Easier to audit
OpenVPN would take a large team many days to audit. WireGuard is reviewable by single individuals
 
            Standard VPN protocols such as OpenVPN or IPSec have a slow and complex handshake process. This is mainly because of so many configuration options that both client and server have to agree on. WireGuard relies on crypto versioning. If a devastating cryptographic attack against one of WireGuard's underlying primitives is discovered, a new WireGuard protocol will be devised as a total package.
After such an update, a WireGuard client and WireGuard server would simply need to say "let's use v2.0 instead of v1.0!" and be off to the races. (This is in contrast to a crypto agile negotiation, in which client and server must negotiate and agree on every single primitive and key length, piece by piece.) Once an admin is certain all of their clients have been updated to support the new protocol, they could simply disable the 1.0 protocol at the server and be done with it.
ChaCha20 for symmetric encryption, authenticated with Poly1305
using RFC7539's AEAD construction
Curve25519 for ECDH
BLAKE2s for hashing and keyed hashing, described in RFC7693
SipHash24 for hashtable keys
HKDF for key derivation, as described in RFC5869
WireGuard is specifically designed to cater to roaming scenarios. The connection remains persistent whether your device transitions between different networks, such as switching from WiFi to a mobile or cellular network. This is made possible by the client sending properly authenticated data to the WireGuard VPN server, ensuring the server maintains the connection.
With WireGuard, you can enjoy uninterrupted VPN connectivity, eliminating the risk of being disconnected from the VPN during network transitions. By prioritizing seamless roaming, WireGuard provides a reliable and consistent VPN experience, allowing you to stay connected securely and continuously.
 
            WireGuard has been designed with ease-of-implementation and simplicity in mind. Its current codebase is under 4,000 lines of code. Compared to its alternative predecessors like Swan/IPsec (400,000+ lines) or OpenVPN/OpenSSL (600,000+ lines), in which auditing the gigantic codebases is an overwhelming task even for large teams of security experts, Wireguard supercedes all of them.
OpenVPN would take a large team many days to audit. WireGuard is reviewable by single individuals
Easier audit = easier to find vulnerabilities, which helps keep WireGuard secure
Much smaller attack surface in comparison to OpenVPN and IPSec
Cleaner code always makes better performing programs. Wireguard is fast and reliable
Enter your e-mail and password and click on log-in button
Choose from hundreds of servers and connect with one click
Don't believe us it's that easy? Check out our video showing in detail how to surf on-line protected with Astrill's Wireguard technology in a matter of seconds