Ever-evolving online threats are the primary catalyst for any cybersecurity company never to stop innovating. Only by keeping a watchful eye on the threat landscape and developing countermeasures is it possible to remain secure. For this reason, we’re proud to announce the newest addition to NordLayer’s applications — the NordLynx tunneling protocol.
What is NordLynx?
NordLynx is a communication protocol that implements encryption for data exchanges between a user’s device and the server it’s connected to. Encryption locks the data up while it’s in transit, which remains inaccessible to everyone who doesn’t have the private key. Even with a powerful computer, it would take a billion years to guess all the possible combinations to crack it.
The protocol has its roots in the open-source WireGuard protocol — NordLynx was developed on top of its framework. Therefore, NordLynx has some differences from the standard WireGuard protocol bringing additional benefits exclusive to NordVPN and NordLayer users.
How does NordLynx work?
One of the main appeals of NordLynx is that it uses an extremely lean codebase. For comparison, it uses only 4000 lines of code, while OpenVPN relies on 100,000. Since its scope is 25 times smaller, it’s much easier to troubleshoot and patch potential security holes. Under NordLynx is much easier to ensure each user’s security.
Performance-wise, the benefits are also just as impressive. While it’s true that connecting through a private gateway extends your route to your intended destination, NordLynx limits the delay to a minimum. Based on our internal tests, it’s much faster than any current tunneling protocols blurring the line between the direct and routed connection. It won’t act as a bottleneck that incentivizes users to turn it off to gain better performance.
How can NordLynx benefit your organization?
Blazing-fast connection speeds
Consistent performance
Easier deployment and maintenance
More advanced encryption keys exchange
Works in conditions when OpenVPN and IKEv2 could be restricted
The main difference between NordLynx and WireGuard is that it uses a double NAT (Network Access Translation) system technology. It creates two separate network interfaces for each user. The first interface assigns a local IP address to all users connected to a server. This differs from the standard WireGuard client, in which each user gets a different IP address.
The second interface becomes active after the VPN tunnel is established. What it does is assigns each tunnel a unique IP address — also called a dynamic NAT system. This method ensures that data packets can be exchanged in a more isolated environment.
This setup also secures connections without storing identifiable data on the servers. The assigned dynamic IP addresses stay active only as long as the session lasts. User authentication is processed externally from the connection data, so there are no ties to it.
NordLynx will be a default option, but users are free to select other tunneling protocols manually. This release is important in bringing the fastest tunneling protocol on the planet to our business customers.
