Supporting WireGuard development

Posted on December 19th, 2018 by in Articles & News.

protonvpn wireguard support

 

Proton VPN was launched in 2017 with a mission to help the Internet live up to its promise of freedom of information. To keep that mission alive, we are supporting the development of WireGuard, a new VPN protocol.

We are celebrating this holiday season by supporting organizations that align with our mission of providing online security and privacy to everyone. You can donate directly to WireGuard’s development (link below), or you can participate in the associated Proton Mail Lifetime account charity auction.

Learn more about this campaign

Millions of people rely on Proton VPN every day to keep their online activity secure and private. However, to maintain this level of security, we must continuously update and upgrade our software and protocols. We are committed to staying at the forefront of technological developments, and that’s why we are following WireGuard’s development closely. We feel that WireGuard, a new open-source VPN protocol, could be instrumental in building a better VPN.

What makes WireGuard® interesting?

WireGuard® is a next-generation secure tunneling protocol that has streamlined its code down to just a few thousand lines. This makes it much simpler than earlier VPN protocols, such as IPsec and OpenVPN. Fewer lines of code make the WireGuard protocol easier to deploy, easier to use, and easier to audit. This increased simplicity also means WireGuard has increased security, higher performance, and is very resource efficient.

This improved efficiency places less load on VPN servers, allowing for a server to theoretically reach a higher maximum speed. These reduced loads mean that a single server could support more users, and those individual users could achieve higher average speeds. In this regard, WireGuard compares favorably to OpenVPN, which maxes out at approximately 300 Mbps, even on faster connections. WireGuard can potentially overcome this “speed limit.”

Most importantly, WireGuard and its cryptography have been formally evaluated and verified by several research groups. Their findings have convinced us that WireGuard is secure enough to be considered for Proton VPN.

When will WireGuard come to Proton VPN?

We have already set up the first WireGuard Proton VPN servers for internal testing and experimentation, but it will be some time before we do a public deployment. As far as VPN protocols go, WireGuard is still very new. Bugs and other instabilities could still exist, and there are not many software libraries that support WireGuard. Support within mainline Linux distributions is also still in progress.

Today, Proton VPN provides native clients on Windows, macOS, Android, and iOS, and to fully support WireGuard, the protocol would need to mature on all those platforms. In short, there is quite a bit of work ahead (not all of it dependent on us) before WireGuard can reach the same level of compatibility as legacy protocols like OpenVPN and IKEv2, and be ready for deployment to millions of users.

However, the advantages of WireGuard are compelling, and for this reason, we are keen to support the development of the protocol, which is why this year, we have been raising money for the WireGuard developers. You can learn more about the WireGuard project and how we are supporting them here.

We look forward to supporting WireGuard just as we’re happy to support any open-source project that increases the public’s access to strong encryption. These projects bring us ever closer to our goal of a secure, private, and free Internet.

Best Regards,
The Proton VPN Team

Get a free Proton VPN account

Follow us on social media to stay up to date on the latest Proton VPN releases:  Twitter Facebook | Reddit

To get a free Proton Mail encrypted email account, visit: proton.me/mail

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

36 comments

  1. Toby Klukoch

    its bad enough there are no browser addons for proton, but the lack of wiregaurd action has forced me to renew elsewhere.
    thanks for the memories.

  2. Nathan

    From https://www.wireguard.com/known-limitations/
    “WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard’s UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.”
    Does that mean that ProtonMail will use obfuscation to implement TCP on wireguard, modify wireguard to add TCP, give up on wireguard, or does that depend on testing?

  3. Richie Koch

    Hi Nathan,
    You bring up a good point. The TCP transfer protocol is important because it is much harder to block. We are excited about WireGuard and its expected performance improvements, but we are still deciding how we will support it on our apps. So, to answer your question more directly, it will depend on what our tests show.

