NordVPN is the most recent VPN service to provide support for the experimental tunneling protocol WireGuard.
NordVPN’s new technology called NordLynx is built on the WireGuard VPN protocol but has been developed with some tweaks to make it more private than the original implementation.
The VPN provider, which has over 12 million users worldwide, announced the release of its new technology in a blog post on July 31, after several months of closed beta testing.
“When innovation knocks, what will you do: let it in or shut the door? Being forever-curious and imaginative geeks, we at NordVPN are always open to innovation,” writes NordVPN in its blog post.
“Today we are excited to announce our latest project: the NordLynx technology built around the WireGuard protocol.”
WireGuard, which is still in development, promises to be faster and more secure than the current industry standards like OpenVPN and L2TP/IPsec.
Most notably, WireGuard relies on just a few lines of code – 4,000 in total – which makes it much easier to audit for security vulnerabilities. In contrast, OpenVPN consists of over 400,000 lines of code.
However, there are some inherent privacy issues related to the implementation of WireGuard for commercial VPN services.
Aside from still being in development, the protocol can’t dynamically assign IP addresses to everyone connected to a server and so it assigns a local static IP address to each user instead. This puts users’ privacy at risk.
In the blog post, NordVPN explains how the development team adapted the WireGuard implementation to make it more privacy-friendly using a technology called double NAT:
“To put it simply, the double NAT system creates two local network interfaces for each user. The first interface assigns a local IP address to all users connected to a server. Unlike in the original WireGuard protocol, each user gets the same IP address,
“Once a VPN tunnel is established, the second network interface with a dynamic NAT system kicks in. The system assigns a unique IP address for each tunnel. This way, internet packets can travel between the user and their desired destination without getting mixed up.”
NordLynx is currently only available to Linux users, who can use it on the NordVPN Linux app alongside a third-party WireGuard distribution. They can swap between OpenVPN and NordLynx within the app by entering a simple command.
NordVPN promises to release tutorials in the near future so that non-Linux users can set up NordLynx on other devices using any third-party WireGuard client.