A VPN routes your Internet traffic through a remote server, encrypting your data and hiding your IP address. If you value your security and privacy when accessing the web, a VPN, or Virtual Private Network is pretty much a must-have tool.
Most users access VPN technology by signing up to a dedicated service account (e.g. NordVPN, AirVPN and iVPN). With these, you can usually log in and secure a whole stack of devices (e.g. PC, phone and tablet) for a monthly fee.
These services take a ‘VPN made easy’ approach. Crucially, you do not have to give much thought to the protocol used to create your VPN tunnel – as this is usually selected automatically, depending on your preferences and the device you are using.
That said, a new open source VPN protocol has been attracting a lot of attention. Simple to set up and promising speedy, stable performance, WireGuard has been dubbed “the future of VPN protocols”.
Here’s a closer look at VPN technology – and at what makes WireGuard special.
Add a header to begin generating the table of contents
How does a VPN work? VPN essentials
- When you use a VPN to connect to the internet, the VPN acts like a tunnel by surrounding your internet data.
- The VPN software encrypts your data packets, even before your Internet Service Provider sees it.
- The data is then routed to a VPN server – and from there to your online destination. So far as the online destination is concerned, the data it has just received came from the VPN – not from you.
Who needs a VPN?
The technology started life as a business IT security tool, enabling private remote network access for roaming users – and providing a way of securely connecting multiple office sites.
These days, VPN providers are keen to pivot their offerings towards non-pro users. Its benefits fall into three categories:
- Privacy. From white-hat hackers through to political activists, many people have solid reasons for keeping their browsing activities away from prying eyes. Your actual IP address is substituted by an address from the VPN, stopping government censors (and ISP providers) from checking where you have visited. VPNs can also work as a de facto ad blocker – preventing advertisers from tracking you.
- Security. Encryption helps ensure that your data is shielded from hackers if you are browsing on ‘coffee shop Wi-Fi’ and other unsecured networks.
- Geographic restrictions. Looking for hassle-free Netflix viewing on holiday? The major VPN service providers generally give you the option to choose your server location - effectively giving the impression that you’re in a particular country. It’s useful if you want to try and ‘game’ the regional filters that the big streaming services have in place.
VPN servers and protocols explained…
Service providers will generally offer you the ability to ‘tweak’ your tunnel, depending on your specific priorities.
So for instance, if you are super-cautious about the security of your data, you could opt for a double-server VPN setup. Here, your data is routed through two different VPN servers, giving you double encryption.
Let’s say you live in a country with tough censorship in place. As well as having a block on particular types of content and traffic to and from certain destinations, it’s likely that your government will also be on the lookout for attempts to get around these restrictions. If a packet is obviously encrypted, it’s going to attract attention. If you opt for an obfuscated server, encrypted traffic is obscured to look like regular, un-encrypted traffic (nothing to see here!).
OpenVPN is the most popular protocol used by VPN service providers (although, often, this is supplemented by the use of other prominent protocols such as IKev2 & IPSec). As a well-established open-source protocol, OpenVPN is currently regarded in the industry as the most secure and reliable VPN building block.
Potential VPN problems
VPN software isn’t without its drawbacks. Connection speed is the big one: if you’re routing your traffic through one or more servers, then annoying buffering and slower page load times are only to be expected.
Also, even with a super-reliable VPN service, don’t be surprised if your connection cuts out more often compared when you are browsing without the VPN enabled. (Reputable providers equip you with a kill switch to disconnect you from the internet and shield your identity in the event of a server drop).
What makes WireGuard a potential game-changer?
It hasn’t even been officially launched yet, but WireGuard is already being touted as the one to watch in the world of VPNs. Developed by Jason Donenfield of Edge Security, this open-source protocol promises to be a leaner, more user-friendly alternative to the programs out there already.
Here are its headline features:
- It’s a smaller program. WIreGuard consists of around 4,000 lines of code (OpenVPN by contrast runs to 100,000 lines). A simpler code base means less scope for bugs and crashes. It also means better performance on data-heavy tasks (e.g. gaming and video streaming.
- It offers ‘next-gen’ encryption. The authors have avoided what they refer to as ‘outdated’ encryption protocols in favour of the latest and harder-to-crack options (e.g. ChaCha20 for symmetric encryption and Curve25519 for ECDH).
- A better user experience. WireGuard promises faster speeds, less drain on battery life on phones and tablets. It currently supports Linux, Mac OS, iOS and Android (Windows support is still in development).
- Easier to work with. Let’s say you want to avoid an SaaS vendor and build your own VPN solution. It takes a lot of know-how to do this with big complex programs like OpenVPN and IPSec. A simpler architecture means that with WireGuard, there’s greater potential for taking a DIY approach.
So should I start using WireGuard?
“WireGuard is not yet complete. You should not rely on this code”. That’s currently the official line from its creators.
The major VPN service provider, NordVPN has already stated that it is looking to embed WireGuard into its offerings in the near future. At present though, this protocol is one to watch. Don’t start relying on it just yet!
If you wish to understand how to select a good VPN provider based on your threat model see The Complete Cyber Security Course - Volume 3. Here I have a whole section on understanding VPNs for security, privacy and anonymity.
Level Up in Cyber Security: Join Our Membership Today!
Hi Nathan,
Please also note that a VPN increases your data usage through your ISP. I found this out the hard way.
Any word from WireGuard about how much they will tack on to traffic?
I am not aware of the overhead but It will be much the same I imagine.
The only thing I’m curious about is what will their rates be compared to other VPN’s. Nord right now still has the lead with $2.99 a month.
Wireguard is not a VPN provider it is a VPN protocol like OpenVPN. Different VPN providers will charge different fees. Or you can set your own Wireguard VPN server up.
hey nathan love your videos learned alot bought them off you done 1/2/3 on to /4 next the fact is am just a hobbist but n just use the internet for education learning code n you have great v knowledge cant wait for next course cheeers mate question is protonmail mail safe from what learned is nothing is there ways to be carefull but nothings unbreakable mate cheers
Thank you. Well as you are on Volume 4 of the Complete Cyber Security Course go to the section on email security where we discuss choosing an email provider. Botton line is email wasn’t designed to be secure and if depends on your threat model.
Hola Nathan los cursos lo puedo tomar en español ?
The courses are in English. You will need to understand English to learn cyber security as most of the tools are in English.
Los cursos son en ingles. Necesitará entender el inglés para aprender sobre seguridad cibernética, ya que la mayoría de las herramientas están en inglés.
WireGuard is a secure open-source VPN and I have read the news that Linux Kernel 5.6 is going to include WireGuard, any thoughts?
I built a DIY Wireguard in AWS. https://github.com/tripleonard/wireguard-cloudformation