What is WireGuard? - Proton VPN Blog (2024)

Table of Contents
Secure Private Fast Efficient Instant VPN connection Open source and audited WireGuard TCP and Stealth WireGuard vs. OpenVPN Frequently asked questions FAQs References

WireGuard® is a new VPN protocol used to secure the connection between your device and a VPN server.

Learn more about how VPNs work

WireGuard uses state-of-the-art cryptography to keep your connection secure and is extremely lightweight. This makes it faster than traditional VPN protocols such as OpenVPN and IKEv2, especially on lower-end hardware.

Originally developed for Linux, WireGuard was officially integrated into the Linux kernel (versions 5.6+) in March 2020, marking it as a secure, stable, and fast VPN protocol suitable for daily use. The main benefits of WireGuard are:

  • Fast
  • Instant connection
  • Lightweight

Proton VPN now supports WireGuard on the following platforms:

  • Windows
  • macOS
  • Android
  • iOS/iPadOS

Learn how to change VPN protocols or select Smart Protocol

It is also possible to manually configure WireGuard for Proton VPN using third-party software (such as the official WireGuard client).

Secure

Although relatively new, WireGuard uses proven state-of-the-art cryptographic primitives to secure your VPN connection.

Private

Proton VPN’s implementation of the protocol uses double NAT to dynamically provision sessions. This means when your app connects to one of our VPN servers via WireGuard, the first NAT will rewrite the 10.2.0.2 IP address to a random but unique internal IP address that is assigned to your session.

From this point on, WireGuard works like any other VPN: The second NAT rewrites your session IP address again to the VPN server’s public IP address before it connects to your desired website.

See Also
How to Build Your Own Wireguard VPN in Five MinutesBest VPNs with Wireguard in 2024 with Super Fast SpeedsWhich VPNs Use WireGuard? (as of February 2024)5 Best VPNs With WireGuard Support — Updated in 2024

What is WireGuard? - Proton VPN Blog (1)

This ensures the same level of privacy when using WireGuard as when using OpenVPN or IKEv2. We do not store your IP address and our strict no-logs policy, which independent security experts have verified, fully applies.

Learn more about how Proton VPN protects your privacy with WireGuard

Fast

Unlike the AES encryption usually used by OpenVPN, which often has hardware support built into processors, WireGuard currently enjoys no hardware support. Despite this, WireGuard’s performance is comparable to hardware-accelerated AES (AES-NI) thanks to its greatly improved efficiency.

As with all VPN protocols supported by Proton VPN, WireGuard fully benefits from our unique VPN Accelerator technology that can dramatically improve connection speeds over long distances or when there is high packet loss.

Efficient

Low CPU usage translates into better battery life for users running our apps on mobile devices and laptops.

Instant VPN connection

On Android and iOS devices, WireGuard takes less than one second to establish a VPN connection.

Open source and audited

WireGuard is open-source software that anyone can inspect to ensure it’s secure. Indeed, the fact it consists of under 4,000 lines of code (compared to over 300,000 for OpenVPN) makes it very easy to audit.

WireGuard has undergone various formal verifications, and to be incorporated in the Linux kernel, the WireGuard Linux codebase was independently audited by a third party.

Unlike some of our competition, our open-source implementation of WireGuard is 100% compatible with the official version.

WireGuard TCP and Stealth

WireGuard usually runs over a specific UDP port only, which makes it easy for governments to block. UDP and TCP are the two main transmission protocols that handle how data is sent across the internet. UDP is faster, while TCP is more reliable, but the main advantage of TCP over UDP is that it can evade government censorship by running over TCP port 443, which is the port used by HTTPS.

Learn more about the difference between UDP and TCP

However, we developed custom implementations of WireGuard that overcome this limitation. WireGuard TCP offers similar anti-censorship benefits to OpenVPN TCP — it allows WireGuard to run over the same port as HTTPS, making it difficult to simply block without also blocking most websites.

Deep packet inspection techniques, though, can easily spot the difference between HTTPS and VPN packets.

