NordVPN has finally launched their own implementation of WireGuard – NordLynx. The VPN provider has been teasing the inclusion of WireGuard for months. However, until NordLynx, VPN providers struggled to fix the inherent vulnerabilities of WireGuard.

This revolutionary tunneling protocol has significant benefits over OpenVPN and IPsec. Users of several other VPNs have already had the chance to test WireGuard out, but NordVPN is the first industry leader to implement it.

What is NordLynx?

NordLynx is NordVPN’s proprietary WireGuard-based tunneling protocol. WireGuard is a cutting-edge VPN protocol, combining strong encryption and great performance. The developers of WireGuard aimed to create a piece of software that was easily-auditable. Unlike OpenVPN or IPsec, WireGuard manages to fulfill its purpose through as few as 4,000 lines of code. For comparison, IPsec has 400,000, while OpenVPN+OpenSSL have 600,000.

The lightweight nature of WireGuard makes it easy to implement and difficult to compromise. A single individual should be able to read the entire codebase of WireGuard and understand how it works in an evening.

These are great characteristics that many VPN service providers have been striving to make part of their product. However, in its current state, WireGuard poses some challenges, one of which NordVPN mentions in their announcement of NordLynx:

The WireGuard protocol alone can’t ensure complete privacy. Here’s why. It can’t dynamically assign IP addresses to everyone connected to a server. Therefore, the server must contain a local static IP address table to know where internet packets are traveling from and to whom they should return. It means that the real IP address of a user must be linked to an internal IP address assigned by the VPN.

According to NordVPN, NordLynx solves this issue in a unique way: by adding a double Network Address Translation (NAT) system to WireGuard, which creates two local network interfaces for each user. The first interface is used to assign a local IP address to all users that are connected to the server, which means that every user gets the same IP address.

This is when the second dynamic NAT system interface kicks in, providing a unique IP address for each user on the server and solving vanilla WireGuard’s privacy issue. When using NordLynx, packets can travel between users and their web destinations without getting mixed up in the process.

This effectively means that NordVPN has finally managed to marry WireGuard’s lightning speeds to the other protocols’ robust privacy protection capabilities, which might be a game-changer in the VPN industry.

A NordLynx sneak peek for Linux users

As of this Wednesday, NordVPN’s Linux users can give NordLynx a test drive by updating their NordVPN app to the latest version and switching from the default OpenVPN protocol to NordLynx.

Here’s how:

  1. After updating your app, install WireGuard by following a tutorial for your Linux distro that you can find in NordVPN’s Help Center.
  2. Next, open the terminal and enter nordvpn set technology NordLynx.
  3. Once done, enter nordvpn c to connect to VPN.

If you want to switch back to OpenVPN, enter nordvpn set technology OpenVPN.

For those who use other operating systems, NordVPN promised to share tutorials for setting up NordLynx on any third-party VPN client that supports WireGuard.