WireGuard has certainly made the VPN industry stand up and take notice of late. This high-speed, secure, and space-saving open source protocol uses advanced cryptography and offers fierce competition to IPsec and OpenVPN. From a user perspective, what benefits can they expect from WireGuard and what are the myths surrounding its use that have been promoted in the media and elsewhere? About the Author Tomislav Čohar is the founder of hide.me VPN. The use of the latest and most efficient cryptographic techniques means that WireGuard is an extremely fast protocol that doesn't sacrifice security. WireGuard runs from the Linux kernel, which means it can process data faster, eliminating much of the latency associated with other VPN protocols. With security in mind, WireGuard is much newer than OpenVPN, which means it was designed from the ground up to support more modern encryption methods and hash functions like ChaCha20, BLAKE2, SipHash24, HKDF, and Curve25519. WireGuard also offers a smaller footprint: unlike OpenVPN and IPsec, it was designed to be as lightweight as possible and can be implemented with just a few thousand lines of code. This has the added benefit of creating a smaller attack surface, making code auditing a much simpler and more efficient process. And it also has built-in roaming capabilities that allow users to seamlessly switch from something like Wi-Fi to 4G LTE when connected. WireGuard uses your network more efficiently than other protocols. The overhead represents only 32 bytes, while other protocols use much more space for their signaling. This means more space for your data, and in turn, higher performance.
Debunking myths
Considering all these benefits, recent media coverage and certain claims have certainly come as a surprise. Let's take a look at some of the myths that have been around for the past few weeks and months so that you can better understand exactly what WireGuard has to offer.
Myth 1: WireGuard is an update that will dramatically increase internet speeds. Are the other protocols much slower?
Some are, but it largely depends on the circumstances and is not really crypto-related. What is the purpose of fast cryptography if it is connected through a telephone modem? Also, if you're a provider that supports much faster protocols (like SoftEther on Windows or IKEv2 on anything else), WireGuard won't make dramatic speed promises.
Myth 2: WireGuard requires every device on the network to obtain a fixed or fixed IP address
In fact, WireGuard doesn't ask for anything. It behaves like any other protocol - it works like a versatile cryptographic piece of a larger puzzle called a VPN tunnel. It really is more about how you handle it. Using a simple or rigid configuration means static IP addresses on the servers. But it can be managed dynamically. Adding IP addresses when necessary and removing them as soon as the VPN session ends means that WireGuard can behave like any other VPN protocol.
Myth 3: WireGuard dramatically changes the way servers can communicate with each other
No, it is not, it is the same ball game. Like the other protocols. It really is not that simple.
Not entirely true: IPSec is much faster on all platforms! IPSec is much faster because it also runs in the kernel, but it is much more optimized for Intel processors. The point is that running in the kernel is a major speedup, but WireGuard isn't the only protocol that works this way. PPTP / L2TP as well. The OpenVPN developers plan to release a kernel module for Linux soon. Running entirely in user space, SoftEther outperforms WireGuard when performance is the primary concern.
Myth 5: WireGuard adheres to robust but simple ways to exchange and verify data
In fact, it only supports one key exchange method. Only one AEAD is supported. Other VPN protocols support a large number of cryptographic systems, but they tend to be installed on AES. AES is not faulty, no exploit found yet. Also, AES encryption (Rijndael is the true name of the encryption) is cryptographically stronger than ChaCha20, which is used by WireGuard. However, it is expensive to calculate compared to ChaCha20. ChaCha20 is a compromise, the best value for money. One could argue that Poly1305 MAC is stronger than GCM, but again we got to the point where AES-GCM is hardware compatible.
Moving forward with WireGuard
WireGuard is certainly an interesting VPN protocol with the ability to change the game for the VPN industry. Compared to some existing VPN protocols, WireGuard can offer faster speeds and greater reliability with new and improved encryption standards. As it grows in popularity and demand increases, it is inevitable that more VPN services will include WireGuard in their frameworks.