Every VPN provider runs its service on one of the existing VPN protocols - a set of rules that determine how data travels from a device to a VPN server. In other words, a VPN protocol is a tunnel that lets users’ data travel encrypted and unattainable to third parties.
WireGuard is a modern VPN protocol designed to be fast, simple, secure, and lean. It runs on fewer code lines when compared to other protocols but is as secure and lightning-fast.
But WireGuard itself isn't perfect — that's where NordLynx comes in. More on that later.
How does WireGuard (NordLynx) work?
What is WireGuard (NordLynx) used for?
WireGuard is used for creating a secure, encrypted tunnel for data to travel safely. In essence, it is the technology that enables VPN services in the first place - a secure tunnel allowing the data to travel to its destination unseen and untouched by third parties.
There are various VPN protocols out there, and WireGuard is the newest of the widely adopted ones, the other two being OpenVPN and IKEv2. Currently, it is gaining popularity due to its simplicity, security, and speed.
WireGuard (NordLynx) technical characteristics
WireGuard runs on merely 4000 lines of code, compared to hundreds of thousands of lines that comprise other widely used protocols like OpenVPN and IKEv2. Fewer code lines mean it is exceptionally fast, has a smaller attack surface, and is auditable even by a single specialist.
When it comes to encryption, WireGuard uses a fixed collection of encryption algorithms, such as ChaCha20, Poly1305, Curve25519, BLAKE2s, SipHash24, HKDF, UDP, and Perfect Forward Secrecy (PFS).
Additionally, WireGuard, unlike other protocols, does not offer cryptographic agility. Meaning, cybersecurity specialists using WireGuard can't choose between a different key exchange, hashing algorithms, and encryption. Instead, the protocol uses thoroughly selected, trusted, modern, and peer-reviewed cryptographic primitives by default. This approach lessens the probability of these primitives being changed or misconfigured and requires less code.
To transmit the encrypted packets, WireGuard can use any port from the UDP protocol.
WireGuard (NordLynx) performance
What would be the use of all the lean code and advanced cryptography if it wouldn’t translate to higher speeds, right? With WireGuard, it does. In the majority of cases, WireGuard is considerably faster than other widely used VPN technologies.
Sure, the performance may vary depending on the VPN provider, device used, type of connection, and other factors. Still, various independent tests show WireGuard to be consistently faster than its counterparts in download and upload speeds, and latency.
WireGuard (NordLynx) security
Its lean code minimizes the attack surface, and the peer-reviewed, modern cryptographic primitives used for encryption make the protocol exceptionally secure.
Can it be hacked?
No, it can’t - there are no known major vulnerabilities in WireGuard. VPN users that opt to use WireGuard can rest assured their traveling data is well shielded and encrypted.
WireGuard VS other VPN protocols
WireGuard, being the new protocol on the scene, is a worthy challenger for both IKEv2 and OpenVPN, the two dominant protocols among VPN providers.
For VPN users, the main selling point of WireGuard is its speed - tests have shown it to have higher download and upload speeds. It also connects quicker.
But there’s more than meets the eye - WireGuard and other protocols differ in more than one way.
Let’s dive in to find out how exactly they compare.
WireGuard vs OpenVPN
For starters, WireGuard is a faster protocol. It is faster in more than one way - it offers greater speeds for downloads and uploads and is faster at establishing a connection.
Many variables can influence the speeds, so it isn't easy to estimate precisely how fast WireGuard is when compared to OpenVPN. However, some tests show it to be more than 50% faster.
The two protocols also differ in their encryption methods.
OpenVPN uses cryptographic algorithms from the OpenSSL library for encryption. OpenSSL offers a range of algorithms, enabling OpenVPN to use different ones depending on the situation. This method makes the protocol more flexible, but the code increases in complexity, which usually slows down performance and offers a bigger attack surface to exploit potentially.
On the other hand, WireGuard uses a fixed collection of encryption algorithms. Even though it makes WireGuard not as flexible when compared to its counterpart, it also makes its code less complex, which translates to faster speeds and a smaller attack surface.
While WireGuard runs on the UDP protocol to transfer data packets, OpenVPN can be configured to run on any port using both UDP and TCP.
WireGuard vs IKEv2
In most cases - just like with OpenVPN - WireGuard beats IKEv2 when it comes to speed.
In terms of cryptography, IKEv2 uses a large pool of algorithms, including but not limited to Camellia, AES, Blowfish, and 3DES.
Just like the other two protocols, it has no known major vulnerabilities.
Contrary to WireGuard, IKEv2 is not open source - it was developed by Cisco and Microsoft, even though open-source versions exist.
IKEv2 is used widely across the cybersecurity industry and is the go-to protocol for many VPN providers and users. One of the reasons behind it is that the most-used operating systems - Windows 7+, macOS 10.11+, and most mobile operating systems - have native support for IKEv2.
WireGuard - as well as OpenVPN - offers more flexibility when it comes to port selection. IKEv2 uses UDP 500, 50, and 4500. Because of this, IKEv2’s reliance on fixed ports and protocols can make it easier to block.
What makes NordLynx different?
NordLynx, first developed by our sister company — NordVPN, offers an improved connection, faster speeds, and better security measures than WireGuard alone.
To test the possibilities of NordLynx — more than 256,886 speed tests were performed. The result was unequivocal — NordLynx is the fastest VPN protocol at our disposal.
In ensuring customer privacy, the team has developed something called a "double NAT (Network Address Translation) system."
Put in layman's terms, the double NAT system creates two local network interfaces for each user.
The first interface assigns a local IP address to all users connected to a server. Unlike in the original WireGuard protocol, each user gets the same IP address.
Once a tunnel is established, the second network interface, with a dynamic NAT system, gets going. The system assigns a unique IP address for each tunnel. This way, internet packets can travel between the user and their desired destination without getting mixed up.
NordLynx for NordLayer is coming soon — watch this space!