What is WireGuard? The VPN term explained, and whether you need it (2024)

Editors' note, Feb. 9, 2022: The VPN industry has undergone significant change in the past few months, with all three of our top VPN choices announcing major changes in corporate ownership. In December, ExpressVPN announced that it had officially joined Kape Technologies, a company that already owns several other VPNs and has raised privacy concerns in the past. In February, NordVPN and Surfshark announced the two companies were merging, though they'll continue to operate autonomously. We're in the process of reevaluating all of our top picks in light of these changes. We will update our reviews and, if necessary, our rankings to account for this new competitive landscape.

Maybe you've seen virtual private networks advertise something called WireGuard protocol, and wondered what that means. What's the big deal? Is WireGuard protocol better than any other type? Is it more secure, or just more hype in a field with a lot of buzzwords? While there's a lot to understanding protocols, the broad strokes -- and what they mean for your online privacy -- can be explained in less than 5 minutes of reading. Here's what you need to know.

VPNs work by creating an encrypted tunnel between your device and a secure server, then sending your traffic through it. Those encrypted tunnels come in all kinds of metaphorical shapes and sizes, though. The driving force creating each encrypted tunnel, which determines that tunnel's shape and size, is called your protocol. WireGuard is just one of several different types of protocols used to create these tunnels.

Choosing an encryption protocol is a lot like choosing what kind of transportation you'll take on the road. Zipping around town in a isn't going to offer you as much protection as travelling in a presidential motorcade, but the latter is going to turn your trip to the grocery store into a 12-hour event requiring top-level clearance. On the highway and in encryption protocols, there's almost always a trade-off between speed and security. The trick is finding the option that suits the need.

Protocol choice is also about more than just speed and security. It's about compatibility. In their various settings and options menus, most VPNs offer you the ability to select a protocol from a list of those available within the app. Desktops, laptops, gaming consoles and mobile devices -- with all their myriad platforms and operating systems -- might work better or worse with one VPN protocol or another. Don't worry, though. Most commercial VPNs' default protocols are set to work with as many devices as possible, right out of the box.

WireGuard is a relative newcomer to the protocol scene, and has been lauded for enabling speeds that are as fast as some of the older and less secure protocols, while still offering some improved security over them. Because durable encryption protocols don't just pop up every day, WireGuard is also currently enjoying some added attention from advertisers for its novelty.

Currently, the most widely used protocol is OpenVPN. It's generally considered the best tradeoff between security and speed, it's compatible across devices and platforms, and it's the open-source protocol many independent developers use to create their own VPN services from scratch. All of the top-recommended VPNs in our directory offer an OpenVPN option.

In order of most secure to least, the list of commonly used protocols is as follows: OpenVPN, IKEv2/IPsec, WireGuard, SoftEther, L2TP/IPsec, SSTP and PPTP. Because of its infamous security flaws, we don't recommend anyone use the long-outdated PPTP, regardless of device or connection speed. In our VPN reviews, it likewise reflects poorly on any commercial VPN to offer the option at all. SSTP has similar issues.

WireGuard advantages: Security, speed, power consumption

Speed is the first major advantage of WireGuard. It has a light touch when consuming your device's CPU resources, and is a leaner protocol overall -- that usually means longer battery life and less lag when you're opening and using other apps on your device.

This speed boost also includes connection and reconnection speeds. So if you're using a VPN on your cell phone, for instance, and switch from mobile data to Wi-Fi, Wireguard should be fast enough in most cases that you don't notice a significant disruption in your connection.

On the security side, I like that WireGuard is open source (like OpenVPN). This lets developers not only see everything that it's doing for added security, but it also makes it more likely developers will try it out with new products. It has a smaller code base, and generally has a smaller surface area susceptible to outside attacks. Being open-source also means that WireGuard is getting more platform compatible all the time. It currently supports use with Windows, MacOS, Android, iOS and Linux.

WireGuard disadvantages: Privacy, weak on censorship

It's still early days for WireGuard. That means that while its compatibility with platforms is expanding, not all VPNs currently support it.

That could be because offering WireGuard while protecting user privacy requires some extra work on the part of a VPN. One major security concern is that -- if left to its default configuration -- WireGuard would store IP addresses on a server and not assign them dynamically. VPNs that offer WireGuard must therefore address that problem in their own software.

I'm also still skeptical about the fact that WireGuard doesn't use the internet's gold standard of encryption, AES-256, and instead uses another untested component in encryption called ChaCha20. Though both are symmetrical forms of encryption and share some of the same inherent weaknesses, more time is still needed for encryption aficionados to explore the latter.

Another issue with WireGuard is that it sometimes struggles to bypass internet firewalls used by countries where censorship is prevalent or VPNs are outlawed. This can also interfere with what types of sites you can access. Although this type of technology isn't immune to politics, WireGuard's problem appears to have more to do with its quest for speed than it does any political agenda. If you poke your head under the hood just a bit, you can see the problem right at the center of the engine: WireGuard's protocol suite transport layer is spitting out data using a method called UDP, or User Datagram Protocol.

UDP is faster than the more commonly used Transmission Control Protocol type, and it's better for streaming data-heavy content such as videos and music. It's also arguably more secure since it doesn't rely on OpenSSL libraries, which have been exploited in the past.

The problem is that security isn't the same as privacy. While WireGuard's small amount of code may make it less prone to direct security attacks, its use of UDP makes it stick out like a sore thumb to anyone looking for VPN use on a network -- your internet service provider, your school network administrator or the government entity that's surveilling the traffic in your country. UDP is also a little more prone to instability than TCP, so if you're going to use a VPN with WireGuard, make sure it's a VPN with a kill switch enabled.

The takeaway

For maximum privacy, stick with OpenVPN -- especially if you're in a jurisdiction where bypassing censorship is important. However, If you're running a VPN in an environment where speed improvements trump privacy (say, accessing international versions of a streaming video service while in a region with slower speeds) the option to flip the switch in your VPN app from OpenVPN to WireGuard might prove helpful.

If you're not specifically looking to experiment with protocols or speed, then a VPN isn't worth getting purely on the grounds that it offers WireGuard. Especially when OpenVPN is still the preferred protocol. If you're in a country where bypassing censorship is important, OpenVPN is still preferred.

VPNs that support WireGuard

If you want to try WireGuard out with one of the VPNs in our directory, the protocol is currently available to use in NordVPN (see our NordVPN review), Surfshark (see our Surfshark review) andCyberGhost (see our CyberGhost review). It's also available inMullvad, StrongVPN, TorGuard, VyprVPN, Hide.Me and PIA.

More VPN recommendations

• What's the best cheapest VPN? We found three good options
  
• Fastest VPNs of 2022
• CyberGhost vs. Surfshark VPN: Speed, security and price compared
  
• Best VPN for Mac in 2022
• Best iPhone VPN of 2022
• Best Android VPNs for 2022
• Why the best free VPN doesn't exist
• VPNs may be your best weapon against ISP throttling
  
• Accessorize your Xbox Series X or Series S with these gaming add-ons