Editor’s note: This article was originally published in March 2019. ExpressVPN has since developed Lightway, a VPN protocol that we built from the ground up to meet the privacy, security, and performance needs of our users. While we have a lot of respect for WireGuard, we felt it wasn’t really designed for a large VPN network with privacy and security as the first principle, and we won’t be adding it to our protocol selections. Find out more about Lightway. Also check out this short video in which we answer the question: Why not WireGuard?
WireGuard® is a free and open-source VPN protocol originally written by Jason A. Donenfeld (you can support WireGuard in its efforts here) and currently developed by Edge Security LLC. WireGuard works directly on the kernel level of a device’s operating system, making it possible to encrypt and decrypt data more quickly and securely and with fewer risks of leaks, compared with other VPN protocols.
So far, the hope is that WireGuard can establish itself as a widespread protocol that makes VPN connections ubiquitous (including on mobile phones and the Internet of Things) without the risk of arbitrary disconnects or high battery usage.
It’s exciting to see such significant improvements, and, understandably, many are excited about seeing this protocol deployed commercially. We at ExpressVPN are frequently asked about our immediate plans and opinions on WireGuard, and we’d like to take the opportunity to clarify our position.
WireGuard: A great idea in development
WireGuard is easier to set up and handle than other VPN protocols, although more development is required before it’s ready for a large production environment with countless users.
This is an opinion shared by the developers of WireGuard, who state on their website:
“WireGuard is not yet complete. You should not rely on this code. It has not undergone proper degrees of security auditing and the protocol is still subject to change.”
One of the challenges WireGuard faces is to ensure anonymity for VPNs. No single user should be statically allocated a single IP address, neither on a public nor a virtual network. A user’s internal IP address might be discovered by an adversary (through WebRTC, for example), who might then be able to match it with records acquired from a VPN provider (through theft, sale, or legal seizure). A good VPN must be unable to match such an identifier to a single user. Currently, this setup is not easily achieved with WireGuard.
ExpressVPN will be supporting efforts to review and audit the WireGuard code, as we have done in the past with OpenVPN. We will contribute code and report bugs whenever we can and raise security and privacy concerns directly with the development team. And, due to WireGuard’s reduced complexity, any public audit will be more comprehensive and provide a higher level of assurance.
On Android, Linux, Mac, and routers, WireGuard performs very well. ExpressVPN puts the security and privacy of its users first, though, so we will await further testing before we roll out WireGuard to our large customer base.
WireGuard is a registered trademark of Jason A. Donenfeld.
FAQ: About ExpressVPN vs. Wireguard
Is ExpressVPN’s Lightway WireGuard?
No, ExpressVPN’s Lightway protocol is not WireGuard. ExpressVPN built Lightway from the ground up to meet the privacy, security, and performance needs of its users. Having achieved this, the service won’t be offering WireGuard to its selection of VPN protocols.
Protect your privacy with the best VPN
30-day money-back guarantee
Any update on your efforts to implement Wireguard to your service? 2y have gone by since this article was written.
Express VPN is using Lightway, which a rep said is equal to, if not better than, WireGuard. Here’s my chat with Jan, a few minutes:
“Thank you for visiting ExpressVPN. How can I help you today?
My name is Jan and I’m here to help.
Does ExpressVPN currently use the WireGuard VPN protocol?
We currently do not have Wireguard as one of our protocols, but we do have our own protocol name Lightway that is as good if not better than Wireguard.
While we currently don’t have Wireguard, we appreciate you taking the time to let us know what you’re looking for.
I’ll add this to our feature request list for the Product Team to consider in future versions of the product. Most of the improvements we make come from ideas and suggestions like yours, so thank you for letting us know!
Thank you too
Is there a specific reason why you’re looking for Wireguard on a VPN service?
I just read two articles, one from 2019 that Express VPN was looking into it, and a 2nd one from Malwarebytes on the importance of using/choosing a VPN service that utilizes it. So I wanted to check with you.
I’ll file a feature request to make sure that our product team knows that some of our customers are requesting Wireguard as one of our protocols.
In the meantime, compared to WireGuard, Lightway uses a much simpler source code that makes it much easier for the community to audit.
The protocol is also open-sourced so it can be audited and scrutinized for vulnerabilities. Lightway has been audited by various third parties.”
Good to hear, what other ways is Lightway better than WireGuard?
Lightway is our next-generation protocol that delivers faster connection times, faster download speeds, and lower battery consumption.
Lightway is a modern open-source VPN protocol that’s designed to offer improved security. It uses wolfSSL, a well-established cryptography library.
Lightway protocol is available for Windows, Mac (Alpha and Beta releases), Android, iOS, Linux & XVRouter V2. It will be available for other devices soon.
please give us option to choose wireguard, ok it will not by default,
i tested in windows & android, its fast & work perfect, i tested with game mobile legend and latency is good
Any update for this? It’s almost 2021 and this article was written way back in early 2019.
Is there update with this? It seems a lot of VPN companies are adapting it.
I can oly agree with the other comments. I’m using GNU/Linux with Wireguard on the kernel level on my PC and OpenWRT on my router, and I’m a ExpressVPN customer for more than 2 years. Being able to set up ExpressVPN with WireGuard would surely be a great improvement.
I’ve been waiting for Wireguard to be supported on ExpressVPN. I’ve set up my own Wiregaurd client/server testbed and it is amazingly fast.
I’m in the process of researching switching to another VPN that supports Wireguard. Please hurry with support (especially on OpenWRT or GL-iNet products) – I don’t want to change VPN providers, but I may have to.
Would love to see wireguard for ExpressVPN very soon.
Your major competitor Nord is close to implementing wireguard for all its clients/platforms.
Please beat them to the punch to help secure your current customers (including me!)
Any updates?? Now is the time!
It’s been nearly a year since this article was last updated.
WireGuard is in the mainstream kernel now.
Tell us what “efforts to review and audit the WireGuard code” you have “supported”, Express. And what progress have you made in incorporating it into your own operations so we can use it?
some new update expressvpn?
Just, thank you for your efforts on my and everyone else’s behalf. 👍
Thanks alot for sharing this. It’s make you guys being a great VPN compagny. Keep up updating every month would be cool 😁
Vielen Dank und beste Wünsche!
Of course, wireguard is a nice protocol
However, I hope IKEv2 is supported by other operating systems except iOS.
I wonder why ExpressVPN allows IKEv2 on iOS only
I’ve been waiting for IKEv2 for over a year
Could this be done this year? Please
May we try Wireguard on Express VPN soon?(this year Shamsi:)