The Battle of Fast Modern VPN Protocols: WireGuard vs. Speedify

VPNs are becoming an integral part of our lives, as they provide online privacy and security. They also facilitate access to information by unblocking restricted content and avoiding internet censorship in certain areas. 

A VPN (virtual private network) works by creating a secure tunnel between the user’s device and a server in the cloud. All traffic goes through this tunnel, so no one can see what you’re doing online as long as you’re using a VPN. This article explains why you should also put speed in the equation when choosing your VPN. It also includes explained real life test results of WireGuard vs. Speedify that will help you determine which is the best of the two modern VPN protocols.

VPNs use secure protocols to send and receive data over the encrypted tunnel. Currently the most popular ones are:

• IPsec (Internet Protocol Security) - with its enhanced encryption protocols IKEv2, L2TP
• OpenVPN - based on SSL/TLS
• PPTP (Point-to-Point Tunneling Protocol)

Without going into details, the problem with these protocols is that they are basically sacrificing speed for security. The encryption algorithms used and the way it sends data through the secure tunnel slows down the connection speed for the VPN users while also adding latency (lag). Which is not cool at all when you’re streaming video or gaming online.

As their tagline says, WireGuard is a fast, modern and secure VPN tunnel (communication protocol). It provides better performance and lower power consumption than other existing VPN protocols, such as IPSec and OpenVPN. WireGuard is also very simple to set up when compared to the other “traditional” protocols. It can establish VPN sessions very quickly, often taking only a fraction of a second. Its first stable release was launched in February 2021.

Some of the VPN companies started implementing WireGuard in their solutions - these include NordVPN, Strong VPN and Private Internet Access, just to name a few. And since the protocol is praised by many, it’s expected that many other VPN services will include support for WireGuard in the future. Wireguard is designed to be extensible and makes it possible for third parties to augment it with additional features.

Since the beginning, Speedify is the only service that has taken a different approach than the one of traditional VPNs: using all available Internet connections to send and receive traffic through channel bonding (link aggregation) technology. This actually makes your connection faster and more reliable rather than slowing it down, like the other VPNs.

But now, in 2021, Speedify took a step further and launched more improvements to the Speedify protocol. These new optimizations allow up to 8 parallel transport connections to the VPN server on each of your Internet channels. For example, if you’re using both Wi-Fi and mobile data on your smartphone, the Speedify protocol can open up to 16 connections to the VPN server in parallel. Which makes sending and receiving data much faster and helps a lot on Internet connections with high packet loss - generally wireless ones - and high latency (e.g. Starlink).

As both protocols are a step forward from the traditional VPNs, here is a sweet section for those of you who are more tech savvy - we compare WireGuard and Speedify side-by-side in terms of specifications.

The main differentiators between WireGuard and the Speedify protocol are: 

• the transport protocol: WireGuard uses UDP only, which may turn out to be inadequate in some instances - e.g. hotels, conference centers, public network restrict communication to common HTTP and HTTPS protocols.
• Multiple sockets / connections support: WireGuard does not support sending information over multiple sockets over the same connection, nor can it handle aggregating multiple connections into a single “super pipe”.

That said, let’s see how these two compare in real life tests.

WireGuard vs. Speedify test setup: we need to compare apples to apples. So we installed the latest stable version of WireGuard on one of our servers. We used the same VPN server for all tests, running on Digital Ocean. All tests were performed with speedtest.net.

We ran tests using two different client devices: a Pixel 2 smartphone running Android 11 and a Ubuntu 18.04 Laptop with an i7-8565U on Verizon Fios Internet. The results in the summary table below are an average of 3 test runs.

For the packet loss tests, we used an OpenWrt router using netem to introduce packet loss into the network.

WireGuard vs. Speedify testing scenarios: First, we tested with a Linux laptop connected with Ethernet to the 1 Gbps connection. We ran speedtest.net with no VPN, WireGuard, and Speedify. This illustrates some typical conditions for working in an office / from home on a high speed broadband connection.

Then, we wanted to simulate real life conditions of moving around the house or through the city - we tested an Android phone with 25 Mbps Wi-Fi at various packet loss rates. The Wi-Fi network was backed by a 1 Gbps Verizon Fios Internet connection. We ran speedtest.net with no VPN for control, WireGuard, and Speedify on the same setup. Packet loss was configured with the OpenWrt router and we ran speedtest.net in single socket mode to simulate a single socket activity, such as downloading a file, watching a video, etc.

