Known Limitations - WireGuard (2024)

Known Limitations

WireGuard is a protocol that, like all protocols, makes necessary trade-offs. This page summarizes known limitations due to these trade-offs.

Deep Packet Inspection

WireGuard does not focus on obfuscation. Obfuscation, rather, should happen at a layer above WireGuard, with WireGuard focused on providing solid crypto with a simple implementation. It is quite possible to plug in various forms of obfuscation, however.

TCP Mode

WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.

Hardware Crypto

WireGuard uses ChaCha20Poly1305, which is extremely fast in software on virtually all general purpose CPUs. As of writing, there is not an overwhelming amount of dedicated hardware support for it, though this is changing. Practically speaking, this is not a problem, as vector instructions on CPUs wind up being in the same ballpark (and sometimes even faster) than AES-NI instructions.

Roaming Mischief

WireGuard's roaming happens without an additional round trip or other authentication, which means an active man in the middle can replace source IP addresses. A man in the middle can already redirect packets, by virtue of being active, but it may be possible for the endpoint address to be updated and for the man in the middle to relay packets after having lost the man in the middle position. These packets, however, remain indecipherable by the attacker, by virtue of WireGuard's usual authenticated encryption. However, if this is an issue, ordinary firewalling can lock down the WireGuard socket to a particular IP address, and it's possible that future revisions of WireGuard will allow this innately. Relatedly, it may be possible to play a TCP sequence number guessing game in order to have a WireGuard server direct packets at an uncontrolled IP address.

Identity Hiding Forward Secrecy

WireGuard has forward secrecy of data packets, thanks to its handshake, but the handshake itself encrypts the sender's public key using the static public key of the responder, which means that a compromise of the responder's private key and a traffic log of previous handshakes would enable an attacker to figure out who has sent handshakes, but not what data is inside of them. Similarly, mac1 is made over the responder's public key, which means it is possible to trial hash to guess whether or not a packet is intended for a particular responder, though the mac1 could be forged. Mitigations include rotating or regenerating keys, based on expectations of unlinkability.

Post-Quantum Secrecy

WireGuard is not, by default, post-quantum secure. However, the pre-shared key parameter can be used to add a layer of post-quantum secrecy. It could be post-quantum secure were the public keys hashed instead of sent directly, but this is not part of the Noise Protocol Framework, on which WireGuard's handshake is based, and this hashing technique wouldn't enable forward-secure post-quantum secrecy either. The best bet for post-quantum security is to run a truly post-quantum handshake on top of WireGuard, and then insert that key into WireGuard's pre-shared key slot.

Denial of Service

WireGuard is supposed to be abuse-resistant, by virtue of its use of mac1 and mac2, though before mac2 kicks in, the ECDH computations may use considerable CPU. In practice, though, mac2 is usually sufficient.

Unreliable Monotonic Counter

WireGuard uses the system time as a reliable monotonic counter. If this jumps forward, a user might DoS their own keys, by making it impossible to later have a value larger, or an adversary controlling system time could store a handshake initiation for use later. If it jumps backwards, handshakes will similarly be impossible. Thus, the system time should not be under the control of a hostile adversary.

Routing Loops

There are currently a few issues with detecting routing loops, locally and over a network, and there are various tricks like changing the outer src to the inner src.

Known Limitations - WireGuard (2024)

FAQs

Known Limitations - WireGuard? ›

WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.

What are the security flaws of WireGuard? ›

Potential Risks of Using WireGuard

Despite its advantages, WireGuard has some downsides that you need to be aware of, including: Privacy trade-offs. By default, WireGuard stores user IP addresses on the VPN server, posing a risk to user anonymity and privacy.

Can WireGuard VPN be detected? ›

Yes, WireGuard can be detected. It doesn't do VPN obfuscation, mostly because of the insistence on UDP transmission mode.

Is anything better than WireGuard? ›

Verdict on Security

There are no known security flaws in either protocol. If security is your topmost priority, the conservative option is OpenVPN. It has simply been around much longer than WireGuard, gone through more third-party security audits, and has a far longer track record than WireGuard.

Can DPI detect WireGuard? ›

These VPNs often utilize advanced encryption standards like AES-256, which provide a high level of data security against DPI inspection. Additionally, they implement protocols such as OpenVPN, WireGuard, or IKEv2, known for their ability to bypass DPI filters due to their sophisticated tunneling mechanisms.

