What is WireGuard®?
WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.
Linus Torvalds had this to say about WireGuard:
Can I just once again state my love for it and hope it gets merged soon?
Maybe the code isn't perfect, but I've skimmed it, and compared to the horrors that are OpenVPN and IPSec, it's a work of art.
Information about the inner-workings of WireGuard are available on their website.
About a year after this article was written, Linus added WireGuard support to the Linux kernel.
Connecting
Go here for instructions on connecting.
Normally, WireGuard operates on a single UDP port defined by the server-side config.
Thanks to our port striping v2 feature, you can connect to WireGuard using any of our OpenVPN hosts on any UDP port (from 1-29999).
There's only one IP per server that WireGuard will use, but that's only for the "exit IP".
That means you can connect to any of the OpenVPN IPs, but the IP the internet will see you as having might be different.
Device limits
Similar to our OpenVPN setup, our WireGuard setup will limit the number of WireGuard keys allowed per cryptostorm token, based on the token's duration. The chart below lists the limits for each token type:
Token type | Number of WireGuard keys allowed |
---|---|
one week or one month | 1 |
three months | 2 |
six months | 3 |
one year | 4 |
two years | 5 |
lifetime | 6 |
These limits are independent from our OpenVPN setup.
So if you have a one month (or one week) cryptostorm access token, you can connect one device using OpenVPN, and you can connect a device using WireGuard.
WireGuard was designed with roaming in mind, so connecting two devices at the same time using the same WireGuard key won't work, unless each device is connecting to a different server.
If you need to delete any WireGuard keys tied to your token, use this page.
Expired tokens
If your token expires, any WireGuard keys associated with that token will be removed from the network.
So if you've got a weekly or monthly PayPal subscription where you get a new token every week/month, each time that new token comes in you will have to revisit https://cryptostorm.is/wireguard and generate new WireGuard keys/configs.
If you don't want to do that so often, buy a token with a higher duration :-P
Speeds
Our tests verify WireGuard is indeed much faster than OpenVPN.
We've seen increased speeds anywhere from 25% to 60% compared to OpenVPN, depending on a variety of factors (client CPU/RAM/ISP, load/location of node, etc.).