  4. User

    Hi folks,

    I’ve seen your comments about the current state of affairs, and while I agree that an implementation for all devices/OSs is an unnecessarily large undertaking until there is greater support, it would be wonderful to see a few servers supporting the wireguard protocol for those of us who can make use of it in the meantime. I’m sure there are quite a number of security-minded Linux users (myself included) that would feel much more comfortable using wireguard and would really appreciate the support.

  5. Jack

    Hi,
    I’m currently a ProtonMail “Plus” subscriber and plan on switching to the “Visionary” plan once you do implement WireGuard (At least for Linux & Android). Is there a mailing list or another way in which I can be notified upon WireGuard’s implementation in ProtonVPN?

    Thanks!

  6. Gee

    Thanks for the reply. Your know that nordvpn is rolling it out on their platforms. I understand the udp thing, but it could be configurable. Hope you reconsider, thank you

  7. Marko B

    Hi,
    I am wondering if you provide any kind of beta program for wireguard protocol for linux client, that we can signup for?

  8. Rudy

    Thank you for your helpful reply. I was wondering the same thing myself.

  9. M C

    Now that Wireguard is part of the linux kernel in 5.6, can we expect any ProtonVPN releases for it?

  10. Richie Koch

    Hello. So, as this post makes clear, we are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.

  11. Anon

    Now that WireGuard is officially in the linux kernel, and has finished a security audit, what is the current status of ProtonVPN supporting WireGuard?
    https://arstechnica.com/gadgets/2020/03/wireguard-vpn-makes-it-to-1-0-0-and-into-the-next-linux-kernel/

  12. Richie Koch

    Hello. So, as this post makes clear, we are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.

  13. Alberto Díaz López

    Hi ProtonVPN Team, first of all, thank you very much for your hard work, it’s really nice to see the Swiss company behind this great solution, since a few months having it Open Source, which is really great.
    Are there any news about WireGuard? I say this because as you might know, Linux 5.6 is going to be released probably today, and one of its most interesting highlights are that WireGuard is going to be mainlined, so it should be easier for ProtonVPN to deploy it on your servers, although i suppose you’re not using a RR GNU/Linux distribution, so it might be a matter of months to have Linux 5.6 installed on your servers, it would depend on the distro you’re using.
    Again, thank you very much for the hard work and efforts you’re doing.
    Bests ^^.

  14. Roxana Zega

    Hi Alberto,

    We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    Thanks

  15. Sascha

    Is there a development for Linux too?

  16. Ben Wolford
  17. Jorkano Faln

    Hello,
    Considering Wireshark, will be supported starting from the next release (5.6+) in the mainline Linux Kernel, according to the Debian wiki: https://wiki.debian.org/Wireguard. Will you implement an option to enable Wireguard in Linux clients, running on non LTS Linux distros (Arch, Debian Testing and Unstable, Gentoo, …) soon? Do you have any plan for wireguard support in 2020?
    Regards
    Jorkano

  18. Roxana Zega

    Hi Jorkano,

    We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.

    Thanks

  19. chris

    Hi!
    Please implement WireGuard ASAP, it is faster and more secure than OpenVPN.
    I already have tested it successfully at BunkerVPN (a Swiss compatriot) and it worked perfectly!
    Thanks

  20. Roxana Zega

    Hi Chris,

    We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.

    Thanks

  21. Zero
  22. Roxana Zega

    Hi,

    We are strong supporters of WireGuard, and we are eagerly awaiting the date when it will be ready for wide deployment.
    Unfortunately, given the current state of software support, it would require a lot of effort to make WireGuard available on all our apps (instead of just offering limited support on Linux). For this reason, and because Wireguard is currently UDP-only and therefore easy for censors to block, it hasn’t been a top priority for us.

    We may come back to this in the second half of this year. However, we are prioritizing TCP-based solutions to better bypass state censorship systems.

