WireGuard® is a new VPN protocol used to secure the connection between your device and a VPN server. 

Learn more about how VPNs work

WireGuard uses state-of-the-art cryptography to keep your connection secure and is extremely lightweight. This makes it faster than traditional VPN protocols such as OpenVPN and IKEv2, especially on lower-end hardware.

Originally developed for Linux, WireGuard was officially integrated into the Linux kernel (versions 5.6+) in March 2020, marking it as a secure, stable, and fast VPN protocol suitable for daily use. The main benefits of WireGuard are:

  • Fast
  • Instant connection
  • Lightweight

Proton VPN now supports WireGuard on the following platforms:

  • Windows 
  • macOS
  • Android
  • iOS/iPadOS 

Learn how to change VPN protocols or select Smart Protocol

It is also possible to manually configure WireGuard for Proton VPN using third-party software (such as the official WireGuard client). 

Secure

Although relatively new, WireGuard uses proven state-of-the-art cryptographic primitives to secure your VPN connection. 

Private

Proton VPN’s implementation of the protocol uses double NAT to dynamically provision sessions. This means when your app connects to one of our VPN servers via WireGuard, the first NAT will rewrite the 10.2.0.2 IP address to a random but unique internal IP address that is assigned to your session. 

From this point on, WireGuard works like any other VPN: The second NAT rewrites your session IP address again to the VPN server’s public IP address before it connects to your desired website.

Diagram explaining WireGuard double-NAT

This ensures the same level of privacy when using WireGuard as when using OpenVPN or IKEv2. We do not store your IP address and our strict no-logs policy, which independent security experts have verified, fully applies.

Learn more about how Proton VPN protects your privacy with WireGuard

Fast

Unlike the AES encryption usually used by OpenVPN, which often has hardware support built into processors, WireGuard currently enjoys no hardware support. Despite this, WireGuard’s performance is comparable(new window) to hardware-accelerated AES(new window) (AES-NI) thanks to its greatly improved efficiency.

As with all VPN protocols supported by Proton VPN, WireGuard fully benefits from our unique VPN Accelerator(new window) technology that can dramatically improve connection speeds over long distances or when there is high packet loss. 

Efficient

Low CPU usage translates into better battery life for users running our apps on mobile devices and laptops. 

Instant VPN connection

On Android and iOS devices, WireGuard takes less than one second to establish a VPN connection. 

Open source and audited

WireGuard is open-source software(new window) that anyone can inspect to ensure it’s secure. Indeed, the fact it consists of under 4,000 lines of code (compared to over 300,000 for OpenVPN) makes it very easy to audit. 

WireGuard has undergone various formal verifications, and to be incorporated in the Linux kernel, the WireGuard Linux codebase was independently audited(new window) by a third party.

Unlike some of our competition, our open-source implementation of WireGuard is 100% compatible with the official version. 

Get Proton VPN

WireGuard TCP and Stealth

WireGuard usually runs over a specific UDP port only, which makes it easy for governments to block. UDP and TCP are the two main transmission protocols that handle how data is sent across the internet. UDP is faster, while TCP is more reliable, but the main advantage of TCP over UDP is that it can evade government censorship by running over TCP port 443, which is the port used by HTTPS(new window).

Learn more about the difference between UDP and TCP

However, we developed custom implementations of WireGuard that overcome this limitation. WireGuard TCP offers similar anti-censorship benefits to OpenVPN TCP — it allows WireGuard to run over the same port as HTTPS, making it difficult to simply block without also blocking most websites. 

Deep packet inspection techniques, though, can easily spot the difference between HTTPS and VPN packets. 

Stealth is our custom WireGuard-based VPN protocol that uses several technologies to make it much harder to detect and block, including running over an obfuscated TLS tunnel over TCP.

Learn more about Stealth

WireGuard vs. OpenVPN

OpenVPN is the battle-tested veteran of VPN protocols, and while still secure, it’s beginning to show its age. WireGuard offers similar security while being much faster, more lightweight, and more efficient than OpenVPN. 

OpenVPN still offers strong anti-censorship capabilities thanks to  its ability to run over TCP. However, as we mentioned earlier, we have not only  applied this same flexibility to our implementation of WireGuard, we’ve greatly improved upon it with our custom Stealth protocol.

Learn more about OpenVPN

Please note that “WireGuard” and the WireGuard logo are registered trademarks of Jason A. Donenfeld.

Frequently asked questions

Does WireGuard support cost extra?

No. WireGuard is available for free to all members of the Proton VPN community in our Windows, macOS, Android, and iOS/iPadOS apps.

Are all features available with WireGuard?

Yes. WireGuard is fully integrated into our apps and can be used with all features supported by them. This includes Secure Core, NetShield Ad-blocker, DNS leak protection, IPv6 leak protection, kill switch, permanent kill switch (Windows), alternative routing(new window), and VPN Accelerator

How do I use WireGuard?

WireGuard support is also fully integrated into our Smart Protocol feature, which automatically switches your VPN connection to the best VPN protocol for your situation. Smart Protocol is enabled by default, so you don’t need to do anything to automatically use the best protocol (including WireGuard) for your needs.

You can also manually select WireGuard if you prefer. 

Learn how to change VPN protocols or select Smart Protocol

What Proton VPN platforms is WireGuard available on?

WireGuard is available on the following Proton VPN apps:

  • Windows (UDP)
  • macOS (UDP, TCP, Stealth)
  • Android (UDP, TCP, Stealth)
  • Android TV (UDP via Smart Protocol)
  • iOS and iPadOS (UDP, TCP, Stealth)
  • Chrome OS (UDP, TCP, Stealth, via the Android app)

Protect your privacy and security online
Get Proton VPN free

Related articles

How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr
What is AirTag stalking?
In an era of “smart devices” that often double as spy devices, AirTags are tracking tools that are open about their function and can be vital in helping locate lost items (as anyone who has lost their car keys can attest to). However, as a recent cla
How to fix a "Your connection is not safe" error
As you surf the web using your browser, you’ll no doubt encounter websites that your browser will refuse to load, instead showing some variation of an error message, such as Your connection is not private or Warning: Potential Security Risk Ahead. 
Your search history is a window into your inner life. Anyone with access to it knows what your hobbies and interests are, your sexual orientation and preferences, the things that worry you (for example your medical concerns), your political affiliati
how to flush dns blog
  • Privacy deep dives
A DNS cache is a record of all the websites you’ve visited over a set amount of time. Simply put, your DNS cache is a list of websites you visited in the past that’s stored on your device. Your computer uses it to speed up visits to those same websit
Is Temu legit?
  • Privacy basics
Temu has become an unavoidable brand. Unknown to most up to a year ago, the online retailer exploded onto the digital scene in the United States with lavish ads and a riveting social media campaign, and has started its takeover in Europe now, too. As