VPN services may soon be a lot faster, thanks to a promising protocol called WireGuard that is now being incorporated into the mainstream Linux kernel.
Linux isn't used much on the desktop, at least not obviously. But it's what underpins both Android and Chrome OS, and it powers most of the web's servers, including nearly all of Google's servers and those of many of the best VPN services.
And WireGuard is smaller, simpler and faster than either OpenVPN or IKEv2/IPsec, the prevalent VPN protocols used by commercial VPN services like ExpressVPN, NordVPN and Private Internet Access. Yet only a few services, including Mullvad, IVPN, NordVPN and StrongVPN offer WireGuard as an option yet.
Slow uptake, fast speeds
That's because the uptake of WireGuard has been slow among end users and service providers alike. Right now, WireGuard is most accessible to Linux desktop users, as it can be added to most major Linux distributions as an option. And that's the only way to use it on Mullvad or NordVPN.
IVPN offers WireGuard for its Windows, macOS, Android and iOS clients as well, but warns that WireGuard is "experimental" and only to be used "for testing purposes." StrongVPN offers WireGuard for all clients without any reservation.
PC Magazine's Max Eddy tried out NordVPN's WireGuard implementation using a laptop running Ubuntu Linux.
"At least in my testing, using WireGuard has no significant negative effect on speeds," unlike most VPN services, Eddy wrote. "It's almost like the VPN isn't there."
Late last month, Linux creator and reigning poohbah Linus Torvalds announced that WireGuard was being pulled into Linux kernel 5.6, which should start becoming available to Linux users sometime this spring. When that happens, the major consumer VPN service providers should be rolling it out in a matter of weeks.
Short and sweet
WireGuard, developed and maintained by a coder named Jason Donenfeld, contains about 4,000 lines of code, as opposed to OpenVPN and IKEv2/IPsec, which each take up well north of 100,000 lines of code. That makes WireGuard easier for experts to review the code for mistakes.
WireGuard also sticks to strong but simple ways of exchanging keys, transmitting data and verifying the data. OpenVPN offers a lot of options along those lines, but some may be weaker than others. (Neither OpenVPN nor IKEv2/IPsec are known to have any serious flaws.)
"Can I just once again state my love for it and hope it gets merged soon?" Torvalds said of WireGuard back in 2018. "Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art."