NordVPN has recently announced that it will moving towards the adoption of WireGuard – the protocol for VPN use that is likely to become a future industry standard. Although currently still under development, WireGuard has been seen as very promising in its capabilities.
“WireGuard is a relatively simple yet extremely fast and modern open-source protocol that utilizes state-of-the-art cryptography. Even though WireGuard is still at the early stage of development, at NordVPN we’re always open for innovations, new trends, and R&D breakthroughs. We believe that WireGuard may help us remain the world’s most advanced VPN service in the future,” said Laura Tyrell, Press Officer at NordVPN.
Will WireGuard be Good for VPN?
The case for WireGuard lies primarily in its simplicity, ease of implementation and management, which are likely to significantly surpass OpenVPN. WireGuard’s encryption speed is also known to far exceed that of IPsec protocols, although this claim is largely redundant since IPSec is known to be slowed down due to its double encapsulation.
A whitepaper published by the protocol’s developers claims that the virtual tunnel interface established by WireGuard is based on a proposed fundamental principle of secure tunnels: an association between a peer public key and a tunnel source IP address. It uses a single round trip key exchange, based on NoiseIK, and handles all session creation transparently to the user using a novel timer state machine mechanism. Short pre-shared static keys – Curve25519 points – are used for mutual authentication in the style of OpenSSH.
The protocol provides strong perfect forward secrecy in addition to a high degree of identity hiding. Transport speed is accomplished using ChaCha20, Poly1305 authenticated-encryption for encapsulation of packets in UDP.
Nord has long been a trusted name in the VPN community and is used by over 8 million Internet users worldwide. It offers military-grade encryption with advanced privacy solutions to ensure secure access to all online resources. While the WireGuard protocol is not yet publicly available at NordVPN, a proof of concept can already be taken for a test drive.
“Journalists and security experts are welcome to apply for early access to test the WireGuard protocol with NordVPN. To do that, please contact us through our Press section on NordVPN.com,” added Tyrell.
Following in Nord's footsteps, IVPN made IVPN has made the trial available to a select number of subscribers. The protocol is currently only available on their iOS, Android and macOS applications, since there hasn’t yet been an officially released Windows package.
Why is IVPN’s Move to WireGuard Significant?
When we first saw IVPN claiming first commercial availability we were a little dubious since this protocol has been toyed with by various VPN service providers already, including Azire and a couple of others.
Yet in between the lines we notice an extremely significant difference – Due to its extremely small footprint, it leaves portions of the protocol dependant on VPN servers. This includes key and IP address management. The VPN service providers dabbling in this upcoming protocol so far have in turn foisted the responsibility onto users.
In order to use WireGuard, you need to generate your own encryption keys and upload those to the servers you are using. This is kind of iffy as anyone in tech knows that most problems with services are caused by PEBCAK – Problem Exists Between Chair and Keyboard – which is the user.
What IVPN has done is to take on that responsibility and built in an automated system into their applications. Remove PEBCAK and WireGuard becomes a LOT more user friendly.
While the trial for WireGuard on IVPN is open to the general public with a no-commitment free account on IVPN, we highly recommend existing VPN users test it out. This will lay to rest questions about how much faster WireGuard is compared to OpenVPN.
Having tested quite a number of VPN service providers such as ExpressVPN and NordVPN, we have found that with increased high speed internet becoming more prevalent today, a lighter protocol is something that is much looked forward to.
While we have not tried it out for ourselves yet, according to Viktor Vecsei, CMO of IVPN, “both the WireGuard’s authors’ and our (sic) internal test results showed WireGuard beating out existing protocols in initial connection time and connection speed.”
We believe that IVPN has its finger on the right pulse. As Pestell says, many VPN users disconnect from their service when they need full speed for certain applications. We know this is true for us and hope that WireGuard will swiftly flood the market, thanks to early adopters like IVPN.
How Fast is WireGuard?
To date there have been rather limited tests made public for WireGuard, likely due to it being still in limited circulation. However, WireGuard has released some initial benchmarks that indicate excellent performance.
These performance figures were achieved on Linux-based test system equipped with Intel Core i7-3820QM and Intel Core i7-5200U processors along with Intel 82579LM and Intel I218LM gigabit ethernet cards.
Notes from the developers at WireGuard stated that “WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change.”
VPN Services Currently Supporting WireGuard
There are currently only a handful of VPN service providers which are offering WireGuard since the protocol is still under development. Some have built special protocols incorporating WireGuard into their own frameworks for better security.
If you're keen to test WireGuard out, here are some options where you can:
By default, NordVPN claims that WireGuard still puts users' privacy at risk and has come up with a workaround for the time being. The result incorporates a double NAT (Network Address Translation) system to overcome WireGuard not being able to dynamically assign IPs to users.
The system which NordVPN calls NordLynx is currently only available for their Linux platform users.
Having faith in the WireGuard application, TorGuard has gone for it and opened WireGuard access for Smartphone, Mac and some routers. Since WireGuard itself isn't officially available on Windows, you don't get a PC app you can use with TorGuard yet.
Mullvad has a relatively smaller network of around 400-odd servers across 38 countries and seems to be one of the few reputable VPNs that has completely embraced WireGuard. If you sign up with them you can use WireGuard on 92 of their servers.
They have made WireGuard available on almost all platforms, from PC to Mac and Android to iOS – plus even routers and on multihop routes.