In the VPN industry, a big selling point of any product is the type of security protocol(s) it supports. Far from there being one dominant, standardized protocol at a time, new and old ones are constantly falling in and out of favor with VPN providers. The latest, and some would argue greatest thus far, is WireGuard.
But what is WireGuard, how does it work, and why is it superior to competing alternatives? We’re here to help you understand.
What Is WireGuard?
WireGuard is an encryption and communication protocol that your VPN uses to protect the traffic channel you open up between your devices and your VPN company’s servers. It was developed by security researcher Jason Donenfeld, who was tired of overcomplicated and slow solutions.
(Credit: WireGuard)
Unlike the protocols that came before it, such as IKEv2/IPSec and OpenVPN, WireGuard takes many existing, off-the-shelf components and crams them all together in just 4,000 lines of code. To give you a sense of how compact that is, options like IPSec and OpenVPN can run to more than 600,000 lines of code.
The result of WireGuard’s lighter and more efficient implementation is that you get the same or better levels of security as other protocols, but at faster speeds and lower device load. Previously, developers faced a trade-off between security and speed with VPN protocols, but WireGuard eliminates that compromise almost entirely.
WireGuard first gained traction several years ago and has since become one of the principal standards for any VPN worth its salt. Many VPNs have moved from OpenVPN to WireGuard since its release because it combines security, speed, and ease of implementation into a single package, and their services are better for it. Some examples of VPN services that use WireGuard include Hide.me, Proton VPN, and TunnelBear.
Currently, the most widely used protocol is OpenVPN, but that’s changing quickly as more VPNs modernize protocol selection and add WireGuard as the default choice for mobile and desktop clients.
The Best VPNs With Wireguard
How Does WireGuard Work?
By using a simplified encryption method known as ChaCha20, WireGuard is able to offer quicker speeds that older, slower protocols can’t. Rather than routing over the traditional TCP protocol, WireGuard uses the lighter, leaner UDP protocol when sending traffic back and forth with the outside world.
While the AES-256 encryption technique that protocols like OpenVPN use has been audited for years longer than WireGuard’s Chacha20, you needn’t worry about using the newer protocol. Why? Because Wireguard uses more modern, compact security. In fact, OpenVPN’s overreliance on obfuscation in favor of performance leads to more delays in handshake times, higher latency, and slower download times. Implementing WireGuard can solve most of these problems in the VPN pipeline.
What Operating System Is WireGuard Compatible With?
WireGuard is currently compatible with all major operating systems, including Android, iOS, Linux, macOS, and Windows (7+).
It’s one of the few protocols with universal support across major devices. Even OpenVPN, famed for its compatibility, doesn’t always work in practice across all mobile and desktop OSes, whereas WireGuard seamlessly protects each type of operating system with ease.
Recommended by Our Editors
What Are the Pros and Cons of WireGuard?
Even if you’re not a developer, you might still consider some of WireGuard’s pluses and minuses when deciding whether you want a VPN service that uses it.
Pros
-
Lightweight: WireGuard takes very few resources from your host device to protect your connection, thereby improving speeds and reducing the load so your laptop, smartphone, or tablet battery can last longer.
-
Secure: WireGuard deploys all the latest cryptographic technologies, taking a more modern approach compared with older VPN protocols.
-
Quick Reconnects: Because WireGuard doesn’t use handshake authentication like other protocols, it can quickly drop and pick up new connections without a complex reconnection process.
Cons
-
Lack of Privacy: If you use your VPN specifically to keep your use of a VPN secret from your ISP or any other potentially prying eyes, WireGuard is likely not the right protocol for you. Because it uses UDP instead of TCP, the traffic itself can easily be detected as VPN traffic by anyone who’s got an eye on the line. This makes it a less-than-ideal option if your main concern is keeping your identity hidden from everyone from spying governments to your favorite streaming service.
-
Compatibility: Because it’s relatively new, the VPN of your choice may not universally support WireGuard across all device types. Some VPNs only support WireGuard on certain devices, while others don’t offer it at all. Make sure to read the fine print of your next VPN before signing up to guarantee the protocol is not only part of the service but also that it will work with all your devices.
Should You Use WireGuard to Protect Your VPN Connection?
If your main concern is keeping your ISP or endpoint services (think BBC iPlayer, Netflix, and so on) from detecting that you’re using a VPN, WireGuard likely isn’t the right choice to protect your connection.
However, if you’re mainly looking for a lightweight, battery-sipping, quick, and secure protocol that can keep your device’s identity obscured from the rest of the open web, WireGuard has the goods to get the job done.
See our list of the best VPNs to find the WireGuard-compatible solution that best protects you and your devices.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.