Wireguard is a (relatively) new VPN connection protocol that has been developed to be faster, simpler and easier to implement than older VPN protocols such as OpenVPN and IPsec. It was initially developed for Linux but has been adapted for all major platforms and remains an open-source project. Here’s what you need to know.
Make sure you subscribe to the All Things Secured YouTube channel!
To be clear: We’re not talking about a specific virtual private network, or VPN service.
Wireguard is a VPN connection protocol.
Wireguard is a connection protocol, not a VPN service.
A protocol is basically a language of communication between two devices over a network. That could be a local network, the open internet or, in this case…
…a virtual private network.
Current VPN protocols were developed decades ago. Although they still function well, they rely on older encryption methods and are bloated with a lot of code (more on this later).
In this “What is Wireguard” article, we’re going to cover:
- What is Wireguard (simple explanation)
- How Wireguard works (and why it’s better)
- Pros vs Cons of Using the Wireguard protocol
- How to Use Wireguard
- Mullvad VPN (Open source)
- NordVPN or VyprVPN (Commercial)
This is not meant to be a deeply technical explanation. Instead, my hope is that you can get a basic understanding of how it works and why it’s worth using.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!
What is Wireguard? (Simple Explanation)
Wireguard was initially developed back in 2016 as an alternative connection protocol for the Linux operating system.
What we’re dealing with here is a way to encrypt communication between two devices, which could be your computer and your corporate network, a server and a machine, your phone and the cellular network…whatever.
This is important when passing sensitive information across the open internet. There are already a lot of encryption measures in place, but a virtual private network or “VPN”, adds an additional layer of security.
Bottom Line
Wireguard is a set of rules that govern how an encryption connection is made. It is not a VPN. Your VPN provider may offer Wireguard as a connection option, but for the average person, it is not something you download and use by itself.
How Wireguard Works
When looking at the Wireguard protocol, specifically when you’re trying to do a comparison against another protocol like OpenVPN, it’s helpful to see it as lines of code.
- OpenVPN, the security standard for VPN protocols, has 600,000 lines of code.
- IPsec, another industry standard protocol, comes with 400,000 lines of code.
- Wireguard only has 4,000 lines of code.
That’s not a typo. Wireguard has simplified the VPN protocol by dropping more than 99% of code that wasn’t absolutely necessary.
What you end up with is a much more lean communication language that makes connecting easier and faster.
How exactly does work? For a more technical explanation of how the protocol encrypts and decrypts packets, I recommend you read this from Thomas Krenn. They use the following graphic to explain the protocol connection between clients and servers:
You get it now?
Yea, I didn’t think so.
In an effort to avoid using unnecessary jargon, Wireguard works by simplifying the process of connecting to another VPN using state-of-the-art encryption methods.
For you, the VPN user, this means:
- It takes less time to connect to a VPN server;
- The connection to the server is more stable;
- The connection is up to 4x’s faster.
Pretty cool, right?
Well let’s take a look at some of the pros and cons of using Wireguard.
Pros & Cons of Wireguard VPN Protocol
What makes Wireguard so special when we have perfectly good, existing protocols we can use already?
Currently, you can create secure connections using the OpenVPN protocol, IPsec, PPTP and many other VPN protocols.
It might be easier to understand if we break out the pros and cons of the Wireguard VPN protocol.
Advantages of the New Protocol
There are plenty of good reasons to start using this new protocol. These include:
- Quick Setup: Because Wireguard is based on a simple framework compared to OpenVPN and IPsec, it’s much quicker and easier to set up (although for the average person, your commercial VPN does all the setup, so this doesn’t apply). The instructions, like the lines of code, are significantly less.
- Quick Connections: In most cases, it takes about 5-10 seconds for most of my regular VPNs to connect. Wireguard is usually between 1-2 seconds, and often it feels like an almost instantaneous connection!
- Modern Cyprography Techniques: Because Wireguard was developed over the past few years, it has the advantage of having new, state-of-the-art cryptography to use. These techniques, such as cryptokey routing, mean that Wireguard is considered by some to be the most secure protocol available.
- Open Source: Wireguard is an open-source project, which means that anybody can look through and audit the code. The code has been peer-reviewed over the past few years, edited and given the stamp of approval by multiple security experts.
- Stable Connection: Unlike current standards, Wireguard establishes incredibly stable connections. This means that you can jump between your wireless network and your Wi-Fi without dropping the VPN connection like most of the other protocols.
- Extremely Fast: Most tests, not just the ones conducted by the Wireguard team, have seen performance improvements by up to 4x’s the speed of regular VPNs. This means that you can connect to the server four times faster and your connection speeds are up to four times faster. If you’ve used a VPN for any period of time, you know how important these increased speeds are!
You see, the old connection protocols were designed decades ago and have been slowed by all the over-engineering that has taken place to make them meet different needs.
A new protocol has been much needed and it’s interesting that we’re not only getting Wireguard in 2021, but also the similar Lightway protocol by ExpressVPN.
For you, the user, the only thing that really matters is that the VPN protocol connects quickly, stays connected and gives you fast connection speeds.
There are some disadvantages to Wireguard, however, that we need to address.
Disadvantages of the New Protocol
Wireguard has surged in popularity because of all the advantages that it provides.
However, there are two very interested disadvantages that you don’t hear about often.
- Requires Logging: Because of how Wireguard establishes the connection, the Wireguard protocol cannot be used without logging. Most VPNs claim that they are a zero-log service…but they’re lying. Wireguard is incredibly secure and offers a lot of privacy, but it still leaves a trail behind.
- No Dynamic IP assignment: If you were hoping for dynamic IP assignments that will provide a small bit more privacy, you won’t be able to get it with Wireguard. The protocol is designed such that each client has a fixed IP address.
How to Use Wireguard
As I stated earlier, Wireguard was initially developed for the Linux operating system but has since been made to work with other major platforms like Windows, Mac, Android and iOS.
But unless you’re incredibly tech-savvy and willing to dedicate a computer in your home to be your own server, you’re probably going to be looking for an acceptable commercial VPN service.
So which VPNs use it?
Eventually, all of them will. For now, I’m keeping an updated list of VPNs that use WireGuard. Here are the ones that I recommend.
Mullvad VPN: First Mover Award
Mullvad VPN was one of the first VPNs to integrate Wireguard as a protocol option. At this point, it’s actually the default protocol.
Other VPNs, such as the newer Mozilla VPN, rely on the Mullvad server network and exclusively use the protocol as well.
Mullvad is an open source project that requires a bit of technical know-how to set up and they’re not the cheapest option, but it’s great for privacy-focused individuals.
Mullvad offers a flat rate of €5/mo with a 30-day money back guarantee.
NordVPN or VyprVPN (Personal VPNs)
For a more consumer-friendly option, I recommend either NordVPN with NordLynx or VyprVPN. Both services are extremely easy to download and install on any device you want to use and support Windows, iOS, MacOS and Android.
There are pros and cons to each of these commercial VPNs, of course, so you might also be interested to read through my NordVPN review or the review of VyprVPN before making your choice.
Final Thoughts on Wireguard VPN
If you’ve been using VPNs for a while, switching to Wireguard is going to make your life so much easier. You’ll notice an immediate improvement on the connection and, as has been the case for me, connection speeds.
What is Wireguard?
It’s reinventing the VPN connection protocol to bring it up with the times, making it faster to use, easier to implement and lean.
Feel free to try to implement Wireguard on your own server setup, or you can use a service like Mullvad, NordVPN or VyprVPN.