What is Wireguard? A "New" VPN Protocol + How it Compares to OpenVPN
Вставка
- Опубліковано 1 лип 2024
- Why is WireGuard becoming more popular? The answer is simple, WireGuard is a fast, free, and new open-source VPN connection protocol. Learn how to setup your own Wireguard VPN here: • How to Roll Your Own V...
See this comprehensive list of VPNs that run Wireguard: www.allthingssecured.com/vpn/...
Read more about WireGuard here: www.allthingssecured.com/vpn/...
🔹🔹🔹Recommended VPNs with WireGuard🔹🔹🔹
✅ Mullvad VPN: www.allthingssecured.com/try/...
✅ NordVPN: www.allthingssecured.com/try/...
✅ VyprVPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Introduction to VPN protocols
1:01 - How Wireguard Works
1:39 - Benefits of Using Wireguard
3:00 - Best VPNs that Use Wireguard
*********************
Simply put, Wireguard is a free, open-source VPN connection protocol that has proven to be faster, simpler and more lightweight than other encryption protocols.
If that doesn’t make sense to you - and don’t worry, you’re not alone - think about this: OpenVPN, which is currently considered the security standard for VPN protocols, runs on 600,000 lines of code. IPSec, another standard VPN protocol, has 400,000 lines of code.
Wireguard runs on 4,000.
That’s a 99% reduction in code, which has made it much easier to manage as well as to debug. In this case, simpler is definitely better. Not to mention that this represents what is considered to be a stronger encryption method.
Over the next few minutes, I’m going to explain how Wireguard works, the benefits of using Wireguard, and finally the best VPN services that are now running the Wireguard protocol.
I’ll start by saying that Wireguard was initially developed back in 2016 as an alternative connection protocol for the Linux operating system.
What we’re dealing with here is a way to encrypt communication between two devices, which could be your computer and your corporate network, a server and a machine, your phone and the cellular network...whatever.
This is important when passing sensitive information across the open internet. There are already a lot of encryption measures in place, but a virtual private network or “VPN”, adds an additional layer of security.
But what makes Wireguard so special when we have perfectly good protocols we can use already?
It can really be boiled down to three things:
First, Wireguard creates a stable connection faster than previous protocols. I’ve already seen this myself in multiple cases where it takes less than 1-2 seconds to establish a connection through Wireguard when it normally takes between 5-10 seconds using OpenVPN.
It can also switch from mobile networks to WiFi networks without dropping, which is a huge benefit.
You see, the old connection protocols were designed decades ago and have been slowed by all the over-engineering that has taken place to make them meet different needs.
Second, Wireguard has been tested to perform up to 4 times better than OpenVPN and IPsec-based VPNs. That means you can get up to 4 times faster speeds when you’re connected to the VPN, which if you’ve used a VPN for any period of time, you know how important that is.
Finally, Wireguard utilizes modern cryptography that has been peer-reviewed and promoted by numerous security experts. All VPN protocols provide a level of security, but only Wireguard takes advantage of new methods such as cryptokey routing.
For you, the user, the only thing that really matters is that the VPN protocol connects quickly, stays connected and gives you fast connection speeds.
Now, unless you’re incredibly tech savvy and feel comfortable setting up your own virtual private network at home, most of us are going to be using a commercial VPN that has integrated Wireguard into their applications.
#vpn #wireguard #infosec - Наука та технологія
Thanks for watching this explanation of the Wireguard VPN protocol! If you have any questions, please leave a comment below. Also, if you're looking for a VPN that utilizes the Wireguard protocol, here's what I recommend:
✅ Mullvad VPN: www.allthingssecured.com/try/mullvad-wg
✅ NordVPN: www.allthingssecured.com/try/nordvpn-wg
✅ VyperVPN: www.allthingssecured.com/try/vyprvpn-wg
I very much appreciate the layman's explanation, meet people where they are approach. I get it now. I hope you do a series of IT videos for beginners at some point. I would definitely watch them, even if they're 1,000 clips!
Thanks for the suggestion!
