Support Wireguard VPN Protocol
Various other VPN providers are now supporting Wireguard. Would you consider this? (It's 10 times faster than OpenVPN on the same CPU.)
https://www.mullvad.net/en/blog/2017/9/27/wireguard-future/
https://www.mullvad.net/en/blog/2017/12/8/introducing-post-quantum-vpn-mullvads-strategy-future-problem/
-
KS commented
Proton admins,please observe and remove comments about spa treatment,etc. spams
-
Aaron commented
https://protonvpn.com/secure-vpn/wireguard :
"Now available for Android, iOS, macOS, and Windows."
So it looks like Linux support is still missing. -
rkzwei commented
wireguard is out on windows, now I just need it on linux (which the kernel windows uses is based on)
-
Anonymous commented
Read through the comments here now. Another clarification on the lines-of-code statements. Most of them are quite inaccurate.
Yes, OpenVPN code base is larger ... because it provides at lot more features. Like --tls-auth, --tls-crypt and --tls-crypt-v2 (basically encrypting the TLS traffic), lots of more authentication possibilities, management interfaces ... most of them depends on a control channel which is multiplexed into the OpenVPN protocol. Simply said, the control channel contains configuration and authentication data and key exchange for the data channel. The data channel contains the encrypted (tunnelled) network traffic.
In addition, the OpenVPN code also includes everything needed to configure the tunnel interface, VPN IP addresses and setting up network routing.
Those 4k of WireGuard code is essentially just the peer-to-peer data-channel only code. If you extract a similar feature set from OpenVPN's code base, it would not be that many lines of code. The data channel aspect of a VPN is not that complicated to achieve.
Or to flip it around, if you include the WireGuard code needed to configure a WireGuard device (the wireguard-tools code), the WireGuard code quickly grows with 10k lines of code.
If you run a sloccount [1] of OpenVPN 2.5, you get closer to 80k lines of code, which is also quite a step down from the claimed 120k lines of code.
My point is: Comparing code complexity between OpenVPN and WireGuard purely on the number of code lines, is comparing appels and oranges.
-
Anonymous commented
Just to clarify, Wireguard isn't necessarily 10 times faster than OpenVPN.
https://community.openvpn.net/openvpn/wiki/PerformanceTestingOpenVPN
In addition, OpenVPN 2.5 comes with Poly-ChaCha crypto support as well, which can benefit hardware without AES-NI support in the CPU. Oh, and Linux can usually perform a bit better than Windows - even with Wintun.
-
MusicMan commented
Looking forward to wireguard once it's ready for primetime (later this year)!
-
Jeremy L Gaither commented
It's getting merged into the Linux kernel, and work is underway for *BSD too.
https://www.theregister.co.uk/2020/01/29/wireguard_vpn_will_be_in_linux_56_kernel/
But I think even IPSec is faster than openvpn...
-
Eelviny commented
As many people have mentioned, WireGuard is not quite validated and ready for primetime. Having said that, it would be awesome if ProtonVPN could make an open beta so everyone's aware that it's not perfect, but can be used at their own risk.
-
Joshua Glenn commented
Please do this Proton!
-
Sakis commented
Although WireGuard seems amazing you should not trust it for some reasons.First,it is still under heavy development and not yet audited.Check https://www.wireguard.com/#work-in-progress.
Second,it is criticised by many for its inability to be used without keeping logs.So that really affects your privacy.WG's default behavior is to have endpoint and allowed-ip visible in the server interface.AirVPN had a lot of discussions over their privacy.These are some facts the said on their forums
Wireguard lacks dynamic IP address management. The client needs to be assigned in advance a pre-defined VPN IP address uniquely linked to its key on each VPN server. The impact on the anonymity layer is catastrophic;
Wireguard client does not verify the server identity (a feature so essential that it will be surely implemented when Wireguard will be no more an experimental sofware); the impact on security caused by this flaw is very high;
TCP support is missing (third party or anyway additional code is required to use TCP as the tunneling protocol, as you suggest, and that’s a horrible regression when compared to OpenVPN);
there is no support to connect Wireguard to a VPN server over some proxy with a variety of authentication methods.
It also doesnt support TCP, doesn't assign dynamic VPN IPs, and (at least currently) lacks a strictly necessary security feature (verification of the CA certificate provided by the server, therefore the client can’t be sure that on the other side some hostile entity is not impersonating a VPN server).Hopefully this issue will be fixed in the stable release.
Lots of VPN providers wrongly support it and lots warn against it.Also WG needs its own infastracture and it is not compatible with existing operations.
So i am sticking to the nice audited OpenVPN.Once WG fixes its flaws,finishes its development and gets audited then i will use it. -
MusicMan commented
WireGuard is an absolute necessity when seeking the best protection/ privacy. It is now proven and being/already adopted by other top competitors.
-
Anonymous commented
Had to cancel my subscription for now, as ProtonVPN does not offer WireGuard. I'll look out for a Black Friday deal at AzireVPN. Otherwise, I'll have a look at Mullvad (I know they don't do deals, but they cost 5 EUR/month flat).
-
Somebody commented
This is the future of VPNs (and Cloudlfare already use it for their Warp service).
-
Anonymous commented
I currently use wireguard and am a paying member of your service. With that said, It is a pain in the @$$ to keep flip flopping between the two and would love to see it integrated into one app, or integrated into a "PM Bridge" like feature
-
Jayan commented
Best Wishes. I will use once adopted
-
Christopher Goss commented
Your competitors are rolling this out as we speak (Mid 2019).
Extractum digitorum... -
Neutron commented
I'd also love to test Wireguard with ProtonVPN
-
Mgtow commented
For those want to try out wireguard, Tun Safe is providing it for free. it available for iOS and Android too.
They do ask for a donation to cover costs.
-
J Burrett commented
I found wireguard transformational on my (not rooted) Andoid phone. I enjoyed a rock solid connection despite frequent flips between wifi and mobile internet and speeds such that I ceased to notice I was using a VPN.
I accept that Wireguard is not yet fully "tried and tested", but I am confident that it meets the needs of my threat model, and I would imagine that of many other "ordinary" users.
-
Kelly commented
I second this!! Wholeheartedly!!