Wireguard protocol for VPN is getting hotter by the day. If you are a beginner and do not know what Wireguard VPN is and how it compares to OpenVPN and other VPN protocols, then you have come to the right place.
VPN's! Everyone's favorite tool to watch Netflix/HBO/etc. while traveling overseas for a way to circumvent geo-blocks. [Read: VPN vs DNS: Which one should you choose and why?]
But you should know they can do a LOT more than that.
Table of Contents
- What is VPN?
- What is Wireguard?
- Wireguard Setup and Use Cases
- Is Wireguard secure?
- Is Wireguard free?
- Is Wireguard faster than OpenVPN?
- Can I setup Wireguard on Windows?
- Can I setup Wireguard on Docker?
- Can I setup Wireguard on Raspberry Pi?
- Can I setup Wireguard on Synology?
- Is Wireguard ready for Homelabs and Enthusiasts?
- Is Wireguard Enterprise-ready?
- Does Wireguard work with Kodi?
- Concluding Thoughts on Wireguard VPN
What is VPN?
VPN, or Virtual Network Computing, provides an encrypted tunnel between the VPN server and the client. All internet data is transmitted through this tunnel. And the client acts as if is part of the same network as the VPN server.
The encrypted connection makes the transmitted data secure from sniffing by ISPs or hackers. This is especially important if you are into downloading stuff using BitTorrent clients or Kodi streaming addons. [Read: Create a VPN kill switch with UFW – Protect yourself with a VPN kill switch]
There are several protocols to accomplish this.
Different protocols offer different levels of encryption and overheads, which affect the performance (connection speed, bandwidth, etc.).
Current Status of VPN
The truth is that VPN's have been used for decades and are not new by any means. They have traditionally been used by businesses to give remote offices and employees secure connections to the business's servers regardless of the employee's location.
But the keyword there is "traditionally". The old VPN tools and protocols are going gray and losing their eyesight. The good news is there's a new kid on the block, Wireguard VPN, that's revolutionizing how VPN's are utilized. The time to jump in is now!
In this post, we will get you started with the basics of Wireguard VPN, its benefits, use cases, etc., as well as touch on topics such as Wireguard vs OpenVPN. So hang tight and read on.
What is Wireguard?
Wireguard, in its simplest form is a protocol, or a specified way to format data, used to create a secure tunnel between two computers. It uses state-of-the-art cryptography and is a much simpler and faster protocol than traditional VPNs.
Think of Wireguard VPN protocol as a recipe for creating secure communication that is extremely difficult (if not impossible) to snoop. This is useful in a myriad of ways, some of which we will investigate through a series of future articles.
History of Wireguard VPN
As mentioned, existing VPN protocols have been utilized for a long time, and have grown without really evolving. Wireguard was created by security researcher Jason A. Donenfeld to cut through the excess and focus on the bare necessities.
The two most common protocols for VPN's have been IPsec and OpenVPN which built up over years and incorporated all security features possible. While that sounds good, it leads to a huge code base that is highly impossible to properly audit and verify.
Ultimately, this complexity and perplexity drove the development of Wireguard which is considered a small codebase and easily understood. Wireguard VPN was first proposed to the Linux community in 2018 and officially released in 2020. Although young, it has already been audited and verified.
This is great news for all internet users as nation-states are actively trying to cripple encryption and prevent online privacy.
Benefits of Wireguard VPN
Wireguard has many benefits over the older protocols such as OpenVPN and IPsec.
Simplicity: Calling it "simple" is a huge injustice to the work that Donenfield has put in to create the protocol. But it means that it is easily audited, less prone to attacks, and accessible to more people.
Faster: Negotiating connections are much faster than older VPN protocols.
Easier Setup: Setting up Wireguard and configuring it is way more simpler compared to OpenVPN or IPSec. Stay tuned for guides on how to setup Wireguard.
Performance: The elegance of the code is that it builds on modern and efficient technology to deliver secure internet traffic MUCH faster due to lower overhead. How much faster? Have a look below:
Wireguard vs other VPN protocols
All VPN protocols are built upon a subset of algorithms, which handle various functions to make the VPN actually work. Both IPsec and OpenVPN provide a wide array of choices (including choices for cipher suite) which adds to their complexity.
