What is NordLynx?

Personal data can be worth a lot of money. Hacked passwords can lead to stolen finances and personal preferences can be sold for targeted ads. If your data is untraceable and encrypted, it’s worth nothing.

One of the best ways you can stay safe online is through regularly using a reliable VPN service. When you use a VPN, your device establishes a secure, encrypted connection to a VPN server.

If this is set up properly, anyone with access to your ISP’s records will only see encrypted data, not which sites you’ve visited, the data you entered, or which internet-based services you’re using like Netflix.

Most VPN providers offer various types of connections suitable for a wide range of use cases. Different connections can use different VPN protocols, each of which have their own advantages and disadvantages.

You can read this article to learn specifically about NordVPN’s NordLynx protocol, what it’s useful for and how it can help you stay safe online. If you want to know more, you can also learn about the pros & cons of different VPN protocols in our online guide.

What is NordLynx?

NordLynx is based on the free and open source WireGuard protocol. This protocol has a lot to offer VPN users but still needs some tweaks. So, NordVPN made it better. To understand NordLynx, we first need to understand WireGuard.

WireGuard is written in less than 4,000 lines of code. Compared with OpenVPN’s 600,000 lines it’s tiny. This makes WireGuard a lot easier to debug. Fewer lines of code means there’s less to go wrong.

Secondly, WireGuard uses the very latest, ultra-powerful, and efficient encryption protocols such as Curve25519, ChaCha20, Poly1305 and BLAKE2.

All of the above makes for a protocol that’s extremely fast, lightweight, and secure; but there’s a catch.

In the interests of efficiency, the makers of WireGuard have done away with the necessary code to allocate dynamic IP addresses to devices. This means you get a static IP.

Having an IP address that doesn’t change isn’t always a bad thing, particularly if you’re running a server as it makes it easier for others to connect to you. If you’re a VPN user though, this is a big drawback as your IP address can be used to find out your location and identity.

The tweaks

NordVPN has perfected WireGuard’s code to find a way around the problem of assigning changing or ‘dynamic’ IP addresses. This is accomplished using "Double NAT" (Network Address Translation).

In broad terms, NordLynx achieves this by using two separate local network interfaces for every user. The first interface simply assigns an IP address to all users connected to a server. Unlike with WireGuard, there’s no risk you can be identified, as every user is given the same IP.

Then the second network interface kicks in. This uses dynamic NAT to assign a new IP address to each encrypted ‘tunnel’ connection between your device and the VPN server. This means that you have a fresh IP address each time you connect to a NordVPN server via NordLynx.

In the connecting phase, users are directed through an external secure database that doesn’t store any data about the IP you’re using to connect to the VPN, or the sites that you’ve visited.

NordVPN has a strict no logs policy, meaning it stores no identifiable information about its users’ connection records on its servers. This also applies to the NordLynx authentication database. NordVPN understands that it’s hard to take it on trust that they don’t keep this data. So, they regularly submit to audits by PricewaterhouseCoopers AG Switzerland, a trusted 3rd party, who can verify that they do indeed keep no unnecessary data.


NordVPN aren’t the only company to use DoubleNAT to solve WireGuard’s static IP issue but they are one of the few to wrap it into a state of the art custom protocol, which is made available free of charge to existing subscribers.

NordVPN also provides other VPN protocols. The VPN provider ran a huge battery of tests and found that NordLynx outperformed its other available protocols by a huge margin.

A lighter and more efficient protocol not only makes for better connection and download speeds but also means less strain on your system, which is useful if you have a battery powered device. It also provides additional security through elliptic curve cryptography which encrypts data much faster than regular symmetric encryption with no loss of security.

NordLynx is available for Windows, macOS, Linux, iOS & Android & enabled by default in most client apps. So, all you need to do to use it, is subscribe & download the software.

Community testing

It’s not uncommon for vulnerabilities to be found in protocols. A bug was found in the code of OpenSSL in 2022, eight years after the previous bug was discovered. With 500,000 lines of code it’s not surprising it took so long to find. So, it’s safe to assume if there is something wrong with WireGuard’s 4,000 lines, it’ll be spotted quickly.

It’s hard to be 100% sure anything is completely secure. Although, to date, there are no records of any major WireGuard vulnerabilities being exploited.

Even though NordLynx is based on open source WireGuard, it’s not open source itself. This means the code can’t be checked over by the programming community for possible bugs. This being said, as WireGuard seems to be in check, we should be able to rely on NordLynx.

The perfect protocol

NordLynx has all the strengths of WireGuard but none of the weaknesses. There are many other benefits too. These include built-in malware protection & even double VPN if you want extra security. You can even link up to 10 of your devices in a secure, encrypted ‘meshnet’ by using NordVPN’s client software if you want.

If you’re still not sure whether NordLynx is the right protocol for you, take some time to read our guide for choosing the best VPN protocol.

TechRadar VPN disclaimer

Nate Drake is a tech journalist specializing in cybersecurity and retro tech. He broke out from his cubicle at Apple 6 years ago and now spends his days sipping Earl Grey tea & writing elegant copy.