A core reason for creating Lightway was the need for a VPN protocol that was designed for all the things that a privacy focused, high performance VPN platform needs. Unlike Wireguard, Lightway does not need a wrapper, it provides these features out of the box for everyone.
Wireguard is a great VPN protocol, but it was designed for a very different use case.
Edit: My apologies, I should have first introduced myself as the creator of Lightway at ExpressVPN :)
To be honest, I’m pretty familiar with the top VPN providers and I’ve never heard of ExpressVPN. When I Google it, I immediately receive so many explicit ads for your service and a bunch of obviously promoted blog posts comparing garbage VPNs to your service. Creating a VPN protocol from scratch is ambitious and going to take some pretty heavy hitters to join and contribute to this protocol to gain trust in a pretty guarded community.. maybe that isn’t your intended customer though.
You say WireGuard was designed “for a different use case”.. that’s an extremely cryptic (buh dum tiss) thing to say. Do you seriously envision Mullvad or other VPN service providers adopting your protocol? At face value, I will conjecture and come from pessimistic point-of-view: this more of a niche feature of your product, appealing to a type of techy mindset where shiny new tools are somehow better.. which is playing with fire when it comes to encryption for privacy..
For anyone reading this, don’t listen to anyone here. Just go to https://privacytools.io and use those providers.
I would love to see Lightcore and ExpressVPN listed on that site someday.. good luck
Native Wireguard ties keys to specific internal IP addresses or ranges. This is not an issue for many use cases such as between friends for gaming or by a business to connect remote users to their corporate network. There's no inherent security issue here.
However, this is undesirable for a VPN provider that has a focus on preserving privacy. In this case you want users to get a new IP address each time they connect so that there is nothing in common across connections. This matters to us and so Lightway has this as a core design feature. To get that in Wireguard, an additional layer needs to be added.
I certainly believe that Lightway could be an excellent alternative for any provider who doesn't want (or isn't able) to implement Wireguard. Lightway is Open Source and it has had a full security audit that has been publicly released. Other providers are most welcome to look at Lightway and decide for themselves whether they think it offers them anything of value.
ExpressVPN is a very well known VPN service IMO. I've certainly heard of it from several people, and seen it often in lists of VPN recommendations. Can't speak to the other points you raise, but ExpressVPN is certainly a known company in the field...
I would love to see some benchmarks comparing lightway to Wireguard, OpenVPN and other protocols added to the repo. Specially on Battery usage while idle and Performance over a unstable connection.
Also I don't really get this? This to be looks like just the core library that details the protocol and nothing else around it.
Like this is really just wolfSSL + wire format. You'd still have to write the code for getting the data to the server (Handle all retransmission and other stuff), write clients (possibly kernel modules for layer 3 performance) for all major OS, write a server to handle traffic forwarding. And if you're doing all that, one might as well make their own format. Are there plans to release the other parts separately?
Lightway Core is designed specifically to be embeddable and to work well on any platform without making assumptions about how that platform works (i.e. OpenVPN assumes a tun-like device).
The comparison to WolfSSL is a good one because it was inspired by their library's design. As WolfSSL is to SSL, Lightway Core is to VPN tunnels. Just like WolfSSL, how you use Lightway Core is really up to you.
For example, if you wanted to create a VPN that connects over Google Sheets or uses DNS messages, you’d be able to do that easily with Lightway Core.
I'm more than happy to answer any questions you might have about Lightway vs Wireguard.
The reason we have a CLA is that we want to be upfront and transparent about what happens when someone contributes code to the project. It is important to note that the author maintains ownership of their contribution at all times and that we will immediately release the contribution under the GPL 2.0 license. This helps to protect the project by ensuring that any code in the repository can be released under the GPL 2.0 license both now and in the future. This is why the Apache Foundation requires a CLA for all contributions - the intent is to protect everyone's interests.
As part of any code contribution, we will list the author's name and what was contributed so that the author will get full recognition for their work.
Wireguard is a great VPN protocol, but it was designed for a very different use case.
Edit: My apologies, I should have first introduced myself as the creator of Lightway at ExpressVPN :)