As a developer I just want to say, less lines of code doesn't necessarily has to be faster/optimized.
This is true, I agree. However, clean code that hasn't been bloated by decades of enterprise use often does lead to a more optimized experience. In the case of WireGuard, the proof is whether or not it translates to a faster, more stable and secure user experience. For me and many others over the past year, the answer is a clear "YES" :)
Just tried Wireguard and it was annoying and buggy. I liked it but didn't feel any speed difference (actually it felt a bit slower in some cases and speed was not reliable ) , and it is not production ready at all and most important thing is it's not reliable.
As said above Less lines of code is not important if the software is not working properly. (I'm a developer as well)
As a developer I can tell you half a million lines of codes is more difficult to debug than 4000 lines.
As a developer - less code is more secure. Pure statistics. With more locs more bugs will occur. but yes, it has nothing to do with being faster, but I did not understand this from his talkin'
@@mickyarams absolutely true..
Great video. Concise and well organized.
Glad you enjoyed it!
Love that your videos start up right away. 👍🏾👍🏾
Thanks
It works well for me! But be aware that WG tends to use a LOT more battery when used on an iPhone for example as compared to IPSec with AES-256-GCM and SHA256 encryption and hashing (which are typically hardware accelerated)
Mullvad is super fast on MacOS and iOS now in 2022. The only problem is iOS doesn't allow killswitch (MacOS does though). I recommend it above the others, except maybe ProtonVPN which allows WireGuard on their Unlimited plan.
We just got this on ipvanish and was wondering what it was . Awesome video !!! I'll be using it on my vpn from now on
Subscribed. Nice explanation. Thank you.
Awesome, thank you!
Watching 3years later - not sure if that's because I am in South Africa or I am just usually slow?! Your videos always come in handy when I want to change things up on my home network.
Question: Would you know how to add Wireguard into built-in Windows 11 "VPN Manager"? It would be great to get advantages of Wireguard without installing separate VPN Client software. Thanks.
Very thorough sir, thank you!
My pleasure!
Two questions; First is the reduction in lines of code also caused by relying on third party libraries, essentially outsourcing the code, making it more of a marketing tool?
Second, regarding the cryptokey routing; doesn't that cause issues when using IP range overlaps from one peer to the next?
essentially yeah, its also not even really an appealing claim to anyone who does programming, less lines of code does not necessarily mean better or even faster, infact intentionally limiting your codebase to a low amount of code can be extremely limiting on potential features such as obfuscation.
Was wondering the same thing, would like a clear answer on this but might have to go digging myself
the point that it can seamlessly transition between wifi and cellular is one thing which really got me from your talk here! I constantly got kicked out with my phone with openvpn hence I could never be sure if all data actually goes through the vpn since you can not configure an iphone to use an 'untrusted' network. sadly it is not natively supported on iOS :/
Have you tried using a commercial VPN that has Wireguard as an option?
@@AllThingsSecured this wouldn't change the core functionality in ios would ? ;) no but honestly id rather run my own box. Trusting one over the other doesnt make it better
love your videos!
what is good protocol for gaming?
i have setup pivpn can i make my local pc and, devices connect to it and, still access them remotely
Does "faster speed" mean higher bandwidth or lower latency? Quite a lot of these claims feel ambiguous
I don't really understand what data is being shared. If I gave my tunnel's public key and I'm accessing my company's pc with remotedesktop, can they only see what's done in the remote desktop, or can they see all activity on the computer, or even wifi?
Hello, thanks for the great video. I am doing my dissertation for my MSc on a critical comparrison of OpenVPN vs Wireguard. I was wondering if you point to a narrow research area that would be of interest that may not have been looked at before?
Sorry, Alex. I don't really have time to help with that.
@@AllThingsSecured Not a problem, thanks for the reply. I think I'm going to investigate how both technologies perform in high latency environments.
@@Toffee_tech_tee update?
is there any way to decrypt encrypted packets using wireguard , captured with arp poisoning attack on wireshark ???
