“Revolutionary VPN Project” is what WireGuard claims to be and it also says that’s overall faster than well-known solutions like OpenVPN. To be fair the application, the service and the entire development is still under construction but I want anyway take a critical look at it right now – do answer the question if it’s already worth testing it or not.
Android and VPN – Here are the problems
Basically if we talking about VPN on Android we get two solutions, IPSec and OpenVPN. IKEv2, L2TP, PPTP and related 90s technologies are also quite popular but due several reasons there will be only OpenVPN/IPSec – mostly due computability reasons.
The problem with IPSec and OpenVPN?
No, just because NSA hacked IPSec doesn’t mean it’s by default insecure, the default algorithm got already changed and it’s not more or less secure as other protocols. The main problem is however that the code-base is huge which makes it difficult to audit the protocol – More code -> Harder to audit + the more time you need to spent.
According to this given picture (thanks to WireGuard) you see he problem within 2 seconds, the code is bigger on other projects – the issue, time to audit it is a huge problem here. Is this really argument? I don’t know, time is always a reason, of course I get the point (ahaha, the irony) that it’s faster to audit but that doesn’t tell us anything about the code quality itself.
WireGuard is a novel VPN that runs inside the Linux Kernel and utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPSec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. It runs over UDP, the fastest possible VPN would be over ssh – but comes at some negative costs.
Latency and Performance
It’s mostly all about it – isn’t it? You care more about your online ping and response time rather than how secure it is – right? Well, not exactly but most people complain about this first.
It really looks promising but remember that the protocol is half-cooked and not fully done, there still no audits or reviews. But I have to admit it looks good.
While WireGuard is primarily developed as an optimized kernel module for Linux, there is a userspace portable version in the works, so that it can be distributed in apps in the Play Store without needing root access.
The implementation itself requires for OEM’s to adopt it directly into their kernels, a workaround is to install a Magisk module which bypasses that (the main app is still needed). This little module adds Wireguard support to any ROM that currently do not include support it – basically it adds wg and wg-quick to /system/xbin.
The WireGuard development team is currently recruiting Android GUI developers to work alongside them as they make advances in the core technology.
Currently Android, Ubuntu (among other Linux distros) are supported, as mentioned it requires a Kernel implementation/support.
Overall, WireGuard appears to be the future of VPNs and secure network tunnels, embracing rock solid modern cryptography, a secure auditable code base, and an innovative protocol well suited for smartphones.
While this is still under heavy development I can’t come to an final verdict, but as mentioned it’s a promising project which got my attention and I’m excited to see more next year.
- WireGuard Kernel/ROM Integration (forum.xda-developers.com)
- WireGuard Git (git.zx2c4.com)
- Wireguard Whitepaper (wireguard.com)
- WireGuard Donations (wireguard.com)
- [GUIDE] How-to Use WireGuard on Android and Ubuntu (forum.xda-developers.com)
- #wireguard on Freenode (kiwiirc.com)