Novelty is rare in the VPN industry. And it is especially exciting when something new comes along and makes us reexamine our standards.
Recently, that something was WireGuard®. It’s not every day that a new VPN protocol comes around. But how does this change what a VPN can do? And how does it impact you, the user? Let’s take a look.
Table of contents
What is WireGuard?
WireGuard protocol is a secure network tunnel. It can be used as a standalone protocol or implemented as a VPN protocol by a VPN service provider.
For VPNs, the WireGuard protocol aims to replace IKEv2/IPSec and OpenVPN as a more efficient solution. It operates in under 4,000 lines of code compared to OpenVPN’s 100,000.
Note: It’s commonly stated that OpenVPN has 400,000 lines of code. OpenVPN denies this, claiming to total around 70,000 lines of code. I asked one of our nerds, and they pulled up the GitHub repository – depending on how you want to count the lines of code, it’s between 70,000 and 100,000.
Pros and cons
Pros | Cons |
|---|---|
It’s light: 4000 lines of code (vs. OpenVPN’s 100,000) makes it easy to test and work with, including covering up any weaknesses it has. | It doesn't obfuscate natively: Not a real issue for VPN providers since we set up this capability ourselves. |
It has a smaller attack surface: Fewer lines of code - fewer places for security vulnerabilities to hide. | It doesn’t offer a dynamic IP: Refer to #1 for why it’s not a problem for Surfshark. |
It’s fast: WireGuard uses predefined configurations and fewer resources when receiving data. In theory, this should allow it to perform faster than other protocols. | It’s still young: The more tested a piece of software is, the safer it can be, and WireGuard hasn’t been around as long as other encryption protocols like OpenVPN. |
How does the WireGuard protocol work?
The WireGuard VPN protocol is different from other VPN protocols due to its approach to security. It doesn’t establish security configurations between your client and the server – they already come predefined.
That’s why the WireGuard connection is connectionless. This makes it faster because you don’t need to connect or reconnect to the server.
All you need to have is your and the server’s keys. The key exchange in the WireGuard protocol is based on NoiseIK – a single round-trip key exchange. After that, the process is a breeze.
None of that really matters to you, the everyday user. The protocols do that automatically under the hood, you just choose the server you want, and the app handles the rest.
WireGuard and manual configuration
Since the WireGuard protocol is still new to the world of VPNs, you won’t have access to it with every VPN provider. It’s even less likely you’ll be able to set it up manually. However, some providers have already taken care of both. With Surfshark, you can use WireGuard in the app and with manual configuration.
Although using WireGuard via the app is much easier, the ability to manually set it up is great news for anyone who:
- Is in a country where VPN usage is restricted;
- Wants to use their VPN via their router;
- Has devices not compatible with our app that would benefit from encryption;
- Wishes to protect many devices without experiencing drops in speed.
Is WireGuard better than OpenVPN and IKEv2?
WireGuard is built to be more efficient than OpenVPN and IKEv2. But that doesn’t necessarily mean it will perform better than other VPN protocols.
People love to compare VPN protocols. For this reason, people often put up WireGuard against OpenVPN and IKEv2.
WireGuard vs. OpenVPN
WireGuard | OpenVPN | |
|---|---|---|
Speed | Faster | Slower |
Reliability | Great, but not as reliable on unstable networks | Good, better on unstable networks |
Open-source | Yes | Yes |
Accessibility | Offered by fewer VPN providers | Offered by most VPN providers |
Battery usage | Uses less battery | Uses more battery |
WireGuard vs. IKEv2
WireGuard | IKEv2 | |
|---|---|---|
Speed | Faster | Slower, but not by much |
Reliability | Better reliability on unstable networks | Not as reliable |
Open-source | Yes | No |
Accessibility | Offered by fewer VPN providers | Offered by more VPN providers |
Battery usage | Doesn’t use a lot of battery | Great at conserving battery, better than WireGuard in most cases |
However, as convenient as the tables above are, protocol comparisons aren’t extremely accurate. See, the performance of VPN protocols depends on too many factors:
- How fast your internet connection is;
- How loaded the VPN servers are;
- How compatible your device is with the VPN software;
- How close you are to the VPN server.
In theory, yes – the WireGuard protocol does certain things better than OpenVPN and IKEv2. Does it mean it will work better for you? There is no solid answer here. Try each protocol and use the one that gives you the smoothest experience.
Problems with WireGuard VPN: is it safe?
During WireGuard’s initial hype phase, many people voiced concerns about the protocol. They are mostly unfounded. However, let’s address these problems that people have expressed.
These mainly included WireGuard’s default configuration to:
- Store connected IP (Internet Protocol) addresses;
- Not obfuscate the user’s connection;
- Not assign dynamic IP addresses.
These issues, however, are not relevant to VPN service providers. Why? Because we take protocols and configure them ourselves.
At Surfshark, for example, we do not store your connected IP address. At the same time, we assign dynamic IP addresses to all our users and obfuscate their connection as a layer on top.
So whatever issues WireGuard has as a VPN protocol, as a VPN provider, we fix them on our end.
What platforms can you use WireGuard on?
As a standalone, WireGuard is available on many different platforms. As a VPN protocol, it depends on what devices your provider configures it on.
The Surfshark VPN app currently supports WireGuard on these operating systems: Windows, Android, macOS, iOS, and Linux.
Try out Wireguard at your own speed
Overall, WireGuard is great – it’s fast, lightweight, secure, and easy to scale. And it only gets better as a VPN protocol.
If you want to experience it in action – try Surfshark. Our service runs amazing with WireGuard!
“WireGuard” is a registered trademark of Jason A. Donenfeld
FAQ
Can WireGuard be hacked?
Not really. In theory, anything can be hacked if you try long and hard enough. However, in the current state, a hacker would need to spend hundreds of years trying to crack WireGuard to get anywhere.
Is WireGuard a good VPN protocol?
Yes, it’s considered one of the best, if not the best.
What port does WireGuard use?
The default port for WireGuard is 51820.
Does Surfshark work with WireGuard?
Yes! Surfshark has implemented WireGuard on all apps.
