NordVPN is one of the best VPN providers in the industry at the moment. It’s known for its fast and secure service. Like most VPN services, NordVPN has been using the OpenVPN protocol to deliver its services. This is mainly because the OpenVPN protocol has been the industry standard since the early 2000s.
Enter WireGuard! A new, faster VPN protocol that uses cutting edge cryptography with a lightweight architecture. WireGuard is said to be a faster alternative to the OpenVPN standard.
The people at NordVPN have integrated WireGuard into their VPN service, and they are calling it NordLynx.
NordLynx has been available on Linux since July of 2019. Last month (April 22) NordVPN finally rolled out NordLynx for its Windows, Mac, Android, and iOS client-software applications.
WireGuard – A Faster VPN Protocol
WireGuard is a relatively new VPN protocol that promises faster internet speeds. Even though WireGuard is a new protocol, it has quickly gained many people’s attention and is well-known in the VPN industry.
Jason Donenfeld, the developer of WireGuard, wanted to upgrade the outdated VPN protocols – OpenVPN and IPSec.
The WireGuard Protocol is significantly faster than the OpenVPN protocol. To give you an example, the OpenVPN protocol has about 400,000 lines of code, while the WireGuard protocol only has about 4,000 lines of code. Having fewer lines of code makes it easier to audit. This makes it significantly faster and makes it easier to find and patch up bugs. A single person could read through WireGuard’s code in a few hours. Having fewer lines of code can also mean a much smaller attack surface.
According to WireGuard’s official website: WireGuard is made up of a combination of extremely high-speed cryptographic primitives. Because WireGuard is integrated into the Linux kernel, secure networking can be very high-speed. WireGuard works well with small embedded devices like smartphones.
Privacy Issues with WireGuard (Static IP)
WireGuard has a lot going for it. A modern, faster VPN protocol that utilizes state-of-the-art cryptography. But WireGuard is far from perfection. And when it comes to keeping its users anonymous, it lacks behind OpenVPN.
Normally when your device connects to a server, the server assigns your device an IP address for the session’s duration. The next time your device connects to that server, it would be assigned a different IP address. This essentially makes it difficult to track your device and ensures privacy.
This is known as the Dynamic Host Configuration Protocol (DHCP) which assigns a dynamic IP address to your device. Unfortunately, WireGuard cannot Dynamically assign IP addresses. For WireGuard to work properly, it needs to assign a static IP address to every device on the network which would be linked to its encryption key.
Although this helps cut down the processing time and reduces the code’s complexity, having a static IP address means every time your device connects to a server, it will assign to your device the same IP address. The server must store a local static IP address.
In Simple English, the server stores the user’s identity and links it to a local static IP address, which the VPN assigns. This can make your devices trackable
This is the biggest flaw in the WireGuard Protocol, and it was the biggest challenge NordVPN had to face while integrating WireGuard into their service.
Fortunately, NordVPN was able to overcome this flaw in NordLynx.
NordLynx – Secure and Fast VPN based on the WireGuard Protocol
NordVPN had a challenge on their hands. They couldn’t use WireGuard as is for NordLynx, because that would have compromised on privacy. What would a VPN service be without proper privacy? No one wants that! NordVPN wanted to bring the benefits of WireGuard to its users, without sacrificing any privacy.
After some thought and effort, they developed something called a Double NAT (Network Address Translation) System. It hides all the internal IP addresses behind a single public IP address. It works like most routers. A router assigns many internal IP addresses but it uses NAT to show one public IP address to the outside.
According to NordVPN, the Double NAT system in NordLynx essentially creates two Local Network Interfaces for each user. The first interface assigns a local IP address to all users connected to the server. Unlike WireGuard, in NordLynx each user gets the same IP address.
Suggested Read: How to remain anonymous on the internet?
After establishing a VPN tunnel, the second NAT interface assigns every tunnel with a dynamic IP address. This makes it possible for internet packages to travel without getting mixed up. Dynamic IP addresses make sure that the IP address changes with every session.
The Double NAT system allows NordLynx to provide a secure, fast, and reliable VPN connection to all its users, without storing any trackable data on a server.
NordVPN says that when the distance between a VPN server and a content server is a few thousand Kilometers, the download and upload speeds can get up to two times faster with NordLynx compared to OpenVPN and IKEv2.
NordVPN has now included NordLynx based on WireGuard as one of its selectable VPN protocols. Although for now, the default protocol is still OpenVPN. That may change in the future, depending on how well NordLynx does, compared to OpenVPN. But You can manually select NordLynx in the app settings.
NordLynx is the fastest VPN protocol at NordVPN’s disposal. Even though WireGuard has some serious privacy issues, NordVPN’s implementation of NordLynx gets rid of most, if not all of those issues. With the help of the Double NAT system, NordLynx is a fast, reliable, and secure VPN protocol, that ensures that its users remain anonymous online.