    Thanks

  23. Souza C.

    Hello ProtonVPN team, first I would like congratulate your great services. Incredible good your client supporting and running in any platform, amazing job!, but I would like use a protocol more secure, faster and lightweight that openVPN, when you will add WireGuard support? What do you think start implement in one platform first and then add others? (WireGuard already merged in Linux kernel 5.6)

  24. Alberto Díaz López

    Hi there, great ProtonVPN community!!

    It’s become official that WireGuard will be making it mainline to Linux 5.6, so i’m wondering, (even more after read this cool article/post), how is the status of the adoption of WireGuard?
    I just read today that WireGuard is only about 4000 lines of code, while OpenVPN is about 100,000 lines of code, a really huge difference.

    I suppose the fact that Linux 5.6 will mainline this protocol, will be a help to make it easier to adopt.

    I can’t wait to see how ProtonVPN (the best option in my opinion), migrates to WireGuard, improving the speed/performance, reducing the load on their systems and in our (clients) systems, making it better than with the actual legacy OpenVPN.

    Since i created my ProtonMail account, about 3 weeks ago, i’m really excited about your efforts (i knowed you from just your creation, but i really didn’t want to pay for this service, i’m still with the free plan, though), but i really recommend you as a really private and security alternative to the biggest corporations, without a real obvious interest into the privacy for their users/customers.

    Thank you very much for your hard work and great efforts.

    Bests ^^.

  25. deepdot

    Hi,
    On next kernel release L.Torvalds will implement WireGuard
    https://www.theregister.co.uk/2020/01/29/wireguard_vpn_will_be_in_linux_56_kernel/
    What is the status for ProtonVPN team for this feature ?

  26. Would-Be User

    Hi.
    I am a bit dismayed at the lack of progress here. Proton’s slow pace to adopt Wireguard was already leaving me skeptical, the further lack of progress is confusing when other providers have been able to enable it. I’m just left wondering if you bet really wrongly and didn’t think WG was going to take off even though it was obvious, you didn’t see any point in investing even though the plan has been to mainline it in Linux for some time, or if somehow a year+ isn’t enough time to build the key management layer around WG you’d need? This is making me reconsider if I want to use Protonmail going forward as well, as I’m questioning things overall.

  27. frank

    Are there any news about the progress of WireGuard implementation?

  28. Ben Wolford

    Hi Frank, at the moment no updates. We still plan to implement WireGuard, but it is not yet a stable protocol. In the meantime, we’re focusing on implementing the OpenVPN protocol in all our apps.

  29. Space Monkey

    You guys are awesome, please keep kicking a$$ and polishing brass.
    Howsabout some quad-hop tor+wireguard support out-of-the-box for holoports since they’re based on nixos?
    I think Art Brock would love to work with you guys…

  30. Paul Swanson

    Hi,
    It’s been quite some time since this announcement and still no WireGuard servers. I could understand the app taking some time, but I’m disappointed there’s not even a beta service I can use; WireGuard is simple for CLI clients to configure.
    Paul

  31. Yawanathan Israel

    Hello,
    I have been a protonmail customer since you first started. I am so grateful for your service and will soon add a VPN to my account. I thank you for all the hard work you do, and I have recommended you to several of my friends, family and they are now using protonmail.com

    Thank
    Yawanathan

  32. ProtonVPN Admin

    Hello, thank you for recommending our services! Your support is much appreciated. :)

  33. Peter B.

    It’s excellent to know you’re moving (eventually) to wireguard. It has some excellent benefits for security and speed and as any VPN user will attest, peppier response is always appreciated. Thanks for working tirelessly to improve your offerings for your users; very well done.

  34. ProtonVPN User Anon

    Great that you’re intending to supporting wireguard – I think I sent a suggestion a few months ago regarding its usage in ProtonVPN. Makes me more likely to renew – I find wireguard on my lower-powered devices signficantly quicker and more power-efficient.
    Keep up the good work!
    Anon

  35. Gert Jan

    Great initiative and donated!
    I’ve been watching the development of wireguard for a while already but would be a nice addition to ProtonVPN.

Comments are closed.

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN