Proton VPN was launched in 2017 with a mission to help the Internet live up to its promise of freedom of information. To keep that mission alive, we are supporting the development of WireGuard, a new VPN protocol.
We are celebrating this holiday season by supporting organizations that align with our mission of providing online security and privacy to everyone. You can donate directly to WireGuard’s development (link below), or you can participate in the associated Proton Mail Lifetime account charity auction.
Learn more about this campaign
Millions of people rely on Proton VPN every day to keep their online activity secure and private. However, to maintain this level of security, we must continuously update and upgrade our software and protocols. We are committed to staying at the forefront of technological developments, and that’s why we are following WireGuard’s development closely. We feel that WireGuard, a new open-source VPN protocol, could be instrumental in building a better VPN.
What makes WireGuard® interesting?
WireGuard® is a next-generation secure tunneling protocol that has streamlined its code down to just a few thousand lines. This makes it much simpler than earlier VPN protocols, such as IPsec and OpenVPN. Fewer lines of code make the WireGuard protocol easier to deploy, easier to use, and easier to audit. This increased simplicity also means WireGuard has increased security, higher performance, and is very resource efficient.
This improved efficiency places less load on VPN servers, allowing for a server to theoretically reach a higher maximum speed. These reduced loads mean that a single server could support more users, and those individual users could achieve higher average speeds. In this regard, WireGuard compares favorably to OpenVPN, which maxes out at approximately 300 Mbps, even on faster connections. WireGuard can potentially overcome this “speed limit.”
Most importantly, WireGuard and its cryptography have been formally evaluated and verified by several research groups. Their findings have convinced us that WireGuard is secure enough to be considered for Proton VPN.
When will WireGuard come to Proton VPN?
We have already set up the first WireGuard Proton VPN servers for internal testing and experimentation, but it will be some time before we do a public deployment. As far as VPN protocols go, WireGuard is still very new. Bugs and other instabilities could still exist, and there are not many software libraries that support WireGuard. Support within mainline Linux distributions is also still in progress.
Today, Proton VPN provides native clients on Windows, macOS, Android, and iOS, and to fully support WireGuard, the protocol would need to mature on all those platforms. In short, there is quite a bit of work ahead (not all of it dependent on us) before WireGuard can reach the same level of compatibility as legacy protocols like OpenVPN and IKEv2, and be ready for deployment to millions of users.
However, the advantages of WireGuard are compelling, and for this reason, we are keen to support the development of the protocol, which is why this year, we have been raising money for the WireGuard developers. You can learn more about the WireGuard project and how we are supporting them here.
We look forward to supporting WireGuard just as we’re happy to support any open-source project that increases the public’s access to strong encryption. These projects bring us ever closer to our goal of a secure, private, and free Internet.
Best Regards,
The Proton VPN Team
Get a free Proton VPN account
Follow us on social media to stay up to date on the latest Proton VPN releases: Twitter | Facebook | Reddit
To get a free Proton Mail encrypted email account, visit: proton.me/mail
its bad enough there are no browser addons for proton, but the lack of wiregaurd action has forced me to renew elsewhere.
thanks for the memories.
From https://www.wireguard.com/known-limitations/
“WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard’s UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.”
Does that mean that ProtonMail will use obfuscation to implement TCP on wireguard, modify wireguard to add TCP, give up on wireguard, or does that depend on testing?
Hi Nathan,
You bring up a good point. The TCP transfer protocol is important because it is much harder to block. We are excited about WireGuard and its expected performance improvements, but we are still deciding how we will support it on our apps. So, to answer your question more directly, it will depend on what our tests show.
Hi folks,
I’ve seen your comments about the current state of affairs, and while I agree that an implementation for all devices/OSs is an unnecessarily large undertaking until there is greater support, it would be wonderful to see a few servers supporting the wireguard protocol for those of us who can make use of it in the meantime. I’m sure there are quite a number of security-minded Linux users (myself included) that would feel much more comfortable using wireguard and would really appreciate the support.
Hi,
I’m currently a ProtonMail “Plus” subscriber and plan on switching to the “Visionary” plan once you do implement WireGuard (At least for Linux & Android). Is there a mailing list or another way in which I can be notified upon WireGuard’s implementation in ProtonVPN?
Thanks!
Thanks for the reply. Your know that nordvpn is rolling it out on their platforms. I understand the udp thing, but it could be configurable. Hope you reconsider, thank you
Hi,
I am wondering if you provide any kind of beta program for wireguard protocol for linux client, that we can signup for?
Thank you for your helpful reply. I was wondering the same thing myself.
Now that Wireguard is part of the linux kernel in 5.6, can we expect any ProtonVPN releases for it?
Hello. So, as this post makes clear, we are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.
Now that WireGuard is officially in the linux kernel, and has finished a security audit, what is the current status of ProtonVPN supporting WireGuard?
https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/
Hello. So, as this post makes clear, we are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.
Hi ProtonVPN Team, first of all, thank you very much for your hard work, it’s really nice to see the Swiss company behind this great solution, since a few months having it Open Source, which is really great.