What are the limitations of WireGuard? ›

WireGuard explicitly does not support tunneling over TCP, due to the classically terrible network performance of tunneling TCP-over-TCP. Rather, transforming WireGuard's UDP packets into TCP is the job of an upper layer of obfuscation (see previous point), and can be accomplished by projects like udptunnel and udp2raw.

Can WireGuard be trusted? ›

WireGuard is considered by many to be one of the safest, most secure VPN protocol options available today. Simplified design using less code equals fewer bugs and security vulnerabilities, while WireGuard's faster state-of-the-art cryptography employs superior default security settings.

Why not use WireGuard? ›

It is extensible that new cryptographic primitives can be added. WireGuard does not have that. That means WireGuard will break at some point, because one of the cryptographic primitives will weaken or entirely break at some point.

Can WireGuard be hacked? ›

Protocols such as OpenVPN, WireGuard, or IKEv2 have no known vulnerabilities and are considered secure.

How secure is WireGuard vs OpenVPN? ›

The biggest notable differences between WireGuard and OpenVPN are speed and security. While WireGuard is generally faster, OpenVPN provides heavier security. The differences between these two protocols are also what make up their defining features.

Why use Tailscale instead of WireGuard? ›

WireGuard uses a keepalive protocol to keep connections open, even if there is no traffic to a node on your network. Tailscale makes your services easily addressable. Tailscale assigns your devices static IP addresses, which they maintain even as they move around on your network.

Why is OpenVPN slower than WireGuard? ›

A downside of this flexibility is that the protocol is rather code-heavy, which is one of the main reasons why OpenVPN tends to be slower than WireGuard. WireGuard takes the opposite approach to cryptography. It uses just one set of up-to-date algorithms instead of a library as is the case of OpenVPN.

Is IKEv2 better than WireGuard? ›

Based on these findings, if you're looking for the fastest secure tunneling protocol, you should go with NordLynx (or WireGuard). The second fastest will be IKEv2, which can confidently hold its own even when connecting to the other side of the world.

Do ISPs block WireGuard? ›

All VPN protocols use a distinct port that can be blocked by ISPs. For instance, port 443 blocks OpenVPN TCP, and port 51820 blocks WireGuard.

Does WireGuard hide IP address? ›

When you connect to our VPN server via WireGuard, your device can only see the IP address 10.2. 0.2, and the website you visit can only see the public IP address of our VPN server. Your true IP address remains secure and private, just as it would with OpenVPN.

How to obfuscate WireGuard traffic? ›

Option 1 – Windows Wireguard App
  1. Step1 – Register an account with StarVPN. ...
  2. Step 2 – Download Wireguard Configuration. ...
  3. Step 3 – Download the Windows Installer from the Wireguard Website. ...
  4. Step 4 – Input Configuration. ...
  5. Step 5 – Additional Configuration. ...
  6. Step 6 – Install Shadowsocks. ...
  7. Step 7 – Connect with Wireguard.
Jan 6, 2023

What are the security flaws of VPN? ›

Exploitation of a VPN vulnerability can enable hackers to steal credentials, hijack encrypted traffic sessions, remotely execute arbitrary code and give them access to sensitive corporate data. This VPN Vulnerability Report 2023 provides a handy overview of VPN vulnerabilities reported in recent years.

How private is WireGuard? ›

Less privacy than OpenVPN.

To give you a static IP address, WireGuard® tries to log your real IP address on the VPN server you're using. While your IP address is still masked to outsiders, some argue this may put your privacy at risk if the server or system were compromised at any point.

Is WireGuard more secure than SSH? ›

WireGuard is cryptographically superior to SSH, attaches at a network layer without fussy interactions with a Unix shell (that then also needs to be accounted for in a security model), has higher performance, is practically bulletproof in terms of keeping connections alive, and gets you direct access to whatever ...

Top Articles
Latest Posts
Article information

Author: Mr. See Jast

Last Updated:

Views: 6326

Rating: 4.4 / 5 (75 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Mr. See Jast

Birthday: 1999-07-30

Address: 8409 Megan Mountain, New Mathew, MT 44997-8193

Phone: +5023589614038

Job: Chief Executive

Hobby: Leather crafting, Flag Football, Candle making, Flying, Poi, Gunsmithing, Swimming

Introduction: My name is Mr. See Jast, I am a open, jolly, gorgeous, courageous, inexpensive, friendly, homely person who loves writing and wants to share my knowledge and understanding with you.