On the last day of July, NordVPN released NordLynx, a special VPN tool for Linux computers. That, on its own, isn't especially exciting, but it's what's under the hood that matters. NordLynx uses the WireGuard protocol, a cutting-edge VPN technology that promises improved security and mind-boggling speeds. After some initial tests, I can safely say that if WireGuard can deliver these kind of results, the entire VPN industry is going to change.

I've been hearing about WireGuard for years, but have largely ignored it, since it's not really ready for prime time. As chance would have it, NordVPN's announcement came just after I'd bought a Linux laptop, so it seemed as good a time as any to play around with WireGuard. If you also want to give NordLynx a whirl, keep in mind that it works exclusively in the command line and requires a good amount of legwork to set up. It's not at all like using the friendly GUI apps NordVPN provides on every other platform. But if you're interested in the future of VPN, it's a worthy endeavor.

What's WireGuard?

WireGuard is a new open-source VPN protocol created by Jason Donenfeld that promises to do more with less. It requires dramatically less code than OpenVPN—my favorite current VPN protocol—and is meant to deliver significantly better speeds, too. WireGuard is currently under development and widely viewed as an experimental technology. A few companies have joined NordVPN in deciding to release limited support for WireGuard.

In some ways, WireGuard is a little like 5G. It's a hot new technology and everyone knows that it's going to be a really big deal, but it's largely unavailable for everyday use.

What's unclear is how and when WireGuard will see wide adoption. Not only is WireGuard far from finished, there are apparently other considerations. NordVPN's announcement of NordLynx claims that fundamental parts of WireGuard aren't great for privacy, and that the company had to bolt on its own solution for those issues. From the company's announcement:

The WireGuard protocol alone can't ensure complete privacy. Here's why. It can't dynamically assign IP addresses to everyone connected to a server. Therefore, the server must contain a local static IP address table to know where internet packets are traveling from and to whom they should return. It means that the real IP address of a user must be linked to an internal IP address assigned by the VPN. To put it less technically: by implementing the out-of-the-box WireGuard protocol in our service, we would have put your privacy at risk. And we would never do this.

NordVPN says its solution is a double NAT (Network Address Translation) system. I'll be honest and say that I don't quite understand how it all works, but NordVPN says that the practical upshot is that NordLynx gets all the benefits of WireGuard speed and cryptography, without having to store information that could be used to identify a user.

Some Up Front Caveats

When I normally test VPNs, I strive to control for as many variables as I can. The goal is to capture reproducible results I can use for comparison between products. To do that, I use the same computer (a Lenovo T460s) over the same ethernet connection. That wasn't an option this time. For one thing, my VPN test computer runs Windows 10, not Linux. For these tests, I had to use my personal laptop (a Lenovo X270), which is nowhere near as pristine as the T460s but does run the latest version of Ubuntu. I also performed these tests over Wi-Fi, instead of my usual Ethernet connection.

See How We Test VPNs

Aside from those differences, my testing methodology was the same. Using the Ookla speed test tool, I recorded results with and without the VPN running. I then calculate the percent change between the two in terms of latency, download speeds, and upload speeds.

(Editors' Note: Ookla Speedtest is owned by j2 Global, the parent company of PCMag's publisher, Ziff Davis.)

While I stand by my results, I've always maintained that my tests don't give the full picture. Where you are, what kind of network you're using, what kind of device you're using, and even the time of day has an impact on speed test results. Instead of being the final word on a VPN's speed, my tests are intended for comparison between products. I compare each VPN test result against every other VPN tested that year, about three dozen in total. I don't have that same history of results for these tests, so they lack the context of my other testing.

All that is to say that this testing is more of a back-of-the-napkin experiment rather than the thorough evaluations I normally do. All these caveats are important, because the results are staggering.

Mind Boggling Numbers

Across the board, NordLynx with WireGuard bested NordVPN with OpenVPN. It wasn't even close.

The standout figure here is that with WireGuard, download speed results were faster than without using a VPN. To be clear: I don't think we can conclude that WireGuard will unlock hidden speed potential on your internet connection. Looking at the raw data, the best download speed without a VPN was still higher than with a VPN. We can probably attribute this variation to traffic on the network or some other outside influence. What is clear to me is that, at least in my testing, using WireGuard has no significant negative effect on speeds. It's almost like the VPN isn't there.

One note about latency: During testing, I had to manually instruct NordVPN to connect to a US server when testing OpenVPN. I did not have to do this when testing NordLynx with WireGuard. My meddling might explain the enormous latency increase with OpenVPN.

Adding Context

Without more testing, it's hard to put these results in the proper context. For instance, when I tested VPN speeds on Windows, the fastest VPN decreased upload and download speeds by about 50 percent. In fact, the OpenVPN results I recorded in these Linux tests are about par for the course for VPNs on Windows. But that's on a different machine, with a different connection, and using a different operating system.

For comparison's sake, I've included the results from the ten fastest VPNs, based on my Windows testing, below. Again, I hesitate to draw a direct comparison, but it's hard not to get excited.





We have reviewed NordVPN for Linux before, but that review doesn't shed much light on the WireGuard results. For those tests, we used different methodology, testing equipment, and testing location. Here are the results from that testing:

127.27 percent increase in latency.

11.02 percent decrease in download speed results.

8.58 percent increase in upload speed results.

A Truly Exciting Future for VPN

There are a lot of considerations to take into account when choosing a VPN, from pricing to privacy policies, but one thing has remained consistent: Using a VPN means that your web performance suffers. WireGuard promises to improve on that situation, allowing faster connections and newer encryption. If these initial tests are any indication, WireGuard will do just that. Even if WireGuard proves to only be half as good as these NordLynx results indicate, it would still be as good as the fastest VPN I've yet tested. At the risk of sounding bombastic, WireGuard will probably change everything for VPNs.

Further Reading

VPN Reviews