The two previously mentioned VPN protocols, OpenVPN and IPSec, have a codebase that is nearly 10 times larger than that of Wireguard.
Wireguard makes use of few very, well-regarded, and respected cryptography standards while not offering any choice of alternatives. This simplifies ensuring security and development. That's about as technical as I will get for now.
Let's have a look at why so many are excited about the Wireguard VPN protocol and why it is changing the way people are using VPN's.
Wireguard vs IPsec
IPsec, proposed publicly in 1996, is really the original protocol for securing traffic sent over the internet. Since then, it has grown and changed and is now "maintained" by the IETF through working groups that collectively create open standards for the protocol (and the internet in general).
IPsec's history and implementation are complex and full of questionable decisions. Wireguard is using much of the same cryptography as IPsec, but in a more streamlined fashion. The biggest differences now show in Wireguard's ease of setup and use as you will see going forward. Conversely, IPsec appears to be heavily geared towards security specialists and governmental implementations.
Wireguard vs OpenVPN
OpenVPN, started in 2002 as an answer to IPsec's shortcomings, is probably one of the most well-known VPN protocols today. It is indeed a powerful and well-tested protocol, however, it has a distinct niche. In OpenVPN's own words:
"The core of OpenVPN Inc. has always been business-to-business (B2B), and Access Server was designed as an enterprise solution."
This generally means it is designed to run on business-grade hardware and requires a professional to dig through the cryptography choices for optimization.
Compared to OpenVPN's strategy, Wireguard is more efficient and can run on even the smallest of computers. This makes it an ideal candidate for home and consumer hardware like Raspberry Pis and smartphones. This translates into huge performance gains.
Wireguard vs ZeroTier
ZeroTier, started in 2015, is a newer player to the VPN field that touts itself as a service that "just works". By combining encrypted P2P (Peer-to-Peer) network with centralized root servers, ZeroTier provides a self-operated network layer to connect devices.
It sounds like a great concept but I have a few concerns. It appears that the ZeroTier code has not undergone a full security audit and verification process. According to the ZeroTier twitter, they recently underwent a preliminary cryptography audit which uncovered a few weaknesses.
It appears a full code review will take place after releasing v2.0 of the ZeroTier protocol (currently 1.6.5 as of writing this).
Many users swear by the simplicity of ZeroTier. I do not have experience with ZeroTier's product, but the simplicity of use doesn't seem to be backed up by a solid design. Maybe in the future, it will be worth revisiting.
Wireguard vs VPN Providers
Many commercial VPN providers have actually started incorporating the Wireguard protocol into their own services. NordVPN, for example, has incorporated Wireguard and is calling it NordLynx. While NordVPN is great for changing your country IP, you are still passing all of your data through their servers.
If you still trust them (even after the data breach) and are willing to pay for it, the service allows you to use either the OpenVPN or Wireguard protocol.
Setting up a Wireguard connection on your own server means you need not rely on any hardware other than your own. Plus, being a FOSS, there's no additional cost to use this cool technology!
Wireguard Setup and Use Cases
Enough raving about Wireguard VPN's benefits. Let us look at some real-world setup and use cases where you could benefit by using Wireguard for VPN.
Wireguard VPN Setup Scenarios
Since Wireguard is such a lightweight tool, it can easily be used on most existing hardware. The setup concept is quite similar to that of setting up a SSH server using keys. Briefly, the Wireguard setup steps include:
- Setting up Wireguard server - Linux, Windows, Mac, Docker, etc.
- Create Wireguard config files/keys for devices to use.
- Configure clients - Android, iOS, Windows, Mac, Linux, and more.
Hardware platforms include anything from a Raspberry Pi up to a VPS. It can be setup in a multitude of ways including directly on the server (bare metal), using docker, or on any device.
Wireguard was initially baked directly into the Linux kernel (5.6+ and back-ported to a number of LTS). But now there are clients for Windows, Mac, Android, and iOS as well.
Example Wireguard Use Cases for Homelabs and Enthusiasts
There are numerous ways to incorporate Wireguard into your setup. Some examples include:
- Connect to a Nextcloud or Plex/Emby/Jellyfin from outside your home network without exposing it to the wider internet.
