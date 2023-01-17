The primary goal of any VPN is to create a secure encrypted tunnel for all your internet traffic by helping to shield it from hackers and others that want to take a peak, which may even include your ISP.

VPN providers can choose from many protocols - OpenVPN, IKEv2, L2TP, SSTP, more -to create and manage the encrypted tunnel. Each one comes with their advantages and disadvantages.

OpenVPN is currently the most popular option, but its original design actually dates all the way back to 2001. As with all facets of technology, much has changed in relation to the internet and how its use has evolved during the last 20 years or so.

WireGuard is a more recent entry into the world of VPN protocols and it's already gained acceptance across the cybersecurity sphere. During this article, we're going to be taking a closer look at WireGuard to find out why. We’ll explore its major pluses, as well as highlight one or two potential downsides.

A lighter VPN protocol...

WireGuard's developer, security researcher Jason A. Donenfeld, originally began work on the protocol back in 2016. Originally developed for Linux, it's now also available on Windows, Mac, Android and iOS.

One major advantage of WireGuard is its simplicity. While OpenVPN and IKEv2 require hundreds of thousands of lines of code, WireGuard works with under 5,000, and that has all kinds of benefits.

There should be fewer bugs and security vulnerabilities, for instance. Less code also means reduced CPU usage. Faster connection times. Adding to the appeal is the way it's much better suited for routers and mobile devices that don't have desktop levels of computing power.

Cryptography is another highlight, with WireGuard using state-of-the-art protocols such as Curve25519, ChaCha20, Poly1305 and BLAKE2.

Low-level but other important benefits include the ability to run inside the Linux kernel, which is the guts of the OS that does all the low-level heavy lifting. OpenVPN runs outside the kernel, so Linux must do extra work (a 'context switch', technically speaking) to help OpenVPN work with the system, every time it sends or receives packets. WireGuard lives inside the kernel, with no need for context switching, potentially delivering a big performance boost.

Just how big could these performance benefits be? In August 2021 Donenfeld reported a Wi-Fi speed increase from 95Mbps to 600Mbps with a new kernel-friendly Windows beta, though it's not yet clear how typical that might be.

...but it's not perfect

With these obvious advantages, it's no surprise that WireGuard is now widely supported in the VPN world. Surfshark, Private Internet Access, VyprVPN, StrongVPN, TorGuard and others include it in their apps, and NordVPN used WireGuard as the basis for its NordLynx protocol.

The technology isn't supported by everyone, though, and there are several issues for VPN providers to solve before they can make it work.

WireGuard doesn't have a way to allocate dynamic IP addresses, for instance. This means in theory that your VPN IP address could be the same every time you connect. What could happen as a result of that scenario is that it might be possible for you to be tracked online.

Annoyingly, WireGuard doesn't automatically delete your IP address when you disconnect, either. It might stay in memory for who-knows-how-long after the session has ended. OpenVPN and other protocols work harder to protect your privacy by deleting IPs when they're no longer needed, which helps to reduce the possibility of your address being logged.

On top of that, however, there's also no support for forward secrecy, which is a system where VPN data is encrypted using a new private key every session. WireGuard uses the same key by default. What that means is if a hacker gets into the server they can subsequently steal your key and may also be able to decrypt your traffic.

Don't panic, though

Although WireGuard therefore creates some security concerns, these are not bugs or issues with the design overall. In fact, the whole point of the protocol is to keep things simple and throw away a lot of the complexity, which means that these are just some of the features that got left out.

These concerns don't mean connecting using WireGuard is less secure than OpenVPN, either, because the top VPNs have created their own app and server-based solutions.

IVPN has come up with its own way to assign dynamic IP addresses and give you a new private key, for instance. And, it fixes the 'stores IP addresses forever' issue by detecting when nothing's happened on the connection for three minutes, then deletes and reconfigures your connection.

A great way to get a more detailed insight into how and why this happens is to read more on the subject, which can be done by delving into IVPN's WireGuard knowledgebase article.

The end result of all this is that WireGuard offers the best of all worlds. Not only do you get plenty of cutting-edge performance, but there’s the added benefit of being armed with all the privacy features you'd want and expect.

Admittedly, the extra work involved for providers means it's not going to be easy for everyone to implement WireGuard, though. What’s more, it’s also worth bearing in mind that smaller VPNs may never support it at all.

Stick with the big name VPNs?

Which does rather bring us back to the point of which is the best VPN for your needs? The VPN marketplace is a big one, with lots of options to choose from including the best free VPN solutions, which can be used without paying anything for the privilege.

There are always compromises with free software solutions though, and if you value privacy and security as two of the main criteria’s for using a VPN, gratis software might not be the way to go.

It’s far better, in fact, to head in the direction of a well-known, reputable brand such as NordVPN or Surfshark. Going with one of the big name providers means that they will deliver a VPN that is a safe and secure solution.

NordVPN, for example, provides its subscribers with a comprehensive range of the best VPN tools and it’s all wrapped up in an interface that is quick and easy to use. Crucially, you also get lots of technical support, which in an arena where complex connectivity issues can occasionally arise, provides extra peace of mind. Better yet, you’ll still get to enjoy all of the benefits of WireGuard technology too.

