VPN protocols: WireGuard®

Find out what makes this a popular VPN protocol and how ExpressVPN has re-engineered it to meet our high standards in privacy.

Get ExpressVPN

30-DAY MONEY-BACK GUARANTEE
*for first-time users

WireGuard image
  • What is WireGuard?
  • How We Rebuilt WireGuard for ExpressVPN
  • Other VPN protocols
  • Download ExpressVPN on all your devices
  • Frequently asked questions
  • Learn more about using a VPN
  • Try the best VPN
  • What is WireGuard?
  • How We Rebuilt WireGuard for ExpressVPN
  • Other VPN protocols
  • Download ExpressVPN on all your devices
  • Frequently asked questions
  • Learn more about using a VPN
  • Try the best VPN

What is WireGuard?

WireGuard is a modern VPN protocol known for its speed, efficiency, and minimal codebase. It operates at the kernel level on many platforms, offering faster connections and lower CPU usage than older protocols like OpenVPN. But that minimalism came with trade-offs.

Pros

  • Fast and lightweight
  • ExpressVPN’s custom version includes features not found in the base protocol

Cons

  • Off-the-shelf WireGuard may still expose users to tracking risks

How We Rebuilt WireGuard for ExpressVPN

When we launched our own custom implementation of WireGuard for ExpressVPN in 2025, it was re-engineered for modern privacy and security. It included:

  • Post-quantum security by default: Every WireGuard session begins with a handshake using ML-KEM, the post-quantum key encapsulation algorithm selected by NIST. This protects users from “harvest now, decrypt later” attacks where adversaries collect encrypted data today and decrypt it with quantum computers in the future.
  • Ephemeral credentials: Each session uses a new encryption key and internal IP address to reduce the risk of correlation.
  • Short-lived access tokens: ExpressVPN built its own lightweight authentication system that eliminates the need for static keys or long-lived credentials.
  • Real-time provisioning via TrustedServer: Sessions are provisioned dynamically through ExpressVPN’s RAM-only infrastructure, which never writes to disk.
  • No static peer configurations: Instead of relying on fixed peer mappings or double NAT configurations, ExpressVPN assigns everything dynamically to enhance privacy and scalability.
  • Split-service architecture: Authentication and configuration have been separated into distinct services to minimize attack surface, isolate privileges, and ensure that public-facing components cannot directly modify WireGuard setup.
  • Compatible with standard WireGuard: We’ve enhanced privacy and post-quantum security without modifying the WireGuard protocol itself, preserving full compatibility and interoperability.

Post-quantum WireGuard is available on iOS, Android, and Windows apps, with macOS support coming soon. In other words, ExpressVPN delivers the performance benefits of WireGuard without compromising privacy, scalability, or future-readiness.

How to configure your VPN to WireGuard

By default, ExpressVPN chooses the best VPN protocol for your network conditions. But you can manually select WireGuard for Android and iOS. Learn how to change your protocol by visiting our setup pages:

Speech bubbles with different VPN protocols.

Other VPN protocols

In addition to offering a standard set of protocols, ExpressVPN built Lightway to outdo them all in speed, reliability, and security. Give it a try to see for yourself. Learn more about Lightway.

If you’re still not sure which VPN protocol to choose, simply let the ExpressVPN app automatically select the best one for you.

Back to VPN protocols

Download ExpressVPN on all your devices

A single ExpressVPN subscription lets you download a VPN for every popular platform. Need a VPN for multiple devices? Set up ExpressVPN on everything you own, and use it on eight at the same time.

Download ExpressVPN apps.
Get ExpressVPN

Frequently asked questions

What is WireGuard?

WireGuard is a modern VPN protocol known for its speed, simplicity, and lean codebase. It operates directly at the kernel level on many platforms, making it lightweight and fast compared to traditional protocols like OpenVPN. However, its minimalist design leaves out key features that privacy-focused VPNs often require, like built-in authentication, dynamic IP assignment, and session management.

Does ExpressVPN support WireGuard?

Yes. ExpressVPN now offers a custom-built WireGuard implementation across its apps. Unlike most providers, we didn’t adopt the base protocol as-is. We rebuilt it with post-quantum encryption, ephemeral key exchange, dynamic IPs, and full integration with our RAM-only TrustedServer infrastructure. This was done in a bid to meet our standards for privacy, security, and scalability.

Is WireGuard better than Lightway?

No, not necessarily as they serve different needs. Lightway is ExpressVPN’s proprietary protocol, built from the ground up for privacy, performance, and reliability. It remains the default on most platforms. WireGuard is now available as an option, offering another fast and secure way to connect. With ExpressVPN, you can choose the best protocol for your context, knowing both are engineered with privacy in mind.

Learn more about using a VPN

  • A laptop's secure connection to the internet.
    What is a VPN?

    Get to know how a VPN protects your online traffic from snooping

    Learn more

  • A plant at his laptop using ExpressVPN.
    Browse privately

    Change your IP address and mask your location online

    Learn more

  • A laptop with a speedometer
    How fast is your VPN?

    Find out what affects VPN speeds and how to find the fastest server for you

    Learn more

Security and privacy

Encrypt your data

No activity logs

Browse privately

Get 30 days risk-free

VPN service providers

Tools and services

How to use a VPN

Unblock websites

VPN protocols

VPN for public Wi-Fi

VPN speed

VPN FAQ

What is a VPN?

Why pay for a VPN?

Proxy vs. VPN

What is a VPN tunnel?

Home VPN vs. business VPN

VPN vs. remote desktop

Is using a VPN easy?

VPN for dummies

30
Day
Money-back guarantee

Try the best VPN

Enjoy our risk-free 30-day money-back guarantee: If you’re not satisfied using ExpressVPN, contact Support within 30 days and get a full refund. It’s that simple.

Get ExpressVPN
Choose language
Get Started