In July 2019, NordVPN announced that they created a new protocol to combat issues older ones have. It’s called “NordLynx,” and it’s based on the WireGuard framework.
NordLynx is a new-generation VPN protocol, and it provides faster speeds than other well-established protocols. Essentially, it’s an improved version of WireGuard.
Why is a new protocol needed?
If you use any subscription VPN service, chances are you’re familiar with standard VPN protocols. Most services’ solutions for multi-platform VPNs use OpenVPN as their default protocol.
They use OpenVPN because it works on nearly every platform and can be customized because it’s open-source. However, OpenVPN is very complex, and this can slow down VPN connection speeds.
Also, WireGuard is not suitable for some tasks. For example, when it comes to downloading torrents with NordVPN, using WireGuard was risky. The problem was the static IP address assigned to the downloader. Users could be easily identified because of the unique IP address in the torrent swarm.
There was an obvious need to tweak the old protocol and come up with an improvement.
How does the NordLynx protocol work?
NordLynx inherited the most impressive feature of the WireGuard protocol, which is its speed. For context, Wireguard has 4,000 lines of code powering it. OpenVPN has 100 times that amount of code, making WireGuard far leaner.
NordLynx corrects WireGuard’s security issues
One known issue with the WireGuard VPN framework is that it doesn’t have nearly the privacy features of more robust protocols, such as OpenVPN. Fortunately, NordLynx took care of many of these privacy issues.
The most significant security advantage that NordLynx has over WireGuard is that it utilizes a double NAT system. Unlike WireGuard, NordLynx puts users’ traffic through randomized IP addresses.
WireGuard assigns a static IP address to each user. And that’s dangerous because when using a unique IP, the users’ traffic could be traced back to them quite easily. That’s a major concern in the VPN world, and it’s the main reason why WireGuard was the target of so much criticism.
NordVPN cannot identify NordLynx users
The double Nat system also uses an external database, which takes care of user authentication. Each user is then assigned a temporary dynamic identity. Therefore, the VPN server won’t be aware of the users’ real IP addresses.
It’s important to note that, just like in any other protocol, NordVPN has a no-logging policy with NordLynx.
A Word of Caution
Though the first security and speed tests are very promising, you should still be cautious when using NordLynx. A large amount of testing still has to be performed to assess how secure NordLynx really is.
We’re not advising you not to take advantage of NordVPN’s new protocol. We thought it was important to remind you to play it safe. In any case, NordVPN has always been good about publishing research findings. In the case of a compromised protocol, you would probably receive an email from them.
NordLynx advantages and disadvantages
Just like every VPN protocol out there, NordLynx has its own pros and cons
- It eliminates WireGuard’s flaws
- Secure VPN connection with no flaws (so far)
- It’s very lightweight, which provides a fast connection speed
- It’s a new protocol, and it needs time and a lot of testing to exclude vulnerabilities.
How to start using NordLynx
Activating NordLynx is very simple. In the NordVPN app, click on the settings icon. In the menu on the left, choose Auto-connect. Finally, select NordLynx from the drop-down menu.
What Devices does NordLynx work with?
In the screenshot above, we see how the Windows version looks, but NorLynx is also available for Mac, Linux, Android, and iOS. You can activate it on most of those platforms in a very similar way. Linux users will have to enter the command “nordvpn set technology NordLynx” to enable it.
Other Parts of This Update
The July 2019 update is one of the biggest in NordVPN’s history. Since the main topic was the addition of NordLynx, much of the press is only about this part. NordVPN did not only add a protocol. They also removed some older and less secure VPN protocols.
It probably wasn’t a great idea to be using these anyhow. If you have your client configured to use them, you’ll need to update your connection preference. OpenVPN is the only one that you can still use from all the previously available protocols, both UDP and TCP.
The Deleted Protocols
NordVPN removed three protocols in this update. First, NordVPN used to offer SSTP. This protocol is closed-source and developed by Microsoft. However, none of its benchmarks are too remarkable, and it’s expensive. There were likely very few NordVPN users who still connected through SSTP.
A long-overdue removal was PPTP. This one is, without a doubt, the worst protocol to use on any front. Its speeds are usually poor, there’s a high packet drop rate, and it isn’t optimized for any activity.
It’s no longer being developed, and there are hundreds of known vulnerabilities. Due to leaked documents, there’s evidence that the NSA has cracked PPTP.
Though the initial recommendation for PPTP users was to switch to L2TP, this was short-lived. L2TP is different from the other protocols we’ve gone over in that it requires the usage of an encryption suite. By itself, users would be completely unprotected, and L2TP was also removed in this update.
We know that WireGuard is the most straightforward, lightweight, and fastest protocol in the VPN industry. But it’s not very safe. That’s why the goal of NordLynx is to provide the speed of WireGuard and the secure connection that other top VPN protocols offer, such as OpenVPN.
As such, NorthLynx can be seen as a technological improvement over WireGuard.
If no problems come up with NordLynx after extensive testing, we are definitely dealing with what could become the future industry standard.
Nevertheless, you should keep your eyes open as it is still a young protocol. There may be undiscovered security vulnerabilities.