I can see how legacy code for further compatibility over the years may slow down the connection time of OpenVPN, however 2 seconds vs 5 seconds to connect isn't a big deal as long as the connection is stable. From what I've read, Wireguard isn't that stable yet, admittedly it's young.
If it can seamlessly reconnect while transferring from WiFi to 4G etc, then that's excellent. Look forward to conducting some tests on this over the coming months before potentially bringing it into production.
Thanks you!
My pleasure, Lars!
This is more a sales/marketing story, with no results nor any testing. That's a missed chance. The question should be, if you are responsible for data security in a company, would you rely on it? When PPPT encryption was designed it was considered safe too, we know these days better. In other words, the maturity of code is the lead. Openvpn has proven itself there where as wireguard didn't yet. Simpler is better without further explanation is useless and not always true either.....
Not meant to be sales-y, but also not meant to be a technical review. This is an explanation of what WireGuard is for those who have maybe heard about it but don't understand how it's any different than other protocols. Simpler is not always better, I agree, but like OpenVPN, WireGuard is open source, so if you have any specific problems with the code, I'd be happy to hear it. Talking about "maturity of code" isn't much of an argument here.
Thanks, Gerard!
In WireGuard for home setup “to access local network from a remote” with DDNS does the url need to be signed with let’s encrypt cert?
I can't say for certain. Sorry!
No, Wireguard will only use dns to resolve to an IP and use the encryption key in the config to secure the connection.
Which uses less system resources between WireGuard, IpSec and OpenVPN?
he did say this in the very beginning
its a bit old, but i still have questions.
1 - Can i use Wireguard to connect multiple computers with a specific port without paid VPNs
2 - What are the limits of Wireguard? (Computer to Computer response time and limits about download/upload)
3 - Can Wireguard work without VPNs in a Homemade Server?
4 - I don't know, its bad luck to make only 3 questions, so, do you like potatoes?
Can Wireguard work without VPNs in a Homemade Server - what do you mean by that? regarding #4 I prefer rice
9 months later they found some irregularities in the code. Always check out the latest info when using software relating to security.
PIA backs and implements Wireguard. I'm connected with it right now.
Correct...they incorporated WireGuard back in March of 2020.
Imagine using pia
I want to ask something about vpn server. There is something that I can't quite understand the logic of. I will be glad if you are help about that. For example I'm using a raspberry pi for vpn server at home and it's connected to the my home network. My home internet speed is 25 Mbps download and 5 mbps upload. For example i go to the office and internet speed is 100 mbps download and 100 mbps upload at office. If i connected to the my vpn server. What should be speedtest/fast test result? I mean my home network upload speed should be my download speed at outsite? Could you please explain about that? Because when i test at office i can see 30-40 mbps but normally my home network download speed 25 and upload speed is 5 mbps.
Your internet speeds can never be greater than your fastest internet connection.
@@AllThingsSecured What do you mean, could you please explain? With my senario, normally speedtest result what can be? Vpn server on my home and my home connection is 25 mbps download and 5 mbps upload. I'm testing connection from outside and 100 mbps down, 100 mbps up. I'm getting 30-40 mbps download is it normal? Normally should be my home upload speed am i wrong? I mean normally my download test should be max 5 (because my home upload speed) right?
les code means easier to hack right
Using wireguard in the torguard app on iOS
Great! How has it been for you so far?
@@AllThingsSecured had a random disconnect once with wireguard,everything else is good. IPSec,ikev2,wireguard for great speeds,openvpn cuts the speed in half
How does someone know which appropriate connection protocol to use?
It depends on your needs and devices: speed vs security, Windows vs Mac, desktop vs mobile, etc. In this case, Wireguard seems to be the best balance of both speed and security.
@@AllThingsSecured Which one has more security?
Can we create our own wireguard vpn server in ubuntu? Is it possible then how
Pivpn makes it easier to set up
Torguard also have wireguard now
Good to know.
I came here for technical details and this guy said I shouldn't know the truth.
Firefox vpn is here with WIREGUARD. It's fast like really fast as compared to others
how to install wireguard
The best thing you can do is just use a VPN service that has already integrated the Wireguard protocol.
