WireGuard is an opinionated VPN protocol which means that it's not possible to use any other ciphers than the included combination. As such, WireGuard uses ChaCha20 for symmetric encryption, Curve25519 for Elliptic curve key agreement, BLAKE2s for hashing and HKDF for key derivation.
There are no known major vulnerabilities and WireGuard is considered secure. WireGuard supports Perfect Forward Secrecy.
Perfect forward secrecy means that the encryption key used to encrypt and decrypt data is changed automatically and regularly. If the encryption key is compromised, it exposes only a small portion of the user's sensitive data.
OVPN's implementation of WireGuard rotates encryption keys automatically, ensuring consistent and constant security.
WireGuard's code base is substantially smaller than other VPN protocols and thus enables easier audits.
The speed & latency depends on which device WireGuard is run on, as well as how users' internet providers peer with OVPN's internet providers. Our VPN servers have the processing power to encrypt up to 4000 Mbit/s using WireGuard which is 2x the speed of OpenVPN.
The increased throughput in WireGuard can be explained due to the modern encryption protocols it employs coupled with its ability to make full use of the processor through multithreading. Reaching speeds over 100 Mbit/s should not be an issue on computers, phones and routers.
WireGuard combined with our premium networking partners allows OVPN to provide our customers with fast speeds and low latencies.
WireGuard is very stable and supports a variety of different operating systems. WireGuard works only over UDP.
As WireGuard only works over UDP, firewalls and restrictive networks are able to restrict the protocol. It's not common practice, but as an example, Chinese users will most likely not be able to use WireGuard as there are no obfuscation protocols implemented as of yet.
WireGuard has roaming built-in which results in a seamless experience on cellphones when switching frin a Wi-Fi network to mobile data (4G). Connections to VPN servers happen instantly, whereas OpenVPN can take several seconds.
Using WireGuard on phones is a drastically better experience than using OpenVPN, as connections when moving between networks happen instantly. Another huge benefit is that the modern encryption protocols used are more battery efficient.
WireGuard works well on Windows, macOS, Linux, iOS, Android and a bunch of other operating systems. It is beginning to be included in Linux operating system releases as it has been merged to the Linux 5.6 kernel. Other operating systems require manual installation.
Installation only takes a few minutes. The default software is quite user friendly and OVPN has built an easy-to-use WireGuard configuration generator. OVPN is working to include WireGuard into our custom desktop client that will make WireGuard super easy to use, together with several other security enhancements.
OVPN is developing apps for Android & iOS which will purely utilize WireGuard as the VPN protocol.
WireGuard is not built with anonymity in mind. But the same goes for OpenVPN, which is why OVPN has made several changes to ensure the integrity of our customers when they connect to our OpenVPN servers.
We have performed several tweaks in our WireGuard implementation to ensure that our customers can experience optimal privacy.
WireGuard is still under active development and we're excited to see what's next.
OVPN currently has WireGuard servers in the following regions. New WireGuard servers and locations are added regularly.
Vienna, AT Sydney, AU Toronto, CA Zurich, CH Erfurt, DE Frankfurt, DE Copenhagen, DK Madrid, ES Helsinki, FI Paris, FR London, GB Tokyo, JP Amsterdam, NL Oslo, NO Bucharest, RO Gothenburg, SE Malmö, SE Stockholm, SE Sundsvall, SE Singapore, SG Atlanta, US Chicago, US Dallas, US Los Angeles, US Miami, US New York, US