Introducing WireGuard, fully automated.

Releases By Nick Pestell | Posted on December 11, 2018

In November 2009, almost 10 years ago IVPN was launched. We knew that in order to become the most trusted provider we had to demonstrate our security expertise and execute flawlessly and consistently over many years. On day one we launched a full mesh multi-hop network using Linux policy based routing with all VPN gateways passing strict CIS benchmark compliance, an industry first. In January 2015 we introduced the IVPN firewall which is integrated deep into the OS using Microsoft’s WFP API and independent from the app itself. Even if the app crashed we could guarantee no data leaks. In September 2016 we took a strong stance against corrupt ‘pay for play’ affiliates. In the past few years we have launched dozens of new features specifically to improve our customer’s security. Today we are more excited than ever to launch what we believe is the future of VPN technology, WireGuard

WireGuard is an extremely fast, secure and simple protocol relative to OpenVPN, the default that we use in our current apps. Its simplicity and size ensure a much smaller attack surface relative to other protocols (roughly 1% of OpenVPN). This greatly enhances its ability to be peer reviewed and audited. It uses state-of-the-art cryptography, employing the Noise protocol frameworkCurve25519 for key exchange, ChaCha20 for encryption, Poly1305 for authentication and BLAKE2s for hashing. WireGuard has excellent documentation, we strongly recommend reviewing the conceptual overview on the homepage and the white-paper for the more technically inclined.

In our own testing we have seen consistent speed improvements with WireGuard over OpenVPN. To continually ensure our customers security and privacy one of IVPN’s design goals is to increase the time customers spend connected to the VPN, that some customers don’t remain connected 24/7 may surprise our more hardcore privacy users. Customers have repeatedly told us that one of the reasons for disconnecting is the requirement for their maximum line speed for certain applications. We strongly believe that WireGuard’s speed will increase the time customers spend connected and therefor their security and privacy.

This simplicity of WireGuard requires that certain functions are left out of the protocol and up to the user to implement, such as key and IP address management. For VPN providers this is a major technical challenge as encryption keys have to be securely generated within the VPN client and distributed to all VPN gateways, an IP address has to be leased from a pool and sent to the client, all before the user can connect to the VPN server. Current VPN services offering WireGuard require that the user manually generate the keys and upload them to specific servers through the control panel on their website. To continue demonstrating our expertise we set the bar high and have built a fully automated solution that securely generates keys within the client, uploads them to an IVPN server which then distributes them to all VPN gateways in our infrastructure within seconds. Using WireGuard on the client couldn’t be easier, the user simply has to select it and will be able to connect immediately.

As part of our initiative to become increasingly open and to advance the industry we plan to open-source the code that manages all this complexity. Our hope is that VPN providers integrate this code into their infrastructure and continually improve it for the benefit of all. We are also sponsoring WireGuard development and encourage all customers to make a donation if they are able.

WARNING: The WireGuard protocol is currently under heavy development and should be considered experimental. At this time we do not recommend using WireGuard except for testing or in situations where security is not critical. Our Wireguard VPN servers are completely separate from our OpenVPN servers to ensure no security risks. We welcome all customers to begin testing, simply select the protocol from within the IVPN client.

27/04/2020 update: Since its merge into Linux Kernel (v5.6) and the release of WireGuard 1.0, we consider the protocol to be ready for wide-scale use. We now offer WireGuard to all our subscribers.

More information: https://ivpn.net/wireguard/

We look forward to hearing your feedback!

Nick Pestell

CEO, IVPN

Apps Protocols Security WireGuard
We invite you to discuss this post in our Reddit community or on Twitter. You can also send your feedback to blog@ivpn.net.
IVPN News

Independent security audit concluded

By Nick Pestell

IVPN News

IVPN applications are now open source

By Viktor Vecsei

Releases

Beta IVPN Linux app released

By Viktor Vecsei

Introducing device management for better control of logged in devices Releases

Introducing device management for better control of logged in devices

Posted on February 13, 2024 by Viktor Vecsei

We are introducing IVPN device management, an opt-in (disabled by default) feature that helps you review and log out from devices currently logged in to IVPN apps. This step is a direct response to frequent customer requests for better device controls.
Launch of IVPN Light - short-term VPN access paid with BTC Lightning Releases

Launch of IVPN Light - short-term VPN access paid with BTC Lightning

Posted on September 15, 2023 by Viktor Vecsei

Equipped with a BTC Lightning wallet and some sats, you can now set up an IVPN WireGuard tunnel in minutes without creating an account or sharing any personal information. Benefits of using IVPN Light: Short duration access option, you can get a “throwaway” VPN tunnel for 3 hours or up to 30 days duration Priced in sats and affordable - you can purchase access for as little as 500 sats (3 hours) Access up to 5 locations or 1 entry-exit node MultiHop combination with one payment No account required - we only keep a record of your Lightning payment on our self-hosted BTCPayServer, no personal information is collected Differences versus a regular IVPN subscription:
Spotted a mistake or have an idea on how to improve this page?
Suggest an edit on GitHub.