What is WireGuard?

Features
By Contributions from published

One of the many VPN protocols out there, is WireGuard right for you?

The logo for the WireGuard VPN protocol shown on a laptop
(Image credit: Shutterstock)
Jump to:

VPN protocols define how your data is transmitted when using a VPN. In the last few years, WireGuard has been adopted by almost every one of the best VPN services, superseding older protocols like OpenVPN and IKEv2.

However, there are pros and cons to using WireGuard. Here, we'll outline exactly what makes this protocol different from other options, and why you might want to consider using it or not.

What is WireGuard?

WireGuard began its life in just 2016. It was originally started by the security researcher Jason A. Donenfeld.

He wanted to streamline network tunnelling with a complete focus on simplicity, removing the complexities that are often found in the world of IT. He saw shortcomings in existing VPN protocols that he didn’t like.

Originally, Donenfeld was a vulnerability researcher. His job entirely revolved around finding vulnerabilities for companies, which eventually led him to his own doubt about the security of existing VPN protocols.

Because of this experience, his focus with WireGuard was to make a VPN protocol that was especially secure, without being confusing or complicated to use.

In its first version, WireGuard was specifically made for Linux. However, it has since been made more widely available with versions across Windows, Mac, Android and even iOS.

Benefits of WireGuard

WireGuard follows three main rules in its philosophy: it is simple, fast, and secure. This is seen in its code with under 5,000 lines in total. In comparison to other protocols such as OpenVPN or IKEv2, that is tiny.

By doing this, WireGuard has fewer bugs and security vulnerabilities. It also means there is less CPU usage and therefore faster connection times. This smaller amount of code is seen in newer VPN protocols like WireGuard or ExpressVPN’s Lightway.

A smaller amount of code also means it will be better suited for devices with less processing power, such as mobile phones or routers. This is why WireGuard is often seen with some of the fastest VPNs.

WireGuard forgoes the standard 256-bit AES encryption. That, on the face of it, sounds bad, but it is one of WireGuard’s strengths.

Instead, WireGuard uses more modern encryption protocols including Curve25519, ChaCha20, Poly1305 and BLAKE2. These cryptography systems make WireGuard more secure and efficient and a frequent feature on some of the most secure VPNs.

Unlike a VPN protocol such as OpenVPN, WireGuard can run inside the Linux kernel. This makes it more efficient, as Linux does not have to context switch (a method of moving between different tasks).

This aids performance, making WireGuard faster and able to transmit more data overall.

Drawbacks of WireGuard

As mentioned above, simplicity, speed and security are WireGuard's specialities. This does mean it has some drawbacks in other areas.

Most noticeably, WireGuard lacks some features its competitors have, such as the ability to allocate dynamic IP addresses. These are IP addresses that aren’t static but will change over time.

WireGuard also doesn’t automatically delete your IP address when you disconnect from the server, and there is no forward secrecy. This is a system that encrypts VPN data using a new private key every session.

Clearly, this is an issue if privacy is your primary concern, and every quality consumer VPN service has patched WireGuard to ensure that your real IP address is never stored. However, this still poses a risk if you plan on using WireGuard to set up your own VPN without signing up to a ready-made provider.

Another feature WireGuard doesn’t have is the ability to obfuscate your traffic, so it can be vulnerable to Deep Packet inspection. While this isn’t found in all VPN protocols, it is becoming more common.

A final consideration of WireGuard is that it only supports UDP. Most VPN providers offer both TCP and UDP. That’s a lot of acronyms but what it crucially means is more efficient data transfers but it can cause transmission and reception issues.

WireGuard, like a lot of other VPN protocols, is very open about its problems. It has a full page addressing them on its website.

Bottom line

One of WireGuard’s biggest weaknesses is its lack of some key features found in other VPNs. However, that by no means makes it less secure than other VPN protocols.

In fact, some of the best VPNs have come up with their own app and server-based solutions using WireGuard.

NordVPN, one of the most popular VPNs around, has their own Nordlynx protocol. This gets around WireGuard revealing a home IP address to the VPN server. Additionally, NordVPN can assign fresh "dynamic" IP addresses to users each time they connect to the service.

While WireGuard is lacking in some areas, it makes up for it with speed, security and its ease of use.

Alex Hughes
Alex Hughes
AI Editor

Alex is the AI editor at TomsGuide. Dialed into all things artificial intelligence in the world right now, he knows the best chatbots, the weirdest AI image generators, and the ins and outs of one of tech’s biggest topics.

Before joining the Tom’s Guide team, Alex worked for the brands TechRadar and BBC Science Focus.

In his time as a journalist, he has covered the latest in AI and robotics, broadband deals, the potential for alien life, the science of being slapped, and just about everything in between.

Alex aims to make the complicated uncomplicated, cutting out the complexities to focus on what is exciting.

When he’s not trying to wrap his head around the latest AI whitepaper, Alex pretends to be a capable runner, cook, and climber.

With contributions from

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.