VPN Protocol

The VPN protocol used by Qubetics is WireGuard.

It's a modern, open-source VPN protocol designed to be faster, simpler, and more secure than older protocols like OpenVPN or IPSec.

About WireGuard

WireGuard was originally created by Jason A. Donenfeld and is now integrated into the Linux kernel, making it extremely efficient and performant.

Unlike older VPNs that can be complex and heavy, WireGuard has a very small codebase (~4,000 lines vs hundreds of thousands for IPSec/OpenVPN). This smaller footprint means:

• Fewer bugs and vulnerabilities.

• Easier to audit for security.

• Faster performance.

How WireGuard Works

WireGuard establishes encrypted tunnels between devices using modern cryptography. Here's a technical breakdown:

1. Keys and Identity

• Each device (referred to as a peer) is assigned a public key and a private key, similar to SSH.

• Public keys function as "addresses" to identify and authenticate peers.

2. Connection Setup

• Peers exchange public keys in advance (out-of-band or pre-configured).

• When a peer initiates a connection, it sends a handshake request.

• WireGuard leverages the Noise Protocol Framework, a modern cryptographic framework, to establish secure connections.

3. Encryption

WireGuard employs state-of-the-art cryptographic algorithms:

• ChaCha20: For symmetric encryption

• Poly1305: For message authentication

• Curve25519: For key exchange

• BLAKE2s: For hashing

These algorithms ensure:

• Data confidentiality

• Message authenticity

• Data integrity

4. Routing

• Each peer maintains a list of allowed IP addresses (similar to a routing table).

• Traffic destined for any of these IPs is automatically routed through the encrypted tunnel to the appropriate peer.

5. Performance

• Kernel-space execution (on Linux): Operates at the kernel level for maximum efficiency.

• Low overhead: Significantly faster than user-space implementations like OpenVPN.