What is WireGuard? VPN advantages it offers

Anton P. | August 3, 2021

WireGuard is a neat VPN solution that burst into the spotlight sometime in 2018. The software puts forward an intriguing proposal no one can refuse. A VPN that shatters supposed boundaries and excels in speed and protection? Most users would gladly embrace such a proffer. Nonetheless, WireGuard remains a mysterious force produced by the tech masterminds. By now, it has become a catchphrase in the VPN industry, a word clients frequently notice but struggle to understand. Thus, let’s figure out WireGuard and its sweeping influence on Virtual Private Networks.

What is WireGuard?

WireGuard is an open-source protocol or standalone software that performs the essential VPN functions. Thus, there are two contexts in which WireGuard makes its grand appearance:

  • VPN service providers deploy it in their products.
  • Netizens set the software manually and use it as a traditional VPN.

WireGuard has a firm hold over its position as the fastest and modern VPN protocol available. Compared to its competitors, its advantage is its age: a young free-thinker that does more in fewer lines of code. WireGuard contains only 4,000 lines of code, while behemoths like OpenVPN have more than 70,000.

Undoubtedly, protocols like OpenVPN are veterans in the ever-changing VPN industry. However, some experts regard their architecture as outdated or less innovative. Their complexity, for instance, makes them challenging to audit. Thus, auditors could overlook more security shortcomings or severe vulnerabilities.

On the other hand, WireGuard is a compact solution showcasing incredible simplicity behind its robust functions. Hence, this light protocol surprises its users with faster throughput speed and lower ping times (among other things).

How WireGuard came to be

Brilliance is not born in a vacuum. Typically, geniuses-to-be see a problem they wish to solve. The creator of WireGuard is security researcher Jason A. Donenfeld. With its background in penetration testing, Donenfeld knew which buttons to push to make various networks crumble. However, his line of work includes coming up with robust security solutions to combat real-life attacks.

Initially, WireGuard was born as a tool to transfer data from computers securely. However, this invention took off when Donenfeld moved to France and, like many of us, feared for his data security. He reshaped the initial project to route his traffic through his parents’ computer in the US. And the rest is history.

According to Donenfeld, one of the greatest lessons he learned came from other VPN solutions. Thus, he analyzed real-life options available to figure out, essentially, what works and what does not.

As stated by Donenfeld, keeping too many options and features complicates things. For instance, WireGuard is not necessarily flexible, and it won’t change its internal operations at one’s command. And complexity is frequently the cause of vulnerabilities and bugs.

How does WireGuard work?

WireGuard is responsible for creating the foundation for a VPN to function: the VPN tunnel. It is, essentially, the encrypted connection between your device and the internet.

WireGuard uses modern cryptography to forward traffic through the tunnel. And, as mentioned before, the protocol does not accept negotiation. Thus, the cryptographic choices cannot change, and users must live with them. You can take a look at some of the encryption tactics WireGuard employs:

  • It uses ChaCha20 for symmetric encryption.
  • Poly1305 for authenticating messages.
  • Curve25519 for elliptic-curve Diffie-Hellman (ECDH) key agreement.
  • BLAKE2 for hashing.
  • 1.5 Round-Trip Time (1.5-RTT) handshake.

When it comes to its procedures, WireGuard performs something called Cryptokey Routing. It mirrors the implementation of SSH, which might be a process you are familiar with already. Thus, WireGuard relies on pairs of public keys exchanged between parties sharing packets through the interface.

By default, the protocol encapsulates IP packets over UDP, which is not something users can modify. Once again, the lack of flexibility differs from other protocols. For instance, OpenVPN supports both TCP and UDP protocols. However, WireGuard chooses UDP in the name of speed.

Main benefits of turning to WireGuard

Here is the rundown of WireGuard benefits:

  • Easier auditing and vulnerability detection. Imagine thoroughly analyzing 600,000 lines of code. Then, picture the same inspection of 4,000 lines. For the first scenario, there is a lot of ground to cover. Additionally, the attack surface is much larger. WireGuard minimizes the room for error. With such a small codebase, experts can quickly examine and test the protocol for bugs and flaws.
  • WireGuard wins the race in terms of speed. The protocol is not only lightweight. To make things better, its configurations and processes make it more fast-moving. Thus, WireGuard outperforms its competitors in this department.
  • Equally as secure. The security of WireGuard is a topic many researchers debate passionately. However, when it comes to vulnerabilities or bugs, WireGuard is probably the most trusted. Due to its simplicity, flaws should never overstay their welcome.
  • Easier to deploy and use. Using WireGuard is as difficult as scanning a QR code (on mobile devices). Additionally, integrating it into various VPN solutions is also relatively efficient, and developers can experiment with it however they like. Users themselves can set up VPN servers to support WireGuard. Although it requires some technical expertise, it is not as laborious as with other protocols.

Security concerns surrounding WireGuard

Despite its performance perks, some consider WireGuard less secure. During its early stages, many frowned upon the possibility of WireGuard storing IP addresses on a server. Other concerns include the following:

  • The fact that it does not assign IP addresses dynamically paints a rather bleak picture.
  • Others felt uncomfortable with WireGuard using ChaCha20 instead of the industry-leading AES-256.
  • WireGuard uses UDP, which might be less successful in fighting censorship. Thus, many experts notice that WireGuard-powered VPNs could struggle to bypass internet firewalls.

For a long time, the creator of WireGuard emphasized that this protocol is still experimental. Thus, its use and deployment were not exactly foolproof. In February 2021, a stable release entered the market. As a result, we hope to see great things in the future development of WireGuard.

Does Atlas VPN use WireGuard?

Atlas VPN always pays attention to innovative projects in the VPN industry. For the most part, we need to weigh the pros and cons of integrating new features or protocols into our tool. Additionally, we must judge whether a specific technology can offer something extraordinary to our user community.

WireGuard is something that we could not ignore. Its brilliance in boosting performance is undeniable. Thus, we have been working on our WireGuard project for quite some time. However, perfecting a new feature takes time, and we wish to address and resolve all concerns surrounding WireGuard.

Keep an eye out for news in our blog about this project and more details on how it will boost our users’ experience!

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.

Tags:

openvpnpenetration testingtcpudp

© 2021 Atlas VPN. All rights reserved.