If you are using a VPN, chances are it will work using OpenVPN or IPsec, which have been the dominant standards for quite some time. WireGuard, however, gives them a run for their money, and it’s easy to see why. It is cleanly coded, connects in the blink of an eye, uses modern, highly tested cryptography and works with just about everything. WireGuard was even included in the Linux 5.6 kernel. Linux creator Linus Torvalds said, “Compared to the horrors that are OpenVPN and IPSec, this is a work of art.”
What is WireGuard and what makes it different?
Like OpenVPN and IPsec, WireGuard is a VPN system. This means that it establishes an encrypted connection between a client machine (your computer) and a server located elsewhere. You send your requests to the server and the server forwards them to the site you are trying to access. The site then sends the information back to the server in the middle, and the server sends it to you. This is great for privacy and security as long as you can trust your VPN provider and the technology it uses.
One of the reasons why WireGuard is so popular is that it allows for increased confidence in the technological side of things. It’s open source, and with just under 4,000 lines of code, it’s about 1% the size of competing technologies (OpenVPN / IPsec). This means that a knowledgeable person could get by fairly quickly. This represents WireGuard’s “security through simplicity” philosophy. With a smaller attack surface, neglected vulnerabilities are more difficult to find and fixing them when they appear is easier.
The code base is so small in part because WireGuard uses a custom (but still cryptographically valid) suite of some of the most modern cryptographic tools (ChaCha20, Curve25519, Poly1305, BLAKE2s, SipHash24, etc.). They establish and encrypt communications rather than implementing entire protocols. The system has been rigorously tested and found healthy.
In addition, it maintains its security thanks to version control. When a problem is discovered with one of its protocols, WireGuard can simply be corrected and updated. It’s actually faster and potentially more secure than the more complex process of “cryptographic agility” that older VPNs use to exchange protocols in a more piecemeal fashion.
For most users, however, the most notable changes made by WireGuard are its speed of connection and its stability. This is because WireGuard’s encryption system is based on the exchange of keys (much like SSH). It’s much faster than the certificate-based system that dominates most VPNs. It also consumes fewer resources than its competitors, which makes it significantly easier on the machines that run it.
Are there any problems with WireGuard?
As with any system, WireGuard is not 100% perfect. The development team is still developing some features and work to improve compatibility with different systems. But it is fully usable and secure in its current form.
However, one of the most common complaints about WireGuard is that it is designed for security, not privacy. It provides a communication protocol and comes with built-in privacy measures, but leaves a lot of room for the people running the servers. Most of this has to do with how it stores IP addresses. Each VPN protocol must know where to send the data. Because of the way WireGuard connects, it usually takes longer to “forget” a connected IP address than something like OpenVPN.
This is a problem that most WireGuard VPN providers address by ensuring that addresses are deleted regularly and not saved. It is quite repairable. It should be noted that no VPN technology is secure if a provider wants to keep logs. A VPN that wants to spy on you can do it with WireGuard or OpenVPN, so in any case, you need to find one that you can reasonably trust.
How can I start using WireGuard?
WireGuard is rapidly gaining ground among many VPN subscription services. If you want to start using it, all you have to do is quickly find the suppliers that have implemented the system. NordVPN, Private Internet Access, ExpressVPN and TorGuard are all reliable services that give you the ability to use WireGuard.
If you’re more of a DIY VPNer, WireGuard is open source and supports a wide variety of platforms. You can use anything from a virtual private server to a Raspberry Pi to get your own WireGuard VPN implementation. I was able to start an encrypted WireGuard connection between a Windows 10 machine and an Ubuntu 20.04 VPS fairly quickly. However, it took a bit of bug hunting before transmitting data.
Is WireGuard the future?
Unless something goes terribly wrong, WireGuard is likely to become the default option for many VPN connections, especially given its privileged place in the Linux kernel. OpenVPN and IPsec are widely used and well established technologies, and they will not go away anytime soon. WireGuard is still a whole new technology. Although it probably has the advantage in many respects, its competitors are already integrated into many systems and retain certain comparative advantages. That said, WireGuard is the next generation of VPN software. Unless you have a good reason not to use it, this is probably the way to go.
If you’re looking for a VPN service, find out what to look for when choosing a VPN provider.
Is this article useful?