If you use any subscription VPN service, chances are you’re familiar with common VPN protocols. Most services’ solutions for multi-platform VPNs utilize OpenVPN. They use OpenVPN because it works on nearly every platform and can be customized because it’s open-source. However, OpenVPN is very complex, and this can slow down VPN connection speeds.
In July 2019, NordVPN announced that they were creating a new protocol to combat issues older ones have. Called “NordLynx” and based on the WireGuard framework, this protocol is far less complex and faster. For context, WireGuard is a VPN protocol that has 4,000 lines of code powering it. OpenVPN has more than 100 times that amount of code, making WireGuard far more lean. Essentially, NordLynx is a slightly tweaked version of WireGuard.
Features and Advantages of NordLynx
One known issue with the WireGuard VPN framework is that it doesn’t have nearly the privacy features of OpenVPN. Fortunately, NordLynx took care of many of these privacy issues. While you’re researching VPNs, be sure not to write this one off if you see problems with WireGuard’s security.
NordLynx utilizes a “double NAT” system. Unlike WireGuard, NordLynx puts all users’ traffic through one IP address. WireGuard assigns a unique IP to each user, which is a major concern in the VPN world. It means that users’ traffic could be traced back to them quite easily.
The way NordLynx works is pretty simple. Your basic profile information is the only content NordVPN will get about you. The server authenticates each user. Then, users get a “temporary dynamic identity”. All this means is that a randomized number is used for any minimal logging performed. Examples of common logging practices to debug are logging connection and disconnection times. And even information as trivial as that is destroyed within days.
It should be noted that NordVPN uses an external database to hold hashed and salted versions of users’ credentials. A hacker would need to first find some way to obtain this database. They’d then need to figure out the salt (this is a massive string of characters used to further obfuscate credentials). Finally, they’d need to use “rainbow tables” (tables of hash values) to figure out passwords. The likelihood of this is so remote it’s almost non-existent.
From there on out, NordLynx forwards users to a gateway. At this point, they’re fully internally anonymous. In other words, NordVPN cannot identify users when they hit this stage. The gateway uses one static IP address and performs all user requests. Pooling users’ traffic together like this drastically reduces the chances that digital surveillance efforts will succeed.
Like OpenVPN, NordLynx is cross-platform compatible. It is not available if you’re solely using the NordVPN browser extension.
A Word of Caution
Though there’s never a guarantee of complete anonymity, you should be even more cautious when using NordLynx than when you use established protocols. A large amount of testing has been performed to assess how secure NordLynx is. Their results are positive, but security researchers’ careers are based on finding new vulnerabilities. The more recent the software or protocol, the higher the chances are of an unknown vulnerability.
We’re not advising you not to take advantage of NordVPN’s new protocol. We thought it was important to remind you to check the latest security news regularly. In any case, NordVPN has always been good about publishing research findings. You would probably know from an email from them if the protocol had been compromised.
Other Parts of This Update
The July 2019 update is one of the biggest in NordVPN’s history. Since the main topic was the addition of NordLynx, much of the press about it only talks about this portion. NordVPN did not only add a protocol. They also removed some older and less secure VPN protocols. It probably wasn’t a great idea to be using these anyhow. If you have your client configured to use them, you’ll need to update your connection preference. From all the previously available protocols, OpenVPN is the only one that you can still use, both UDP and TCP.
Recall that NordLynx is simply a more secure and customized version of WireGuard. Traditional WireGuard is useful because its speeds are unparalleled by any other protocol. Though it’s tempting to save all of that time, WireGuard has some known security issues. It’s fine to experiment with this protocol, even though NordVPN doesn’t allow you to utilize it within their app. You shouldn’t trust that it will keep you secure online. NordLynx is the way to go if you’d like to use WireGuard’s technology.
The Deleted Protocols
There were three protocols removed in the update. First, NordVPN used to offer SSTP. This protocol is closed-source and developed by Microsoft. However, none of its benchmarks are too remarkable, and it’s expensive. There were likely very few users who still connected through SSTP.
A long overdue removal was PPTP. This one is, without a doubt, the worst protocol to use on any front. Its speeds are usually poor, there’s a high packet drop rate, and it isn’t optimized for any activity. It isn’t actively developed anymore, and there are hundreds of known vulnerabilities. Due to leaked documents, there’s evidence that the NSA has cracked PPTP.
Though the initial recommendation for PPTP users was to switch to L2TP, this was short-lived. L2TP is different from the other protocols we’ve gone over in that it requires the usage of an encryption suite. By itself, users would be completely unprotected. Unfortunately, this is another one that’s likely been cracked by the NSA. It’s also notorious for causing firewall issues. L2TP was the last protocol to be removed in this update.
NordLynx has the goal of providing the speed of WireGuard and the security offered by other top VPN protocols, such as OpenVPN. It is indeed very promising, but you should keep your eyes opened because of its young age. There may be some security issues yet to be discovered.
We know that WireGuard is the most straightforward protocol and is easy for experts to debug, but it’s not very safe. NordLynx is an improvement of that protocol, which will give you the best of both speed and security.
If no problems come up with NordLynx after extensive testing, then we definitely have a winner.