What is WireGuard VPN protocol?
To bring the security of your traffic to the next level, a VPN is a good choice. There are many options to choose from and one of the most promising ones when it comes to open source solutions is WireGuard. This secure tunneling was developed by Jason Donenfeld, the founder of Edge Security and it is a Layer 3 secure network tunnel for IPv4 and IPv6 that relies on conservative modern cryptographic protocols. WireGuard is based in UDP and it come with stealth technology that ensures that it can get through firewalls. Its authentication model is based on SSH’s aunthenticated_keys. WireGuard is smaller than popular VPN tunneling protocols like IPSec and OpenVPN, but thanks to its small size, it is easier to audit. Monitoring WireGuard’s security requires less investment of time, money and effort.
WireGuard works as a general purpose VPN that runs on embedded interfaces and while in its origins it was conceived as a solution for the Linux Kernel, it is now also available for MacOS, Android and Windows. WireGuard is also a fantastic VPN application thanks to its stealth features it doesn’t transmit packets unless there is real data to be transferred. WireGuard stands apart from other VPN protocols thanks to the fact that it won’t drain the battery as quickly as they do. The developer’s expertise in security is noticeable in WireGuard and innovative methods have been implemented to ensure that it offers advanced protection for your data. WireGuard is designed to be a reliable solution that offers modern technology.
The main concern of WireGuard’s developer is to offer a solution with simple code. In contrast to large size VPN protocols, WireGuard is less likely to be have bugs because it can be audited faster and in an easier way. WireGuard is safer than previous protocols and it has implemented well-established technologies such as Curve25519, Poly1305,BLAKE2,ChaCha20 and SipHash2-4. Although these can become outdated, they can be changed. Since it increases throughput considerably when compared to OpenVPN, it could be better for gaming, streaming and other tasks that require a lot of data resources.
What is in store for Linux?
At the moment, WireGuard is composed of three module for the Linux kernel. When you buy a Linux distribution, it is not preloaded like XFS or other drivers, so if you intend to use WireGuard, you need to keep track of the source and put it together by yourself. Alternatively, you can find a reliable source that has previously compiled it for your Linux kernel version. However, the developer’s intention is that Linux adds the code to the Kernel by default to make sure that all Linux distros include it. This would mean that a set of patches could be added to the Linux kernel to integrate the secure VPN tunneling like an officially supported network driver.
Would WireGuard be implemented in a commercial VPN client?
At the moment, it is not possible to say that WireGuard is fully secure, although there have been some tests carried on its cryptographic standard. WireGuard is not ready to be considered as a replacement of OpenVPN, which is still in the lead when it comes to the title of the most reliable and safe protocol. WireGuard’s developer has admitted that there is still some way to go before the code can be seen as completely trustworthy. Relevant tests need to be performed in order to audit its security and the protocol itself is likely to change. Additional work is needed to get to a stable release.
Furthermore, the fact that WireGuard doesn’t handle key exchange can be an issue for commercial VPNs, since they require their API to be able to share keys between multiple servers that are around the world, securely and effectively. Still, seeing WireGuard added to the Linux kernel project can be a great thing and it would push this new protocol forward. At the moment, WireGuard is only used by those who are looking for additional security when setting up their own VPN node. For commercial VPNs, WireGuard is not yet an option, but it is very possible that once it becomes more stable, we will see it implemented by many popular services.