What is WireGuard®?
Much has been made of WireGuard® as a VPN protocol in recent years. WireGuard® has become a sought-after feature to the point that negative reviews have focused on the lack of it in a product. This level of demand has never been seen in a VPN protocol before.
Why is WireGuard® so popular among VPN protocols? To answer that, we have to dive a bit more into what it is, how it works, and why it’s so good.
History of WireGuard®
There isn’t a lot of publicly available information about the development of WireGuard® other than from a technical perspective, but there are some things we do know.
WireGuard® was created by Jason Donenfeld in 2015. According to a letter published on openwall.net, Donenfeld started to develop WireGuard® before he really had the knowledge or experience for such an ambitious project. However, he was honest about this and reached out for help.
Initially, WireGuard® was an attempt to add to the Linux kernal. Since Linux is such a huge, open source project, it is always in need of clever developers. Donenfeld saw WireGuard® as a “kernel-related development puzzle.”
Part of what makes WireGuard® unique is that it only has 4,000 lines of code. Compared to OpenVPN, which has 70,000 lines of code (and over 600,000 lines when implemented with OpenSSL), this is almost nothing. That streamlined code makes WireGuard® both faster and more secure.
Donenfeld wanted to make a simpler tunneling protocol than what was available at the time to Linux users, which he described as “overwhemingly difficult.” WireGuard® doesn’t use the complex API of Linux’s built-in cryptographic subsystem, which is part of why it took so long to be integrated into Linux.
There was a lot of pushback when Donenfeld suggested using his Zinc library as a new cryptographic subsystem for WireGuard®. Many developers had spent years with the subsystem in place at that point, and they felt like WireGuard® was trying to reinvent the wheel.
When WireGuard® was first submitted to the Linux networking stack, it had already gone through over three years of development. It was accepted into the “net-next” maintainer tree for inclusion in the next kernel. During this time, Linux creator Linus Torvalds discovered WireGuard® and absolutely fell in love with the concept and the code. In many ways, this support is part of how WireGuard® moved so quickly into the mainline Linux kernel tree.
By March of 2020, Debian developers enabled the module for Debian v11, a Windows version was in beta testing, and Android developers had added support for WireGuard® to their kernel, signifying the jump to different platforms.
How the WireGuard® VPN Protocol Works
So, what is WireGuard®?
As a VPN protocol, WireGuard® is designed to regulate how a VPN handles data. This can have a major effect on both the speed and security of your connection. In fact, the unique way WireGuard® does data handling is part of the reason why it’s the first protocol in a long time that doesn’t skew heavily toward greater security at the expense of speed or greater speed at the expense of security.
Part of what makes WireGuard® work so well is that it is a very stripped-down protocol. It was designed to be integrated and maintained by one person, so it lets other layers of the communication process handle key distribution. By focusing just on tunnel creation and data handling, WireGuard®’s creators were able to provide high levels of encryption while still keeping connections fast.
This minimalism of WireGuard® also improves security by reducing the potential attack surface. The more code a piece of software has, the more opportunities for a mistake that can lead to an exploit. WireGuard® reduces vulnerability by having less code that can go wrong.
WireGuard VPN Protocol: A New Network Interface
The first step in encrypting a packet with WireGuard® is to create a new, simple network interface. This happens in the background and performs all the functions of your current network interface, but also is capable of identifying and verifying “peers”.
A peer is any other server that you might connect to. WireGuard® keeps a list of approved peers and where they are supposed to be “located” online. The network interface builds a tunnel to the peer and checks that it is where it’s supposed to be. If it’s not at the right site or isn’t an approved peer, the data will be dropped rather than risking it.
If the peer checks out, the WireGuard® interface will use their public key to create a session key and encrypt your data. It then rechecks the peer to make sure the endpoint is correct and, if everything is right, sends the data.
This all happens in fractions of a second.
Multiple Handshakes
Another way that WireGuard® protects your personal data is by using multiple handshakes. A handshake is an initial communication between a VPN protocol and a peer. It’s when WireGuard® establishes the session key that encrypts the files to protect your privacy.
