WireGuard® is a new VPN protocol that is lightweight, fast, and secure. By default, there are some potential privacy issues with WireGuard, but Proton VPN’s implementation of the protocol uses unique technical solutions to safeguard your privacy.
Which implementation of WireGuard does Proton VPN use?
Proton VPN uses a specially modified version of the WireGuard implementation built into the Linux kernel(new window). Our modifications are designed to enhance performance and privacy while maintaining full compatibility.
The misconception that WireGuard inevitably generates logs is probably based on the fact that, by default, it requires a static (and therefore identifiable) connection between the VPN app and the VPN server. To get around this, we hardcoded our apps to begin every WireGuard VPN connection using the same internal IP address (10.2.0.2).
To allow more than two people to be connected to the same VPN server at the same time on WireGuard, we use double network address translation (NAT) to dynamically provision sessions.
This means when your app connects to one of our VPN servers via WireGuard, the first NAT will rewrite the 10.2.0.2 IP address to a random but unique internal IP address that is assigned to your session. From this point on, WireGuard works like any other VPN: The second NAT rewrites your session IP address again to the VPN server’s public IP address before it connects to your desired website.
This technological innovation is how we are uniquely able to provide the publicly audited security and performance of WireGuard, without privacy trade-offs.
TL:DR
When you connect to our VPN server via WireGuard, your device can only see the IP address 10.2.0.2, and the website you visit can only see the public IP address of our VPN server. Your true IP address remains secure and private, just as it would with OpenVPN.
Does WireGuard benefit from Proton VPN’s VPN Accelerator technology?
Yes. Our unique VPN Accelerator(new window) technology can improve speed performance by over 400% and is particularly effective over large distances. It is free to all Proton VPN users, available in all Proton VPN apps, and works with all supported VPN protocols, including WireGuard.
WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs). It aims to be lighter and better performing than IPsec and OpenVPN, two common tunneling protocols.
, your device can only see the IP address 10.2. 0.2, and the website you visit can only see the public IP address of our VPN server. Your true IP address remains secure and private, just as it would with OpenVPN.
One design goal of WireGuard is to avoid storing any state prior to authentication and to not send any responses to unauthenticated packets. With no state stored for unauthenticated packets, and with no response generated, WireGuard is invisible to illegitimate peers and network scanners.
The main drawback of the WireGuard protocol is that it was not built for anonymity and privacy. Its privacy is primarily questioned because it requires users to log their data. Instead of assigning a different IP address to the user, it gives the same IP address each time.
VPN services can be hacked, but it's exceptionally challenging. WireGuard protocol combined with AES or ChaCha encryption is almost impossible to decrypt using the most common hacking technique — brute force attacks.
It is extensible that new cryptographic primitives can be added. WireGuard does not have that. That means WireGuard will break at some point, because one of the cryptographic primitives will weaken or entirely break at some point.
The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also their defining features. We've taken a closer look at each so you can really understand how they work.
WireGuard's security hinges on the strength of its cryptographic algorithms. The protocols and algorithms employed by WireGuard, such as Curve25519, ChaCha20, Poly1305, and BLAKE2s, are widely regarded as secure and resistant to known attacks.
You can add another layer of cryptographic protection to your VPN with the PreSharedKey option. Its use is optional, and adds a layer of symmetric-key cryptography to the traffic between specific peers. Note: Both sides need to have the same PresharedKey in their respective [Peer] sections.
WireGuard does not provide obfuscation, meaning that internet service providers (ISPs) can see when you are using it — although, of course, they can't see what you're using it for. This means that a WireGuard VPN won't necessarily be able to help you bypass firewalls.
However, WireGuard is still a very secure protocol if you're looking for data security. WireGuard is generally considered one of the safest protocols today with its simple design, less code, and fewer possible bugs.
When you connect to our VPN server via WireGuard, your device can only see the IP address 10.2. 0.2, and the website you visit can only see the public IP address of our VPN server. Your true IP address remains secure and private, just as it would with OpenVPN.
The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also their defining features. We've taken a closer look at each so you can really understand how they work.
Compared to IPSec, WireGuard is thought to provide faster performance and more security because of its smaller codebase. On the other hand, IPSec is a well-developed protocol with a wealth of features and compatibility.
Address: 55021 Usha Garden, North Larisa, DE 19209
Phone: +6812240846623
Job: Corporate Healthcare Strategist
Hobby: Singing, Listening to music, Rafting, LARPing, Gardening, Quilting, Rappelling
Introduction: My name is Foster Heidenreich CPA, I am a delightful, quaint, glorious, quaint, faithful, enchanting, fine person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.
