Sometimes confused as a VPN of its own, WireGuard is a VPN protocol. A VPN protocol is a tool that allows VPN providers to create encrypted tunnels that your internet traffic is routed through. It essentially protects your data from prying eyes, e.g. malicious actors. The most commonly used VPN protocols are OpenVPN and IKEv2 but recently, some of the biggest VPN providers started implementing WireGuard. WireGuard is essentially a more efficient replacement to OpenVPN and IKEv2 protocols.
WireGuard VPN protocol review 2023
WireGuard was developed by security researcher Jason A. Donenfeld in 2016. While it was originally developed for Linux, it has since been released for Windows, macOS, Android, and iOS. In 2023, WireGuard is being used by some of the biggest VPN vendors like NordVPN, Surfshark, and IPVanish.
WireGuard is much simpler for VPNs to implement. It’s also much more lightweight compared to other protocols. And since it has significantly fewer lines of code, it’s much easier to audit, plus there’s less risk of vulnerabilities. In 2023, WireGuard has around 3,800 lines of code, which is significantly less than OpenVPN (around 100,000). Inspecting the code takes hours instead of days, and spotting vulnerabilities is much easier. This all contributes to keeping WireGuard more secure. Plus, smaller code often means better performance.
However, WireGuard is not perfect. The way it assigns users IP addresses is a bit worrisome because it could, in theory, lead to traceable online activities. WireGuard assigns static IP addresses, which essentially means that your IP address does not change every time the VPN is connected. In order to know which IP address it should assign to which user, it needs to store the IP addresses and timestamps. Ideally, a VPN should not store any kind of information on its servers, so that is a bit problematic. If you choose to use a VPN that implements WireGuard, you should check how it guarantees your privacy and security.
WireGuard 2023 pros & cons
Despite being one of the most recent VPN protocols, WireGuard is already hailed as one of the fastest and most secure. However, like all software, it has its own pros and cons.
- It’s fast. Among all VPN protocols, WireGuard provides the fastest performance and bandwidth.
- It’s lightweight. With only 4,000 lines of code, WireGuard is much easier to inspect and audit. Vulnerabilities are much easier to spot and patch compared to protocols like OpenVPN which has around 100,000 lines of code.
- It’s more secure. The fewer lines of code there are, the fewer exploitable vulnerabilities it will have.
- Much better for routers and smartphones. Because it’s so lightweight, it’s much better suited for routers and mobile devices that aren’t as powerful as a desktop computer.
- It assigns static IP addresses. We have already discussed why this could be problematic but in short, it could theoretically allow malicious actors (or other entities) to trace back users’ online activities because of this.
- It’s new. WireGuard is still relatively new compared to OpenVPN (initially released in 2001), and new software takes a while before it’s tested extensively.
Which VPNs support WireGuard in 2023?
VPN providers like Mullvad and IVPN are some of the earliest adopters of WireGuard. And now, more and more VPNs are implementing WireGuard.
NordVPN is one of the best examples of how to properly implement WireGuard. NordVPN’s implementation of WireGuard is known as NordLynx. The technology allows users to keep their privacy while also enjoying the improved speeds that come with WireGuard.
What NordVPN did was develop the double Network Address Translation (NAT) system. According to NordVPN, the way it works is:
To put it simply, the double NAT system creates two local network interfaces for each user. The first interface assigns a local IP address to all users connected to a server. Unlike in the original WireGuard protocol, each user gets the same IP address.
Once a VPN tunnel is established, the second network interface with a dynamic NAT system kicks in. The system assigns a unique IP address for each tunnel. This way, internet packets can travel between the user and their desired destination without getting mixed up.
The double NAT system allows us to establish a secure NordLynx connection without storing any identifiable data on a server. Dynamic local IP addresses remain assigned only while the session is active. Meanwhile, user authentication is done with the help of a secure external database. That means you can enjoy an excellent connection speed without compromising on your security and privacy.
NordVPN’s implementation of WireGuard allows users to enjoy the benefits of this lightweight protocol without sacrificing their privacy and anonymity.
IPVanish also implements WireGuard and offers it to users at no additional cost. IPVanish emphasizes that WireGuard is much faster than both OpenVPN and IKEv2 protocols, is less CPU-intensive, and handles encryption better than IKEv2. However, it also stresses that WireGuard’s priority is to provide solid security, not protect users’ anonymity.
Access to WireGuard is included in all IPVanish subscriptions. However, users’ operating systems and devices must meet the requirements. Those using IPVanish with the WireGuard protocol should notice faster connection speeds. Furthermore, WireGuard should do a better job at keeping the VPN connected in poor connection quality situations.
Mullvad is one of the earliest adopters of WireGuard. The privacy-oriented VPN provider emphasizes that with much fewer lines of code, there’s significantly less chance of vulnerabilities being present.
Mullvad has come up with a way to offer users better speeds and security with WireGuard while protecting privacy. Mullvad does keep temporary logs of users’ IP addresses but these logs are automatically deleted when the VPN session ends.
When using WireGuard, your public WireGuard IP address is temporarily left in memory (RAM) during connection. By default, WireGuard deletes this information if this server has been rebooted or if the WireGuard interface has restarted.
For us this wasn’t enough, so we added our own solution in that if no handshake has occurred within 600 seconds, the peer is removed and reapplied. Doing so removes the public IP address and any info about when it last performed a handshake.
Surfhsark also implements WireGuard. Surfhsark recommends that users try out all the available protocols to find the one that best works for them. WireGuard is easily enabled in Advanced settings. Surfshark users using WireGuard should enjoy significantly better speeds than when using other protocols.
Like NordVPN, Surfshark has also implemented a double NAT system to fix the privacy issues that come with WireGuard.
At Surfshark, for example, we do not store your connected IP address. At the same time, we assign dynamic IP addresses to all our users and obfuscate their connection as a layer on top.
So whatever issues WireGuard has, as a VPN provider, we fix them on our end.
Common questions about WireGuard
Here are quick answers to some of the most common questions users have about WireGuard.
Is WireGuard a VPN?
No. Some users may confuse a VPN and a VPN protocol, which are two different things. WireGuard is a VPN protocol. WireGuard can be implemented by a VPN provider but it’s not a VPN in itself.
Is WireGuard better than alternatives (e.g. OpenVPN)?
While WireGuard is not perfect and comes with some issues, it still has many advantages over other VPN protocols like OpenVPN. It’s also worth keeping in mind that WireGuard is relatively new so it will only get better in the future.
Is WireGuard safe to use in 2023?
Not only is WireGuard safe, but it’s also considered to be one of the safest VPN protocols out there. Its uncomplicated code makes it much easier to inspect and spot vulnerabilities. And while there may be privacy issues, VPN providers that implement WireGuard usually address and fix them on their end.