Disclaimer: Affiliate links help us to continue bringing you new content. Learn more.
In July 2019, NordVPN announced that they created a new protocol to combat issues older ones have. It’s called “NordLynx,” and it’s based on the WireGuard framework.
NordLynx is a new-generation VPN protocol that provides faster speeds than other well-established protocols. Essentially, it’s an improved version of WireGuard.
Why Is a New Protocol Needed?
If you use any subscription VPN service, chances are you’re familiar with standard VPN protocols. Most services’ solutions for multi-platform VPNs use OpenVPN as their default protocol.
They use OpenVPN because it works on nearly every platform and can be customized because it’s open-source. However, OpenVPN is very complex and can slow down VPN connection speeds.
Also, WireGuard is not suitable for some tasks. For example, when it comes to downloading torrents with NordVPN, using WireGuard was risky. The problem was the static IP address assigned to the downloader. Users could be easily identified because of the unique IP address in the torrent swarm.
There was an obvious need to tweak the old protocol and come up with an improvement.
How Does the NordLynx Protocol Work?
NordLynx inherited the most impressive feature of the WireGuard protocol, which is its speed. For context, Wireguard has 4,000 lines of code powering it. OpenVPN has 100 times that amount of code, making WireGuard far leaner.
NordLynx corrects WireGuard’s security issues

One known issue with the WireGuard VPN framework is that it doesn’t have nearly the privacy features of more robust protocols, such as OpenVPN. Fortunately, NordLynx took care of many of these privacy issues.
The most significant security advantage that NordLynx has over WireGuard is that it utilizes a double NAT system. Unlike WireGuard, NordLynx puts users’ traffic through randomized IP addresses.
WireGuard assigns a static IP address to each user. And that’s dangerous because when using a unique IP, the users’ traffic could be traced back to them quite easily. That’s a major concern in the VPN world, and it’s the main reason why WireGuard was the target of so much criticism.
NordVPN cannot identify NordLynx users
The double Nat system also uses an external database, which takes care of user authentication. Each user is then assigned a temporary dynamic identity. Therefore, the VPN server won’t be aware of the user’s real IP addresses.
A Word of Caution
Though the first security and speed tests are very promising, you should still be cautious when using NordLynx. A large amount of testing still has to be performed to assess how secure NordLynx really is.
So far, the results are positive, but security researchers build their careers on discovering new vulnerabilities. The more recent the software or protocol, the higher the chances are of an unknown vulnerability.
We’re not advising you not to take advantage of NordVPN’s new protocol. We thought it was important to remind you to play it safe. In any case, NordVPN has always been good at publishing research findings. A good example of that is the logging audit performed on NordVPN in 2019.
My point is that, in the case of a compromised protocol, you would probably receive an email from them.
NordLynx Advantages and Disadvantages
Just like every VPN protocol out there, NordLynx has its own pros and cons:
Pros
- It eliminates WireGuard’s flaws
- Secure VPN connection with no flaws (so far)
- It’s very lightweight, which provides a fast connection speed
Cons
- It’s a new protocol, and it needs time and a lot of testing to exclude vulnerabilities.
How to Start Using NordLynx
Activating NordLynx is very simple. In the NordVPN app, click on the settings icon. In the menu on the left, choose Auto-connect. Finally, select NordLynx from the drop-down menu.

What Devices does NordLynx work with?
The screenshot above shows how the Windows version looks, but NorLynx is also available for Mac, Linux, Android, and iOS. You can activate it on most of those platforms in a very similar way. Linux users must enter the command “nordvpn set technology NordLynx” to enable it.
Other Parts of this Update
The July 2019 update is one of the biggest in NordVPN’s history. Since the main topic was the addition of NordLynx, much of the press is only about this part. NordVPN did not only add a protocol. They also removed some older and less secure VPN protocols.
It probably wasn’t a great idea to be using these anyhow. If you have your client configured to use them, you’ll need to update your connection preference. OpenVPN is the only one you can still use from all the previously available protocols, both UDP and TCP.
The Deleted protocols
NordVPN removed three protocols in this update. First, NordVPN used to offer SSTP. This protocol is closed-source and developed by Microsoft. However, none of its benchmarks are too remarkable, and it’s expensive. There were likely very few NordVPN users who were still connecting through SSTP.

A long-overdue removal was PPTP. This one is, without a doubt, the worst protocol to use on any front. Its speeds are usually poor, there’s a high packet drop rate, and it isn’t optimized for any activity.
It’s no longer being developed, and there are hundreds of known vulnerabilities. Due to leaked documents, there’s evidence that the NSA has cracked PPTP.
Though the initial recommendation for PPTP users was to switch to L2TP, this was short-lived. In contrast to the other protocols we have discussed, L2TP requires the use of an encryption suite. By itself, users would be completely unprotected, and L2TP was also removed in this update.
Conclusion
We know that WireGuard is the most straightforward, lightweight, and fastest protocol in the VPN industry. But it’s not very safe. That’s why the goal of NordLynx is to provide the speed of WireGuard and the secure connection that other top VPN protocols offer, such as OpenVPN.
As such, NorthLynx can be seen as a technological improvement over WireGuard.
If no problems come up with NordLynx after extensive testing, we are dealing with what could become the future industry standard.