Virtual Private Network (VPN) company NordVPN has introduced NordLynx technology built around the WireGuard protocol.
WireGuard is thought to be shaking up the VPN space as a new type of protocol because of its approach to cryptography and speed — other protocols in this space include OpenVPN and IPSec out of the water.
According to the WireGuard team, this technology is designed as a general purpose VPN for running on [anything from] embedded interfaces [up to] super computers alike, fit for many different circumstances.
Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable — it is currently said to be under ‘heavy development’ going forward.
The new technology from NordVPN combines WireGuard’s high-speed connection and NordVPN’s custom-made double Network Address Translation (NAT) system, a technology which aims to safeguards user privacy.
At the moment, NordLynx is available for Linux users.
“In fall 2018, we invited a small group of our users to take our WireGuard implementation for a test drive. [Now], after months of further development and testing, we’re ready to present NordLynx – our solution for a fast, private, and secure VPN connection,” sayid Ruby Gonzalez, head of communication at NordVPN.
NordLynx openly states that it is faster than the current leading protocols (the above-mentioned OpenVPN and IPSec) and this is helped by the fact that it consists of only 4000 lines of code, which also makes it easier to deploy and audit.
Although WireGuard is easy to implement and manage, its ability to secure users’ privacy often comes up as a point for discussion.
It does not dynamically assign IP addresses to everyone connected to a server. Therefore, it requires to store at least some user data on the server, compromising their privacy.
Double NAT is natty
Conversely, the double NAT system from NordVPN creates two local network interfaces for each user.
The first interface assigns the same local IP address to all users connected to a server. Once the secure VPN tunnel is established, the second network interface with a dynamic NAT system kicks in. Dynamic local IP addresses remain assigned only while the session is active and allow not to store any identifiable data on the server.
The NordLynx technology is now available for all users of NordVPN for Linux — to switch to NordLynx, install WireGuard, open the terminal and enter ‘nordvpn set technology NordLynx’.
As a final note, NordVPN has completed an industry-first audit with its no-logs policy. The audit was performed by PricewaterhouseCoopers AG, Zurich, Switzerland.