- Full protection while using public wifi like an airport or coffee shop.
- Avoid country bans or geo-blocks on streaming services by connecting to your home server or VPS.
- Connect your DNS to a remote Pi-Hole. This is my personal use case and will touch on it later in the series.
- Route all traffic from a Docker container through a Wireguard tunnel. This could be a great extension of our Docker Traefik guide.
- Create a secure tunnel to a VPS and create a site-to-site VPN connection.
The above list is not exhaustive and only provides few example scenarios.
Commercial VPN Providers with Wireguard Protocol Support
Despite the benefits and simplicity of Wireguard VPN, if you still prefer to use commercial VPN providers with Wireguard support, then here are several options for you.
- Mozilla VPN
- Private Internet Access
- Plus many more
Mullvad pioneered the adoption of Wireguard VPN protocol. They believe so much in Wireguard that they donated to the Wireguard project.
Other VPN providers (OVPN, Private Internet Access, NordVPN, etc.) also adopted Wireguard and donated to the project. But honestly, the list grows by the month as more and more companies jump on the Wireguard bandwagon.
Is Wireguard secure?
Yes. Since it can be run directly on your own hardware quite easily, we remove a potential leak point. As mentioned above, it has been independently audited and verified. If this is a concern, I recommend you do your own research as there are numerous papers and articles written on the subject.
Is Wireguard free?
Absolutely! It is Free and Open Source Software (FOSS). According to the Wireguard website:
"The kernel components are released under the GPLv2, as is the Linux kernel itself. Other projects are licensed under MIT, BSD, Apache 2.0, or GPL, depending on context."
Is Wireguard faster than OpenVPN?
Yes. The overhead required to initiate and maintain an OpenVPN connection consumes considerable bandwidth. In simpler terms, streaming videos is a much better experience when using Wireguard vs OpenVPN.
Can I setup Wireguard on Windows?
Indeed. Wireguard has created cross-platform implementations. You can set up Wireguard as a server or a client in Windows. We will be releasing a guide on this process shortly!
Can I setup Wireguard on Docker?
Yes. There isn't an official Wireguard image. But there are many well-trusted images that can create a docker container as either a server or client. Be on the lookout for a guide on how to setup Wireguard using Docker.
For related reference, here is our guide on OpenVPN Server using Docker.
Can I setup Wireguard on Raspberry Pi?
Yes! Setting up Wireguard on a Raspberry Pi is effectively the same process as with any Linux installation. If you prefer a one-click installation, there's a nifty script offered by PiVPN. It's quite a large script and I didn't take the time to review the 2300+ lines of code. Our Linux installation guide is coming soon!
Can I setup Wireguard on Synology?
Yes you can. By combining the upcoming Docker Wireguard guide with our Docker Synology guide, you should be able to get Wireguard working on Synology NAS.
Is Wireguard ready for Homelabs and Enthusiasts?
Definitely! Like most Linux-born software, it is designed to be setup via command-line (CLI). Fortunately, the whole thing can be setup in just a handful of lines. It is simple enough to setup and configure clients, and secure enough to use without constant worry.
Is Wireguard Enterprise-ready?
I believe so. However, I'm not an IT professional nor a cryptography expert. Every technical review I've read shows that Wireguard is a stable and trustworthy piece of software. There are those that will continue to swear by OpenVPN and IPsec, but I don't see how they can be considered superior.
Does Wireguard work with Kodi?
Yes. Some of the Kodi-centric operating systems such as LibreELEC have already published guides on configuring Wireguard for Kodi.
Concluding Thoughts on Wireguard VPN
Wireguard is one of the most exciting pieces of software to be released in 2020 and should really be on everyone's radar.
I have been personally using it for months now and couldn't be happier with the speed, seamless usability, and piece of mind that comes with using my own hardware.
I had previously been a customer of one of the aforementioned providers, but after some technical difficulties and unhelpful support decided to roll my own Wireguard VPN. Since day one I have been very happy and wouldn't consider going back.
Our hope was to give you a beginner's level overview of the Wireguard VPN protocol that is revolutionizing the VPN industry. Be sure to check back later for several guides on Wireguard implementation and use.