Does surfshark use wireguard?
Not yet. According to the representatives I've spoken with, they're working on implementing Wireguard sometime later this year (2020).
They recently have implemented wireguard and its very fast
I agree . I am using Surfshark with Wireguard and it's incredibly fast.
what is different between wireguard and smartdns ?
Wireguard is a VPN protocol that encrypts your data while SmartDNS is a technology that uses DNS servers to spoof your location (but doesn't encrypt your data).
@@AllThingsSecured that means SmartDNS will give nearly the same speed as without using anything compared to VPN, cause while using vpn my internet is too slow, currently 40mpbs but after using vpn it gives as slow as 2mbps speed
@@creative-commons-videos Yes, SmartDNS has the benefit of speed.
How about Private Internet Access? Is it any good?
It's ok. Not my favorite, though.
@@AllThingsSecured Please, Consider reviewing it.
No
Malwarebytes Recently came out with A VPN using wireguard. Its called Malwarebytes Privacy. Although they are are working on other platforms so far it only supports windows n mac. They are offering a 7 day free trial after that it only costs $60 year for 5 devices.
Yea, that sounds about standard, Mark. I've never used Malwarebytes, though, and can't say whether or not they're a good company to use.
@@PhoenixTubez All vpns log data. Instead of your isp logging it your giving it up to the vpn, The vpns more or less promise not to share it. If a government requests it for a specific person, whos to say they wont?
@@PhoenixTubez they do not reveal what websites you visit. Where do you get this information from?
Here's exactly what they (Malwarebytes) has to say...
Word for word I might add!
We may collect both personal information and non-personal information. personal information is information that is either expressly provided by you, such as your name, or information that can be used either alone or in combination with other information to personally identify you, such as your email address, phone number, and user name.
We may collect the following personal information from you: Contact Information (such as name, email address, mailing address, or phone number); Unique Identifiers (such as username and password used for authenticating your Malwarebytes accounts and products) and machine identification number; Information about your business (such as company name, company size, business type) and; Information related to your usage of our products as described in the next section, below.
Our service providers may collect billing information (credit card number and billing address) on our behalf to process orders.
Non-personal information is all information that is not personal information or is information that was personal information but which we modify and/or aggregate with other data in order to make it Non-personal information. As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate, and anonymously generated device identifiers and administer the site.
Simply
There are two types of information we collect: personal and non-personal.
Software Collection - information collected when using our security software
User-Agent String
Each API communication coming from any of our client software identifies itself with a string that includes information about the software itself:
The program and build which is sending the requestThe current license state (as identified by the product)The version of the software as well as any subcomponents (currently, databases) that it uses
Why?
So we can manage your Malwarebytes product and ensure that it is up to date.
GeoIP Data
When we collect data from our client systems, we do not store IP address from which the request originates. However, we do use it to gather geographic information on the system calling in:
A location item indicating the continent, country, city, and approximate latitude/ longitude of the user based on your IP addressThe type of connection (dialup/broadband/satellite/mobile)The ISP through which the connection is madeThe organization to which the IP address is licensed, if any
Why?
So our malware intelligence team can track malware and potentially unwanted program ("PUP") outbreaks and patterns.
Functional Data
We collect data that is necessary for the functionality of the software or for our performance of providing the software to you. For example, we may need to collect system processes and behaviors in order to perform system rollback and recovery operations.
Why?
So our products are able to function as intended, including being able to detect and remediate malware and PUPs, and provide rollback and recovery operations.
Client Data
In addition to functional data, we collect client data from each program that describe the client environment (i.e., our software and the computer system it is running on). In this, we collect:
The operating system the program is installed onThe system language in use on that systemThe processor architecture (i.e., 32- or 64-bit)The file system in use (i.e., FAT32)Information from the Windows Security/Action Center, including security settings and programs installed or in useInformation about other Malwarebytes program settings and how they are configuredInformation about how you use our software or services ("Log Data")
Why?
So we can gather performance data around our products and how they operate in relation to different hardware and software environments. By having this data, we can improve our products as well as optimize them for the various system configurations that our users are using.
