VPN

WireGuard VPN: The VPN Protocol of The Future?

Author
Manuela Lenz
Last update

When it comes to VPN security and performance, there's a new sheriff in town: WireGuard. The open-source protocol promises to surpass the current industry standards (OpenVPN and IPSec) in terms of speed and data encryption. Since it also claims to be easier to configure, many have started referring to it as the new gold standard among VPN protocols.

This opens the door to a variety of different potential applications for the protocol. For example, WireGuard can allow employees to remotely and quickly connect to their company's intranet. Using the protocol, backbone routers can also be configured to establish connections anywhere, without the need for special infrastructure or certificates.

This guide provides a detailed look into how WireGuard operates and highlights what you should pay attention to when installing and configuring it for use. Additionally, we'll sum up the most important advantages and disadvantages of the open-source protocol.

What Is WireGuard?

WireGuard is based on a technology developed by Jason A. Donenfeld for establishing secure VPN networks and offers an alternative to well-known solutions like IPSec, SSTP, or OpenVPN. It can be seen as a mix between a VPN protocol and VPN software, which is not only easy to configure but also capable of establishing fast connections and stable VPN tunnels (even on mobile clients).

WireGuard performs well on Layer 3 (network) of the open systems interconnection (OSI) model, supporting IPv4 and IPv6. Although the software is based on peer-to-peer architecture, it can also simulate client-server architecture. The VPN connection (similarly to the secure shell protocol, or SSH) is established by exchanging publicly-available keys.

Although originally developed for Linux, WireGuard is available on Windows, Android, Mac, and iOS.

Which Features Does WireGuard Offer?

WireGuard fulfills the system role of a network adapter, adding one or more network interfaces that can be configured analog to wlan0 or eth0 (i.e. with ipconfig or route). The application is consciously limited to providing only the most necessary features in order to keep it as simple as possible. This can be seen in the program's code, which contains a mere 4,000 lines, and is both easy to read and understand.

To compare: IPSec or OpenVPN entail several hundred thousand lines of code.

As a result, WireGuard offers fewer configuration possibilities, but can also be checked more easily, an important feature for security-critical applications.  

WireGuard's VPN solution uses three basic cipher functions to encrypt connections:

  • Curve25519 with the Elliptic Curve Diffie-Hellman (ECDHE) protocol for handshake encryption (key exchange)
  • BLAKE2s for universal hashing (for example, to generate HMAC codes or key derivations with HKDF)
  • ChaCha20 and Poly1305 for symmetric encryption and data exchange

The underlying principle is both simple and effective: Each participant receives a public VPN key, through which they can be uniquely identified. Ed25519 is used as the protocol for public key authentication.

WireGuard's high security and encryption standards are rooted in modern crypto algorithms. Using "cryptokey routing", servers and clients each receive static IP addresses which are stored in the server's configuration data. When establishing a connection, this is compared to the public key, and only when they match, does the process continue.

Hint:

More information about WireGuard, including details about its protocols and encryption mechanisms, can be found in this white paper.

An Overview of WireGuard's Pros and Cons

The main advantage of WireGuard is its straightforward usability. Apart from that, it also offers a number of other benefits:

High-performing and stable VPN tunneling

Solid security owing to integration of current cryptographic processes

Manageable code with few weaknesses

Well thought-out concept

If you are planning to use WireGuard, you should be aware that it remains "under construction", particularly in terms of functionality. Alongside its numerous advantages, WireGuard also has some significant disadvantages:

Software remains experimental

Does not support dynamic IP address management (client needs to be coupled with a previously-defined VPN address)

No server verification

Not possible to connect or authenticate via proxy

Does not support TCP (at the moment)

VPN Providers That Support WireGuard

Most VPN providers continue to debate whether or not to integrate WireGuard into their clients. However, a number of services do offer the new protocol, including:

Filter
Sort By
Best Overall 2022
NordVPN Test
NordVPN
(690,514)
5400+ servers, 60 countries
Excellent performance
No logs
6 devices simultaneously
Inexpensive 2-year package
NordVPN combines speed, user-friendliness and functionality into a coherent overall package that is also fairly affordable.
Data volume
unlimited
Devices
6
Protocols
5
Contract Period
1 - 24 months
+3 months
Black Friday Deal
NordVPN 2-year plan
$2.99
monthly price
Visit Website »
30 days money-back guarantee
Review
4.7 / 5
excellent
Surfshark VPN Test
Surfshark VPN
(106,636)
3200+ servers in 65 countries
Unlimited number of devices
Many apps (Linux, FireTV, ...)
Saves no logs
Very cheap on the 24-month plan
Surfshark is one of the cheapest providers on the market, but besides the price also impresses with strong protection, many features and a great support with 24/7 live chat.
Data volume
unlimited
Devices
unlimited
Protocols
3
Contract Period
1 - 24 months
Surfshark 24 months
$2.49
monthly price
Visit Website »
Get 83% Discount
Review
4.4 / 5
good
ProtonVPN Test
ProtonVPN
(92,270)
Strong focus on security
1200+ servers in 55 countries
Headquarters in Switzerland
Solid performance
Open Source & external audits
Data volume
unlimited
Devices
10
Protocols
3
Contract Period
1 - 12 months
ProtonVPN Plus (2 years)
$4.99
monthly price
Visit Website »
30 days money-back guarantee
Review
4.3 / 5
good
hide.me VPN Test
hide.me VPN
(24,005)
1900+ servers
75+ locations in 47+ countries
Saves no logs
14-day money-back guarantee
with free plan
Data volume
10 - ∞
Devices
1 - 10
Protocols
7
Contract Period
0 - 24 months
hide.me Free
$0.00
monthly price
Visit Website »
30 days money-back guarantee
Review
4.2 / 5
good
Private Internet Access Test
Private Internet Access
(166,867)
34,000+ servers in 75 countries
Very good VPN client
Wide range of features
No independent security audit
Weak performance in speed test
Data volume
unlimited
Devices
10
Protocols
2
Contract Period
1 - 36 months
Private Internet Access 3 Years
$2.19
monthly price
Visit Website »
Review
4.1 / 5
good
Windscribe VPN Test
Windscribe VPN
(125,383)
500+ servers in 60+ countries
Free version with 10 GB limit
Connect unlimited devices
Good for video streaming
Headquarters in Canada
Data volume
unlimited
Devices
unlimited
Protocols
4
Contract Period
1 - 12 months
Windscribe 12 months
$4.08
monthly price
Visit Website »
Download for free
Review
3.9 / 5
good
VyprVPN Test
VyprVPN
(78,031)
700+ servers in 70 countries
Saves no logs (Audited)
Company location in Switzerland
Premium: own VPN protocol
Data volume
unlimited
Devices
5
Protocols
6
Contract Period
1 - 12 months
VyprVPN 12 months
$8.33
monthly price
Visit Website »
30 days money-back guarantee
Review
3.8 / 5
good
show all
Author: Manuela Lenz
Manuela Lenz is a trained IT specialist and worked for 20 years as a system administrator and project manager for large companies. Since 2017, the IT specialist has been a passionate IT-author. For EXPERTE.com she writes about project management, software and IT security.
Other languages:
Deutsch Italiano Français