What is WireGuard?
A modern, lightweight VPN protocol with approximately 4,000 lines of code, designed for simplicity, speed, and strong cryptography.
WireGuard has become the preferred VPN protocol, replacing OpenVPN and IPsec for most use cases.
Key Features
- Minimal codebase: ~4,000 lines (OpenVPN: ~100,000). Easier to audit.
- Fast: Uses ChaCha20-Poly1305 and Curve25519. Very low overhead.
- Simple: Configuration is a few lines. No complex certificate management.
- Built into Linux kernel: First-class OS support.
Cryptographic Primitives
- ChaCha20 for symmetric encryption
- Poly1305 for authentication
- Curve25519 for key exchange
- BLAKE2s for hashing
- SipHash24 for hashtable keys
Privacy Consideration
WireGuard stores the last-seen IP of connected peers. Some VPN providers (Mullvad, IVPN) have modified their WireGuard implementation to delete this data, improving privacy.
Adoption
Mullvad, IVPN, Proton VPN, NordVPN (NordLynx), and Surfshark all support WireGuard.
Related Terms
ChaCha20-Poly1305
A modern authenticated encryption algorithm that provides both confidentiality and integrity, widely used as an alternative to AES-GCM.
Virtual Private Network
A technology that creates a secure, encrypted connection over a less secure network, such as the public internet. VPNs mask your IP address, encrypt your internet traffic, and can make it appear as though you're browsing from a different location.
VPN Protocol
The set of rules and encryption methods that determine how a VPN tunnel is established and how data is transmitted through it.
Have more questions?
Use our guided flow to get the right next privacy step for WireGuard.
Open Guided Flow