Every now and again a new VPN technology bursts onto the scene that promises to change the way that existing technologies work. New kid on the block WireGuard is just such a technology and it is slowly finding its way into mainstream VPN services, slowly but surely. NordVPN has incorporated it as NordLynx and others including Surfshark and IVPN. So, just what is WireGuard.
The main selling point of WireGuard is that it promises to increase Internet access speeds. While most VPNs slow down speeds because your traffic is put through multiple servers, this service does increase Internet speeds. One of they key reasons is that it is a lightweight and very slim protocol. OpenVPN has around 40,000 lines of code; WireGuard has less than 4000.
Also, it states it uses state-of-the-art cryptography, like the Noise protocol framework, Curve25519, ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and secure trusted constructions. It makes conservative and reasonable choices and has been reviewed by cryptographers.
So, what’s not to like. Well, two things spring to mind.
First, the protocol is in its infancy with more rigorous testing needing to be done, which explains the reluctance of some VPN providers to jump in feet first.
Second, the way WireGuard assigns you an IP address probably contradicts the strict no-logs policies employed by most VPNs. WireGuard can’t dynamically assign IP addresses allocating a static IP address instead.
This means your assigned IP address doesn’t change every time to connect to the VPN and your public IP address and timestamps have to be stored at the server level so the protocol knows which IP address to connect you to and whether it can reuse that IP address when you no longer need it.
NordLynx has discovered a work-around but other mainstream, premium providers are biding their time until the static IP address issue has been addressed.
I have tested WireGuard in NordLynx, but I shall be sticking to IKEv2 which, so far, offers me the best speeds on desktop and mobile devices.