Machine Identification Data
We identify each system by assigning each system with a Malwarebytes-generated distinct identifier that is created at install time.
Why?
So we are able to get an accurate count of our install base. We are also able to identify changes to an individual system over time, allowing us to recognize trends which are used for improving our products.
License Data
We collect data from products corresponding to the products' applicable license state. These data also use a unique identifier. In this, we collect:
The key or keys used to license the current productThe type of license being usedIf it represents a console system, the number of seats being managed by that installation of the consoleEndpoint and network domain information
Why?
So we can remind you when your Malwarebytes subscription is about to expire or to determine the correct license type. We may use such license data in conjunction with other software collection to assist you in resolving licensing issues.
Malware and PUP Data
We collect data about the malware and PUPs that are detected by our products. We collect:
The vendor name of the malware or PUP removedAn encrypted description of which database rule was used to remove the malware or PUP in questionArtifacts detected as malware, PUPs, or suspicious filesInformation related to detected artifacts
Why?
So our malware intelligence team can track malware and PUP outbreaks and improve the efficacy of Malwarebytes products......
www.malwarebytes.com/privacy/#whatcollect
Malwarebytes, same as Firefox vpn both using the Mullvad servers. Mullvad does not log anything. Cant say anything about Malwarebytes/Firefox logging since i never read the Privacy Policy. But Mullvads Privacy Policy states this:
no logging of traffic
no logging of DNS requests
no logging of connections, including when one is made, when it disconnects, for how long, or any kind of timestamp
no logging of IP addresses
no logging of user bandwidth
no logging of account activity except total simultaneous connections (explained below) and the payment information detailed in this post.
What about vmess?
Never heard of it.
Please don't measure software quality by amount of lines of code. One line of program code could call 40,000 lines of library code underneath.
It is an argument that makes programmers instantly turn away from you as a source of expertise
There are hell numbers of protocols which often makes confused what us the best one, so many of them 😂
There's not *that many*, honestly. WireGuard and OpenVPN are the standard.
@@AllThingsSecured I hace tried OpenVPN one but not Wireguard at all
Also how I get save from Network congestion attacks
We don't need secure VPN because we already has HTTPS, so encrypting traffic twice makes it slow, except you are using some websites that still work on http not https.
There are more uses for a VPN than simply encrypting internet traffic.
Is the wireguard protocol not easier to break because it's more simple? I read this in an article: WireGuard requires much less code than OpenVPN - around 4,000 lines compared to 70,000 (at least). This smaller footprint makes it much easier for security researchers to audit and verify WireGuard’s code than OpenVPN’s.
I was told that to audit a vpn connection that it can cost a million years to break it and get the data because it is so strong secured that it is impossible to break.
Why does this wireguard messes my internet connection?
As long as this wireguard running i dont have internet connection.
Then something hasn’t been set up correctly. Are you running your own Wireguard VPN or a commercial VPN with a Wireguard protocol option?
@@AllThingsSecured i install this wireguard to know how to host a website. I dont know why it becomes my vpn.
But i uninstall it already.
Maybe a little less coffee :]
Me have less coffee? Yea...that ain't gonna happen ;)
The current problem with wireguard is that it's not ready for corporate networks. Corporate networks should be able to push networks from the server, as opposed to having them on client config files. What a management nightmare. Once things get developed, vetted, and audited, only then will corporate enterprises adopt.
You're probably right, David. But to be fair, these corporate problems are exactly why protocols like PPTP and OpenVPN are so bloated with code. My hope is that they can develop this enterprise version separately from the current version so that we as individuals don't have to pay the price for corporate needs.
LINUX again win win Bonus
I assume you're a Linux user, then ;)
I got the 1k like
Ha! Thanks.
This sounds not open. If it's really open, why are you trashing another open source vpn and not trusting the public to make their own educated choice. If someone use linux, they can code anyways.
using LOC as a measurement of safety is incredibly stupid, do better guys
Less lines of code also means that it's more easily exploitable.
I'm afraid this is incorrect
... this is misleading.
How so?