WireGuard is the Future

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache.

WireGuard Official Website

Skylaski VPN has chosen WireGuard as the priority VPN protocol we support. We believe that this technology has redefined the landscape of what’s possible in secure communications across the internet.

Compared to other VPN technologies that require a lot of resources or perform at sub-optimal speeds for today’s bandwidth intensive internet, WireGuard is seamless and almost completely transparent to the end-user.

In the whitepaper written by Jason A. Donenfeld, he states:

WireGuard is a secure network tunnel, operating at layer 3, implemented as a kernel virtual networkinterface for Linux, which aims to replace both IPsec for most use cases, as well as popular user space and/orTLS-based solutions like OpenVPN, while being more secure, more performant, and easier to use.

WireGuard: Next Generation Kernel Network Tunnel

Skylaski VPN believes WireGuard has more than lived up to it’s goals and is prepared to become the default VPN protocol in terms of availability in the near future. We believe this for 3 main reasons:

Performance

WireGuard consistently outperforms current widely accepted and available VPN technologies on the market today. In the whitepaper, Jason demonstrates that when considering a 30 minute average WireGuard regularly outperformed the competition.

For both metrics, WireGuard outperformed OpenVPN and both modes of IPsec. The CPU was at 100%utilization during the throughput tests of OpenVPN and IPsec, but was not completely utilized for the test ofWireGuard, suggesting that WireGuard was able to completely saturate the gigabit Ethernet link.

Jason A. Donenfeld – WireGuard: Next Generation Kernel Network Tunnel

Modern Encryption Technology

WireGuard leverages the ChaCha20Poly1305 cipher suite which is not only immune to cache-timing attacks current industry standards like AES are vulnerable to, but is poised to outperform AES-NI implementations as the instruction vector widens in hardware chipsets being developed today.

The ChaCha20Poly1305 cipher suite has been adopted by Google Inc in it’s TLS 1.3 implementation. This means that all Google Chrome web browsers will prefer this cipher suite when connecting to secure websites that support it.

On the other end of the Internet, ChaCha20Poly1305 is now being supported by some of the largest CDNs (Content Delivery Networks) like CloudFlare. This means that the majority of websites users visit are adopting the latest encryption technology in web communications.

Future Proof

WireGuard has been praised all over the globe for it’s simplicity and efficiency.

In 2020 WireGuard was included in the latest releases of the Linux Kernel which is used in embedded systems around the globe. This has set WireGuard up to become the de-facto protocol of choice for secure communications in the near future.

Alongside the official Linux Kernel, Google’s Android Kernel now includes WireGuard as well. This means that in the future, all consumer Android phones will be WireGuard capable as well.

Privacy Concerns

Even with all these advantages, the community has expressed some concerns regarding WireGuard’s ability to maintain a user’s anonymity while one.

When operating in this space, criticism and critique are to be expected. One cannot provide an absolutely perfect service or protocol to satisfy everyone, but one article by RestorePrivacy.com calling out 2 potential issues with WireGuard & Privacy has become fairly popular.

1: WireGuard stores user IP addresses on the VPN server indefinitely

This issue refers to how WireGuard tracks peers on it’s network. When a client connects to a WireGuard server, their original source IP Address is listed in RAM and kept there until removed. This allows WireGuard to maintain a state-less protocol which is to it’s advantage, however because the connection is stateless, WireGuard has no idea when the client has decided to remain ‘disconnected’ and clear the original IP address from memory. Keep in mind, that Skylaski VPN does not log any of our users traffic or store any identifying information to a hard disk for anyone to recover after a server is shutdown. This information is maintained in RAM or Memory and would only be accessible to someone who has maliciously gained access to our servers. Not only is WireGuard vulnerable to such an attack, but other more stateful VPN protocols are as well. WireGuard is not unique in this situation.

Nonetheless, Skylaski VPN mitigates this potential by re-peering any client that has not performed a handshake with our servers in the last 3 minutes. After being re-peered, a client’s IP address is cleared from Memory and will not reappear until the client reconnects. This prevents information on disconnected clients from being potentially leaked in the case our servers are compromised.

Two: WireGuard does not assign dynamic IP addresses

In order for WireGuard to function, peers need to be ‘statically’ assigned an IP address from it’s perspective. This information is usually stored on the filesystem or in a database to allow a client to re-connect whenever they’d like even after a server is rebooted.

As a real issue to user privacy Skylaski VPN would call this a ‘stretch’. The IP Addresses assigned to user clients are generally Private IP Addresses which alone are not identifying at all. The concern from the community arises in the situation where a user has malicious code installed on their machine that could correlate the IP Address with other data points to generate an identity. Either that, or the website a user visits can derive a user’s Private IP Address when the browser is susceptible to what’s called a WebRTC Leak.

Skylaski VPN’s opinion is that if a user has malicious code installed on their machine, their identity is already compromised. Also, the latest versions of the most popular browsers have already addressed the issue identified with WebRTC Leaks. There isn’t a VPN service on the planet that can protect your identity if your system is already compromised, or if your sending identifying data to whomever your connecting to.

That being said, Skylaski VPN mitigates this issue as much as possible by dynamically assigning IP addresses to clients when they generate their key for connecting to our servers. If this key is compromised, Skylaski VPN will allow a client to re-generate this key which grants them a new Private IP Address on our network.

Conclusion

WireGuard is a state of the art protocol for securing internet communications at a level of speed, efficiency, and security that changes the game in what’s possible today.

We hope you take a chance to read up on this amazing technology and try it for yourself here at Skylaski VPN.