WireGuard® bills itself as a “connection-less protocol.” What they mean by that is, that instead of just doing one handshake and establishing a state for communication, it “pulses” handshakes. Every so often, WireGuard® reestablishes the connection from scratch, effectively changing the session key.
Moreover, WireGuard® ensures greater forward secrecy by basically rotating keys.
WireGuard® minimizes packet loss during these handshakes by using a separate queue per host and basing the “pulse” on time rather than the amount of data.
WireGuard® Functionality in the Real World
Because of how WireGuard® works, it makes a lot of VPN use more secure at the client level.
First of all, WireGuard® is built to handle travel and mobile devices. It keeps a single endpoint on file: the server information. However, it is constantly building a peer list as you go of things allowed in the VPN tunnel.
WireGuard® is also a developer’s dream. Not only is the code simple, but it’s also open-source, so anybody can use it. It is easy to use in virtual environments like Docker containers. And WireGuard® is one of the most well-supported protocols currently available.
Comparing WireGuard® to Other VPN Protocols
WireGuard® vs OpenVPN
OpenVPN is potentially the most popular VPN protocol because it’s so strong. Unfortunately, the protocol is also incredibly slow compared to other protocols available on most VPNs. People who prioritize privacy above any other concern will often default to OpenVPN.
The OpenVPN VPN protocol works by sending traffic one packet at a time. Whenever a packet is sent to a destination computer, OpenVPN checks to make sure that the information is correct and the encryption remains secure. Only once your privacy is checked and that packet is secure will OpenVPN request the next packet. This is why OpenVPN works at such a glacial pace compared to other protocols like WireGuard®.
However, for people more concerned about speed, OpenVPN isn’t necessarily worth the increased privacy from such a secure connection. That’s where WireGuard® comes in.
As contrasted to OpenVPN, WireGuard® operates at significantly more speed. In fact, it’s faster than many other protocols available online today. And the WireGuard® VPN protocol is still incredibly secure because of the way that it handles encryption, so you won’t have to worry as much about your personal privacy as you would think.
WireGuard® vs IKEv2
The IKEv2 protocol is, in many ways, the polar opposite of OpenVPN. If OpenVPN is incredibly secure but has slower speeds, IKEv2 is super fast, but not nearly as secure as OpenVPN.
The way that IKEv2 works is by sending all available packets at once, and then having the information checked against a hashcheck file, which is like an inventory for encryption traffic. For comparison, if the destination computer is like a dock, OpenVPN opens every box to check that what’s inside is what is supposed to be, and IKEv2 checks the manifest against what’s written on the boxes.
This isn’t to say that IKEv2 isn’t secure or not good for your privacy, but it isn’t as strong as other protocols like OpenVPN or WireGuard®.
A WireGuard® VPN keeps your personal Internet traffic more secure than IKEv2 by utilizing the technology we explored above. Whether you’re talking about browser traffic, online video, games, or any other form of information transfer, WireGuard® is astonishingly secure and you can still rely on it to protect your privacy.
While it’s not quite as fast as IKEv2, WireGuard® is still one of the fastest VPN protocols.
Get Secure Today
All these reasons and more are why PrivadoVPN adopted WireGuard® as one of our VPN protocols. Its reputation for being both fast and safe is well earned. The developers have gone to great lengths to ensure that it is both simple and robust, striking a balance between speed and security.
You can find your protocol in the Settings menu of your PrivadoVPN client. If you aren’t using WireGuard®, give it a try today with a 30 day VPN free trial and see if you notice an improvement in your Internet connection.
Download PrivadoVPN
Protect your privacy with a world-class VPN. Sign up for premium access to PrivadoVPN and get unlimited monthly data, access to 300+ servers from around the world, and up to 10 simultaneous connections. Get a top-rated VPN that can secure your privacy at home, at work, or on the go.
Sign up for PrivadoVPN today!