Are there any news about WireGuard? I say this because as you might know, Linux 5.6 is going to be released probably today, and one of its most interesting highlights are that WireGuard is going to be mainlined, so it should be easier for ProtonVPN to deploy it on your servers, although i suppose you’re not using a RR GNU/Linux distribution, so it might be a matter of months to have Linux 5.6 installed on your servers, it would depend on the distro you’re using.
Again, thank you very much for the hard work and efforts you’re doing.
Bests ^^.
Hi Alberto,
We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
Thanks
Is there a development for Linux too?
Yep! We have a Linux client: https://protonvpn.com/blog/linux-vpn-v2-release-notes/
Hello,
Considering Wireshark, will be supported starting from the next release (5.6+) in the mainline Linux Kernel, according to the Debian wiki: https://wiki.debian.org/Wireguard. Will you implement an option to enable Wireguard in Linux clients, running on non LTS Linux distros (Arch, Debian Testing and Unstable, Gentoo, …) soon? Do you have any plan for wireguard support in 2020?
Regards
Jorkano
Hi Jorkano,
We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.
Thanks
https://www.zdnet.com/article/vpns-will-change-forever-with-the-arrival-of-wireguard-into-linux/
Hi!
Please implement WireGuard ASAP, it is faster and more secure than OpenVPN.
I already have tested it successfully at BunkerVPN (a Swiss compatriot) and it worked perfectly!
Thanks
Hi Chris,
We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.
Thanks
Hello,
Any news?
https://arstechnica.com/gadgets/2020/01/linus-torvalds-pulled-wireguard-vpn-into-the-5-6-kernel-source-tree/
going be in kernel and still not implement yet!!
Hi,
We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.
We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.
Thanks
Hello ProtonVPN team, first I would like congratulate your great services. Incredible good your client supporting and running in any platform, amazing job!, but I would like use a protocol more secure, faster and lightweight that openVPN, when you will add WireGuard support? What do you think start implement in one platform first and then add others? (WireGuard already merged in Linux kernel 5.6)
Hi there, great ProtonVPN community!!
It’s become official that WireGuard will be making it mainline to Linux 5.6, so i’m wondering, (even more after read this cool article/post), how is the status of the adoption of WireGuard?
I just read today that WireGuard is only about 4000 lines of code, while OpenVPN is about 100,000 lines of code, a really huge difference.
I suppose the fact that Linux 5.6 will mainline this protocol, will be a help to make it easier to adopt.
I can’t wait to see how ProtonVPN (the best option in my opinion), migrates to WireGuard, improving the speed/performance, reducing the load on their systems and in our (clients) systems, making it better than with the actual legacy OpenVPN.
Since i created my ProtonMail account, about 3 weeks ago, i’m really excited about your efforts (i knowed you from just your creation, but i really didn’t want to pay for this service, i’m still with the free plan, though), but i really recommend you as a really private and security alternative to the biggest corporations, without a real obvious interest into the privacy for their users/customers.
Thank you very much for your hard work and great efforts.
Bests ^^.
Hi,
On next kernel release L.Torvalds will implement WireGuard
https://www.theregister.co.uk/2020/01/29/wireguard_vpn_will_be_in_linux_56_kernel/
What is the status for ProtonVPN team for this feature ?
Hi.
I am a bit dismayed at the lack of progress here. Proton’s slow pace to adopt Wireguard was already leaving me skeptical, the further lack of progress is confusing when other providers have been able to enable it. I’m just left wondering if you bet really wrongly and didn’t think WG was going to take off even though it was obvious, you didn’t see any point in investing even though the plan has been to mainline it in Linux for some time, or if somehow a year+ isn’t enough time to build the key management layer around WG you’d need? This is making me reconsider if I want to use Protonmail going forward as well, as I’m questioning things overall.
Are there any news about the progress of WireGuard implementation?
Hi Frank, at the moment no updates. We still plan to implement WireGuard, but it is not yet a stable protocol. In the meantime, we’re focusing on implementing the OpenVPN protocol in all our apps.
You guys are awesome, please keep kicking a$$ and polishing brass.
Howsabout some quad-hop tor+wireguard support out-of-the-box for holoports since they’re based on nixos?
I think Art Brock would love to work with you guys…
Hi,
It’s been quite some time since this announcement and still no WireGuard servers. I could understand the app taking some time, but I’m disappointed there’s not even a beta service I can use; WireGuard is simple for CLI clients to configure.
Paul
Hello,
I have been a protonmail customer since you first started. I am so grateful for your service and will soon add a VPN to my account. I thank you for all the hard work you do, and I have recommended you to several of my friends, family and they are now using protonmail.com
Thank
Yawanathan
Hello, thank you for recommending our services! Your support is much appreciated. :)
It’s excellent to know you’re moving (eventually) to wireguard. It has some excellent benefits for security and speed and as any VPN user will attest, peppier response is always appreciated. Thanks for working tirelessly to improve your offerings for your users; very well done.
Great that you’re intending to supporting wireguard – I think I sent a suggestion a few months ago regarding its usage in ProtonVPN. Makes me more likely to renew – I find wireguard on my lower-powered devices signficantly quicker and more power-efficient.
Keep up the good work!
Anon
Great initiative and donated!
I’ve been watching the development of wireguard for a while already but would be a nice addition to ProtonVPN.