« Back to Glossary Index
WireGuard is a VPN protocol built for speed and simplicity. Its entire codebase is roughly 4,000 lines – compared to over 100,000 for OpenVPN – which makes it faster to audit, easier to configure, and harder for implementation bugs to hide. It connects in under a second and handles IP address changes gracefully.
WireGuard is the recommended choice for new industrial VPN deployments where performance and simplicity matter.
- Cryptography – Curve25519 key exchange, ChaCha20 encryption, Poly1305 authentication – all modern, well-reviewed algorithms
- Connection establishment – faster than IKE-based IPsec negotiation; sub-second handshake
- Roaming – maintains the tunnel when the device’s IP address changes; useful for cellular WANs that reassign IPs on reconnect
- CPU efficiency – kernel-space implementation with lower per-packet overhead than OpenVPN
- Backwards compatibility – not supported by legacy SCADA infrastructure; use IPsec where existing VPN endpoints require it