Stealth is our custom WireGuard-based VPN protocol that uses several technologies to make it much harder to detect and block, including running over an obfuscated TLS tunnel over TCP.

Learn more about Stealth

WireGuard vs. OpenVPN

OpenVPN is the battle-tested veteran of VPN protocols, and while still secure, it’s beginning to show its age. WireGuard offers similar security while being much faster, more lightweight, and more efficient than OpenVPN.

OpenVPN still offers strong anti-censorship capabilities thanks to its ability to run over TCP. However, as we mentioned earlier, we have not only applied this same flexibility to our implementation of WireGuard, we’ve greatly improved upon it with our custom Stealth protocol.

Learn more about OpenVPN

Please note that “WireGuard” and the WireGuard logo are registered trademarks of Jason A. Donenfeld.

Frequently asked questions

Does WireGuard support cost extra?

No. WireGuard is available for free to all members of the Proton VPN community in our Windows, macOS, Android, and iOS/iPadOS apps.

Are all features available with WireGuard?

Yes. WireGuard is fully integrated into our apps and can be used with all features supported by them. This includes Secure Core, NetShield Ad-blocker, DNS leak protection, IPv6 leak protection, kill switch, permanent kill switch (Windows), alternative routing, and VPN Accelerator.

How do I use WireGuard?

WireGuard support is also fully integrated into our Smart Protocol feature, which automatically switches your VPN connection to the best VPN protocol for your situation. Smart Protocol is enabled by default, so you don’t need to do anything to automatically use the best protocol (including WireGuard) for your needs.

You can also manually select WireGuard if you prefer.

Learn how to change VPN protocols or select Smart Protocol

What Proton VPN platforms is WireGaud available on?

WireGuard UDP, WireGuard TCP, and WireGuard Stealth is available in the following Proton VPN apps:

  • Windows
  • macOS
  • Android
  • Android TV (via Smart Protocol)
  • iOs and iPadOS
  • Chrome OS
What is WireGuard? - Proton VPN Blog (2024)

FAQs

What is the WireGuard in Proton VPN? ›

WireGuard is a secure, fast, and reliable VPN protocol

WireGuard is a modern VPN protocol that has revolutionized the VPN space with its extremely lightweight and open-source code. Because WireGuard is so lightweight, it offers improved performance over other VPN protocols.

Keep Reading
Is Proton VPN good enough? ›

Yes, Proton VPN is a safe VPN to use.

With a range of secure tunneling protocols and market-leading encryption, you can be sure your data is fully protected. While it doesn't offer RAM servers, the provider provides such security measures as a kill switch, two-factor authentication, and an Always-on VPN feature.

Continue Reading
Can WireGuard be trusted? ›

WireGuard is considered by many to be one of the safest, most secure VPN protocol options available today. Simplified design using less code equals fewer bugs and security vulnerabilities, while WireGuard's faster state-of-the-art cryptography employs superior default security settings.

View More
What is the difference between WireGuard and VPN? ›

The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also what make up their defining features.

Discover More
What does WireGuard VPN do? ›

WireGuard is an open-source communication protocol for setting up secure Virtual Private Networks (VPNs). Using advanced cryptographic primitives to secure exchanged data, it seals it within an encrypted tunnel.

Read More
Why do people use Proton VPN? ›

Proton VPN doesn't just protect your browsing traffic, we also protect your DNS queries. By routing your DNS queries through the encrypted tunnel and not relying on third-party DNS providers, we ensure that your browsing activity cannot be exposed by leaks from DNS queries.

See More
What are the disadvantages of Proton VPN? ›

It provides a secure and reliable connection, advanced encryption protocols, a wide range of servers, a no-logs policy, and a user-friendly interface. However, it can be a bit slower, the free version has limited servers, no ad-blocker feature, a cluttered interface, and the relatively high cost of the paid version.

Keep Reading
Should I keep Proton VPN on all the time? ›

To protect your privacy all the time, we recommend using a VPN whenever you connect to the internet. The Proton VPN kill switch and always-on VPN features help ensure your browsing traffic is always protected.

