t adopt the same cipher suite as OpenVPN. It uses ChaCha20 instead of AES.
Comparing the two directly is tough because AES is a block cipher while ChaCha20 is a stream cipher (we’ll talk more about that in a moment). ChaCha20 uses a 256-bit key, like AES-256, providing similar security overall. In short, you shouldn’t be worried about using either cipher. ChaCha20 is also easier to implement than AES, which fits WireGuard’s whole theme.
It’s not like ChaCha20 came out of nowhere, either. Daniel Bernstein released it all the way back in 2008, and it’s been a part of TLS 1.3 since release. You’ve likely used ChaCha20, actually. Cloudflare and Google have been supporting it as an AES-GCM alternative for years.
As we’ve mentioned, the biggest difference between AES and ChaCha20 comes from the fact that AES is a block cipher while ChaCha20 is a stream cipher. There are a lot of differences between the two, but in short, a block cipher encrypts data in blocks — say, 256 bits of data at a time — while stream ciphers encrypt data one bit (or byte) at a time.
Nowadays, the security differences are minimal. However, there are speed differences. AES works so well on modern computers because it’s hardware accelerated. It has almost no performance impact on modern machines because support for AES is built into the CPU itself. That said, AES is generally slow when implemented at a software level (you can read our full guide to what AES is).
ChaCha20 and other stream ciphers are the opposite. They’re slow in hardware implementations but fast in software ones. That makes ChaCha20 the superior choice when it comes to encrypting at a software level.
WireGuard vs OpenVPN
Before getting to WireGuard, we have to talk about the problems with OpenVPN. Although you’ll never see it with mainline VPN services, there’s a lot of problem-solving happening automatically in the background. With so much code to work through, OpenVPN connections will often get caught in a process limbo, where the connection drags or refuses to establish itself.
VPN services implement error-correcting measures to account for these issues, with dedicated engineering teams to sort out large problems. With far fewer lines of code, WireGuard is less likely to have these issues. Furthermore, they’re easier to solve because there’s less code for developers to sift through.
More important, though, are the security benefits of WireGuard. Again, we’re looking at the streamlined code. Compared to OpenVPN, there’s simply less surface area for vulnerabilities with WireGuard. At some point, security is about odds, and with WireGuard, there’s much less of a chance that there’s some sort of critical security error in the code.
Furthering this idea, WireGuard is open source like OpenVPN. However, unlike OpenVPN, it’s much easier for developers to find vulnerabilities in the WireGuard code.
Finding issues in OpenVPN code is a months-long (if not years-long) task for large security research teams. With WireGuard, a solo security expert can easily find issues on their own and contribute to the overall security of WireGuard.
WireGuard provides the perfect storm of features and security to make OpenVPN obsolete. Of course, we’re still waiting on implementation from VPN providers to see the full benefits of WireGuard. On paper and in limited practice, though, WireGuard is superior to OpenVPN in almost every way.
The Privacy Angle
We’ve talked a lot about cryptography and security, but very little about privacy. There’s a glaring issue with WireGuard: it doesn’t support dynamic IP management. In short, this means the server must have a static IP, and the server must store the IP of the user in order to establish a connection. For any privacy-focused VPN, that’s a no-no.
ExpressVPN has even voiced concern over the growing popularity of the protocol, saying that “a good VPN must be unable to match such an identifier to a single user. Currently, this setup is not easily achieved with WireGuard.” In a stock implementation, VPN services can’t use WireGuard without logging, maliciously or not.
In a typical setup, a user would connect to the VPN server. That VPN server would check to make sure that the user is who they say they are and open a VPN tunnel. In the process, the user’s IP address is stored and matched to the static IP of the server. There are ways around this problem, though, as we’ve seen with NordVPN’s extremely fast NordLynx protocol.
NordVPN got around this issue with a double NAT: two local network interfaces are used to establish the connection. The first assigns the same local IP address for all users on the server, with an external database handling authentication. That establishes the VPN connection, and from there, the second network interface assigns a dynamic IP to each user.
As NordLynx shows, there are ways to implement WireGuard in a privacy-friendly manner. However, the ways in which different VPN providers choose to do this may vary. We’ll likely see support for the protocol roll out over the next several years. Right now, it’s safe to assume VPNs that don’t support WireGuard are developing systems to protect user privacy.
Recommended VPN Services With WireGuard
If you’ve made it this far, the idea of WireGuard is probably exciting. Here are some of our favorite VPNs that currently support WireGuard.
When it comes to cutting-edge tech, a VPN giant like NordVPN doesn’t immediately come to mind. Even so, NordVPN was one of the first services to fully support WireGuard across platforms. This comes in the form of NordLynx, which, as mentioned above, combines WireGuard with a double NAT.
The performance improvement compared to OpenVPN is staggering (just see our NordVPN review). We only dropped a few percentage points off our unsecured connection, no matter if we were tunneling a new miles away or on the other side of the globe. Furthermore, NordVPN wasn’t leaking any DNS requests or our local IP in the process.
You have to see the NordLynx performance to believe it. We reran our tests numerous times just to verify the results. If you want to see what all the fuss is about, you can sign up for NordVPN with a 30-day money-back guarantee.
Private Internet Access
Private Internet Access currently supports WireGuard in its beta version. Although the performance improvement wasn’t as drastic as NordVPN’s, PIA’s WireGuard implementation still blew OpenVPN out of the water. You can read our full Private Internet Access review for the speed results.
PIA doesn’t go into detail about how it’s dealing with the privacy issue, though it still addressed the concern vaguely in a blog post. From what we can gather, PIA is essentially deleting connection data periodically to ensure nothing is kept on its servers.
It’s important to remember that WireGuard is still a beta feature for PIA, unlike NordLynx, which has been fully released. We’ll likely see more details about how PIA is handling user data, as well as faster speed results, once the protocol is officially supported. If you want to give it a shot now, you can sign up for a plan with a 30-day money-back guarantee.
Much to our surprise, the very privacy-focused Mullvad was among the first VPN services to support WireGuard. Addressing the privacy issue in a blog post, Mullvad says that WireGuard only needs to store a user IP in system RAM, and once the session is over, that data is deleted. Mullvad goes a step further, removing any information if a session goes idle for more than three minutes.
Like PIA, Mullvad has a system for removing user data from the server with inactive sessions. Even without that, none of your data is moved to long-term storage. Like NordVPN and PIA, we saw a pretty significant performance improvement when using WireGuard, as you can see in our Mullvad review.
Mullvad’s support for WireGuard is what sells the protocol for us. This is the same VPN that doesn’t even allow you to create an account, and goes as far as to accept cash for VPN credits. Mullvad is one of the most privacy-focused VPNs around, and its endorsement of WireGuard is very telling.
WireGuard is the new kid on the block, and although it’s exciting to see the future of VPNs come to life, there are still some concerns about how VPN providers will handle WireGuard in a privacy-friendly manner. Still, we’ve seen multiple services implement WireGuard in a way that protects user privacy, suggesting that it’ll quickly replace OpenVPN.
Do you agree that WireGuard is going to be the de facto protocol in the future? Let us know in the comments below and, as always, thanks for reading.