WireGuard VPN: What is it and should you use it?

Novelty is rare in the VPN world. And it is especially exciting when something new comes along and makes us reexamine our standards. 

Recently, that something was WireGuard®. It’s not every day that a new VPN protocol comes around. But what does this mean for VPNs and you, the user? Let’s take a look.

    What is WireGuard?

    What is WireGuard?

    WireGuard is a secure network tunnel. It can be used as a standalone or implemented as a VPN protocol by a VPN service provider. 

    For VPNs, the WireGuard protocol aims to replace IKEv2/IPSec and OpenVPN as a more efficient solution. It operates in under 4,000 lines of code compared to OpenVPN’s 100,000.

    Note: It’s commonly stated that OpenVPN has 400,000 lines of code. OpenVPN denies this, claiming to total around 70,000 lines of code. I asked one of our nerds, he pulled up the GitHub repository, and, depending on how you want to count the lines of code, it’s between 70,000 and 100,000. 

    Pros and cons

    It’s light: 4000 lines of code (vs. OpenVPN’s 100,000) makes it easy to test and work with - which includes covering up any weaknesses it has.
    It doesn't obfuscate natively: Not a real issue for VPN providers, since we set up this capability by ourselves.
    It has a smaller attack surface: Fewer lines of code - fewer places for vulnerabilities to hide.
    It doesn’t offer a dynamic IP: Refer to #1 as for why it’s not a problem for Surfshark.
    It’s fast. WireGuard was designed to use predefined configurations and fewer resources when receiving data. In theory, this should allow it to perform faster than other protocols.
    It’s still young: The more tested a piece of software is, the safer it can be, and WireGuard hasn’t been around as long as, say, OpenVPN.

    How does WireGuard work?

    The WireGuard VPN protocol is different from other VPN protocols due to its approach to security. It doesn’t establish security configurations between your client and the server – they already come predefined.

    That’s why this connection is connectionless. This makes it faster because you don’t need to connect or reconnect to the server.

    All you need to have is your and the server’s keys. The key exchange in WireGuard is based on NoiseIK – a single round trip key exchange. After that, the process is a breeze.

    None of that really matters to you, the everyday user. The protocols do that automatically under the hood, you just choose the server you want and the app handles the rest. 

    Test the smoothness of WireGuard

    Get Surfshark

    Is WireGuard better than OpenVPN and IKEv2?

    Is WireGuard better than OpenVPN and IKEv2?

    WireGuard is built to be more efficient than OpenVPN and IKEv2. But that doesn’t necessarily mean it will perform better.

    People love to compare VPN protocols. For this reason, people often put up WireGuard against OpenVPN and IKEv2.

    However, protocol comparisons often fall into the apples and oranges problem. After all, their performance depends on too many factors:

    • How fast your internet connection is.
    • How loaded the VPN servers are.
    • How compatible your device is with the VPN software.
    • How close you are to the VPN server.

    In theory, yes – WireGuard does certain things better than OpenVPN and IKEv2. Does it mean it will work better for you? There is no solid answer here. Try each of the protocols out and use the one that gives you the smoothest experience.

    Problems with WireGuard: Is it safe?

    During WireGuard’s initial hype phase, many people voiced concerns about the protocol itself. They are mostly unfounded. However, let’s address these problems that people have expressed.

    These mostly included WireGuard’s default configuration to:

    • Store connected IP (Internet Protocol) addresses. 
    • Not obfuscate the user’s connection.
    • Not assign dynamic IP addresses.

    These issues, however, are not relevant for VPN service providers. Why? Because we take protocols and configure them ourselves.

    At Surfshark, for example, we do not store your connected IP address. At the same time, we assign dynamic IP addresses to all our users and obfuscate their connection as a layer on top.

    So whatever issues WireGuard has, as a VPN provider, we fix them on our end.

    What platforms can you use WireGuard on?

    As a standalone, WireGuard is available on many different platforms. As a VPN protocol, it depends on what devices your provider configures it on.

    The Surfshark VPN app currently supports WireGuard on Windows, Android, macOS, and iOS.

    Try out Wireguard at your own speed

    Overall, WireGuard is great – it’s fast, lightweight, secure, and easy to scale. And it only gets better as a VPN protocol!

    If you want to experience it in action – try Surfshark. Our service runs amazing with WireGuard!

    “WireGuard” is a registered trademark of Jason A. Donenfeld

    Experience great WireGuard implementation

    Get Surfshark