No failover tests were performed, as WireGuard breaks the connection on failover. However, this is one area where Speedify excels. Speedify is able to maintain the VPN session and seamlessly switch between different Internet connections, as the device leaves and joins different networks, without interrupting existing downloads, calls, etc.

WireGuard vs. Speedify test results: First looking at the high speed tests, Speedify was able to beat out WireGuard on high speed connections on both Linux and Android. For Linux, Speedify was 55% faster than WireGuard, while on Android Speedify is 220% faster. In both cases, Speedify came close to maxing out the available bandwidth that we saw without the VPN. There will always be some overhead to running a VPN, but Speedify has minimal impact on connection performance.

Things to consider:

1. It is important to note that these tests used the exact same devices, Internet connection, and server instance, so that the only difference was in client software and the VPN protocol and efficiency itself. We set up a single server to run both the Speedify software and WireGuard software to take out any effects of varying server performance, different routes over the Internet, etc.
2. Encryption - WireGuard uses ChaCha20 which is an efficient, purely software encryption algorithm, which can outperform other algorithms like AES when executed all in software by the processor. Speedify also does have support for using ChaCha20, but it first checks whether the processor has hardware support for AES. Most modern processors now include special hardware instructions for doing AES encryption, which can be more efficient than during the encryption purely in software. If Speedify detects that the device processor has support for hardware AES, it will use that, otherwise it falls back to using ChaCha. In both of these cases, the devices had hardware AES support, so that could be a key difference in the performance between the two.
3. Linux kernel vs userspace - On Linux, WireGuard is integrated into the kernel (the core of the operating system) and should be optimized with less data passing back and forth between the userspace (the code outside of the kernel) and the kernel, giving it a performance benefit. Speedify is a userspace VPN app. In this case, theoretically, WireGuard started with an advantage and yet it didn’t perform as well as Speedify.
   On the Android tests below, however, we tested the WireGuard app, which is a userspace implementation of the WireGuard protocol, putting it on even footing with the Speedify app, which is also a userspace VPN app.
4. Transport protocol - WireGuard uses only UDP as a transport protocol between the VPN client and server. Speedify has support for multiple protocols including TCP, UDP, and HTTPS. Speedify is able to automatically decide what type of transport connection to use in different scenarios to try to get the best performance. In these tests, Speedify was deciding to use a TCP transport with multiple parallel TCP connections to maximize the throughput on the high speed connection.

Conclusion: We think the major differences in performance at high speeds come from a combination of the encryption, transport protocol, and other optimizations and efficiency in packet processing that Speedify has.

WireGuard vs. Speedify test results for flaky connections: Speedify has a significant improvement in performance over WireGuard on a connection with packet loss, and even compared to the connection with no VPN at all. These tests were evaluating a single TCP socket with speedtest.net, which is analogous to a file download, watching a video, etc. When packet loss is introduced on a network, it can have a significant impact on performance as the loss increases. With 10% loss, our 25 Mbps connection was reduced down to around 1 Mbps. As the latency on a connection increases, the effects of loss become even more pronounced.

The WireGuard performance under packet loss tracks pretty closely to the performance without the VPN, but degrades a little below the no VPN case. However, Speedify is able to massively increase performance, especially at the higher loss levels.

The transport protocol plays an important role. With how much packet loss affects TCP performance, the natural choice for a transport protocol is UDP, because UDP will allow packets to be delivered out of order, allowing the VPN protocol to detect lost packets and recover them. It seems like WireGuard doesn't make any attempts to do packet recovery since its performance follows the case without the VPN. Speedify has lost packet recovery features with its UDP protocol and can often increase speeds above a single connection with packet loss. 

However, that is not what happened in these tests. Counterintuitively, Speedify was actually using the TCP transport in these tests. There are two key components that make this performance possible.

1. Speedify was using multiple TCP connections in parallel over the same connection, which can help to better utilize the connection bandwidth when packets are lost. If a single TCP connection loses a packet, it has to slow down and retransmit the packet, but the other parallel TCP connections can continue sending packets and pick up the slack.
2. BBR congestion control - Speedify’s servers are configured to use the BBR TCP congestion control algorithm, meaning each of these TCP transport connections was using BBR. BBR is a newer congestion control algorithm that much better handles packet loss and is able perform better than other connections when dealing with higher latency or packet loss.

Conclusion: As you can see, Speedify performs well with a variety of different network conditions. Speedify tries to make the best choices with encryption algorithms and transport connections to provide the best performance it can with different network connections and different devices.