WireGuard is one of the many protocols out there. It’s fairly new, yet VPNs have been rushing to intergrade it into their services. It was created because the current ones were “outdated”. It’s exciting, but there are a couple of things you should know first. It’s known to have some privacy issues that VPN users have been wary about. Let’s take a look at it.
What Is A VPN Protocol?
To fully understand WireGuard, you need to know what a protocol is. It’s the set of rules established between your computer and the server you want to connect to. Depending on your protocol, your safety online would differ. Your protocol also defines how fast your connection is – some are more fit for mobile devices.
The most notable protocols are:
From the options available, OpenVPN is known to be the best.
What Are the Pros of Using WireGuard?
To help make our article more comprehensive, we took a look at its pros and cons.
There Is Less Code
For protocols, less code is beneficial. You have less surface to find flaws. WireGuard offers 4,000 lines of code. This may seem like a lot, but know that OpenVPN + OpenSSL offers 600,000 lines. They aren’t the only bulky ones. IKEv2 along with XFRM and StrongSwan provide 400,000.
Not only do fewer lines provide less of an attack surface, but they make protocols easy to audit, as well. It’s common knowledge that WireGuard only takes a few hours for this. It doesn’t require a team either.
The fact that it’s easier to audit is great for VPN users. Any vulnerabilities can easily be found. When Nord was hacked, running a thorough audit helped them make their systems more secure.
As mentioned, WireGuard was created as the protocols available were “outdated”. This isn’t wrong – they’re tried and tested, so they’ve been around for a while. WireGuard makes note of the encryptions it offers on its site.
The following are available:
- ChaCha20 is used for symmetric encryption. It is authenticated along with Poly1305, using RFC7539’s AEAD construction.
- Curve25519 is utilized for ECDH
- BLAKE2s is used for hashing and keyed hashing, described in RFC7693
- SipHash24 is used for hashtable keys
- HKDF is made use for key derivation, which is described in RFC5869
Use Across Many Platforms
You’ll be able to utilize it widely. It supports macOS, IOS, Android, and Linux. You’re probably wondering about Windows. It’s currently not available, but it’s in the works.
You’ll be connecting to servers through public keys. Countless Protocols like OpenVPN use certificates. This is unfortunately a problem – WireGuard can’t be used in certain VPN clients. But the list is expanding. Big names like NordVPN have utilized it, as well as Mullvad and
We have to say, it is one of the fastest protocols we’ve used. On NordVPN, it is used as their NordLynx. Through testing, we found speeds of around 400 – 500 Mbps. We connected to servers in the western US – specifically Seattle.
Many who’ve used the protocol have raved about how fast it is. This is one of the reasons why VPNs are rushing to get it integrated.
What you need to know about VPNs is that they slow your connection down. You’re channeling your data far away, encrypting it heavily, after all. Many people who’ve used WireGuard would agree when we say that using it will make you forget that you’re even connected to a VPN.
It’s Out of Beta
Since March 29, 2020, the protocol merged into the 5.6 Linux kernel. This means it’s out of the beta stage. Why is this great? Because it’s stable enough for widespread use. There used to be a warning about this on the site.
What Are the Cons of Using WireGuard?
Now that you’re familiar with its pros, let’s take a look at some problems that might crop up.
Your IP Address Is Saved
If you’re interested in the service, know that it wasn’t meant for privacy but speed and security. Whenever you connect to a server, your IP address will be saved. What’s concerning about this is the fact that it’ll be saved indefinitely or until the server gets a reboot.
This is one of the reasons that WireGuard cannot be used with no-log programs. You might be wondering about NordVPN, though. It offers a strict no-logging policy, so how does this work? Like countless private networks that utilize it, they’ve made custom solutions for this. Nord explains this very well on their site.
No Dynamic IPs
Many protocols assign dynamic IPs to you. This isn’t the case for Wireguard. Your static IP could leak through WebTRC leaks. This greatly puts your privacy online at risk. Just like your IP address being saved, VPNs like OVPN have acknowledged and tried to work around this issue.
Can’t Be Used for Windows
As mentioned, it’s currently in the works for Windows. When it will be done is not known.
Let’s sum things up. The protocol is new and exciting. Many users are considering it – and VPNs are rushing to add it. It comes with a range of benefits and has a very short line code. This provides a smaller surface to hack. It also makes WireGuard easier to audit, which helps improve security.
It is fast – whoever has used it would agree that it’s the fastest protocol around. It also offers encryptions that we like – they are fresher to see than those WireGuard calls “outdated”.
That being said, it does come with some drawbacks. Keep in mind that it’s meant for security and speed – not privacy. This is why we’re disappointed that it doesn’t offer a dynamic IP. As a result, your static address could leak. Moreover, the protocol saves your IP to servers which will be on it indefinitely or until rebooted. Thankfully, Virtual Private Networks have acknowledged these flaws and tried to work around them. One of the most notable is Nord.