Keep Reading
Can you trust Proton VPN? ›

Proton VPN employs high-strength VPN protocols with no known vulnerabilities to protect your data, such as OpenVPN, IKEv2, and WireGuard. With Proton VPN, you can expect fast, secure, and censorship-resistant VPN connections.

Learn More
Why not to use WireGuard? ›

It is extensible that new cryptographic primitives can be added. WireGuard does not have that. That means WireGuard will break at some point, because one of the cryptographic primitives will weaken or entirely break at some point.

View More

Can WireGuard be hacked? ›

Protocols such as OpenVPN, WireGuard, or IKEv2 have no known vulnerabilities and are considered secure.

Show Me More
What are the security flaws of WireGuard? ›

  • Known Limitations.
  • Deep Packet Inspection.
  • TCP Mode.
  • Hardware Crypto.
  • Roaming Mischief.
  • Identity Hiding Forward Secrecy.
  • Post-Quantum Secrecy.
  • Denial of Service.

Discover More Details
How much does WireGuard cost? ›

Since WireGuard and OpenVPN are free software, there is no expense associated with using them. Though there are some free solutions, you'll still need to pay for a VPN subscription. Since WireGuard and OpenVPN are free software, there is no expense associated with using them.

Read On
Does WireGuard hide IP? ›

As explained above WireGuard is a highly secure protocol, but it is not designed with privacy in mind. WireGuard's most serious privacy flaw is the way it assigns IP addresses. Instead of assigning a different IP address to the user, it gives the same IP address each time.

Show Me More
Can WireGuard be detected? ›

Can WireGuard be detected? Yes, WireGuard can be detected. It doesn't do VPN obfuscation, mostly because of the insistence on UDP transmission mode.

Discover More
Why do I have WireGuard? ›

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN.

Explore More
What is the difference between WireGuard and OpenVPN layer? ›

WireGuard is consistently faster than OpenVPN in our tests

WireGuard's performance advantage over OpenVPN is greater with nearby (low latency) servers in comparison to long-distance (high latency) server locations. To get the fastest VPN speeds, use WireGuard on the closest server to your physical location.

Read More
What is the difference between WireGuard and IKEv2? ›

In terms of speed, WireGuard and PPTP are the fastest, but OpenVPN, IKEv2, and L2TP offer decent speeds as well. WireGuard is fast because it's lightweight. The protocol can be implemented in very few lines of code, so there's much less going on in the background.

Find Out More
What is a WireGuard interface? ›

WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circ*mstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable.

Learn More Now

References

Top Articles
Homemade Kimchi (김치) - Oh My Food Recipes
Healthy Dark Chocolate Orange Truffles {Recipe Video!} | Amy's Healthy Baking
2021 Tesla Model 3 electric for sale - Scottsdale, AZ - craigslist
phoenix cars & trucks "210" - craigslist
Dallas City Council Agenda
Fat Mezz Band Website
Busted Mugshots Paducah Ky
Tlaxcala Mexico: Best Things to Do and Explore » Savoteur
Emuaid Lawsuit
4 Movierulz
ThermoFisher Guided Search
Thermo Scientific SureSTART Specification Certified Screw Vial and Cap Kits, Level 2 High-throughput Applications - Vials, Autosampler Vials, Inserts, and Closures
Latest Posts
Pudding Chomeur Recipe | Sweet Dumplings in Maple Cream
Best Sugar Cookie Recipe EVER
Article information

Author: Reed Wilderman

Last Updated:

Views: 6140

Rating: 4.1 / 5 (72 voted)

Reviews: 95% of readers found this page helpful

Author information

Name: Reed Wilderman

Birthday: 1992-06-14

Address: 998 Estell Village, Lake Oscarberg, SD 48713-6877

Phone: +21813267449721

Job: Technology Engineer

Hobby: Swimming, Do it yourself, Beekeeping, Lapidary, Cosplaying, Hiking, Graffiti

Introduction: My name is Reed Wilderman, I am a faithful, bright, lucky, adventurous, lively, rich, vast person who loves writing and wants to share my knowledge and understanding with you.