What is Lightway and who developed it?

Lightway is a modern VPN protocol developed by ExpressVPN. Designed to be faster, lighter, and more secure than traditional protocols, it uses wolfSSL for encryption and focuses on quick connection times, battery efficiency, and reliability — particularly useful when switching between networks like WiFi and mobile data.

How does Lightway compare to OpenVPN and WireGuard?

Lightway sits in a similar category to WireGuard, prioritizing speed and simplicity over older protocols like OpenVPN. It has a smaller codebase (around 1,000 lines), making it easier to audit for security vulnerabilities. While WireGuard is open and widely adopted, Lightway remains primarily associated with ExpressVPN's ecosystem.

Is Lightway considered secure for everyday VPN use?

Yes, Lightway uses wolfSSL, a well-audited cryptographic library, and supports forward secrecy to protect past sessions if keys are compromised. ExpressVPN has subjected Lightway to independent security audits, and its lean codebase reduces the attack surface, making it a strong choice for security-conscious everyday users.

Does Lightway work on all devices and platforms?

Lightway is supported across major platforms including Windows, macOS, iOS, Android, and Linux through ExpressVPN's apps. ExpressVPN has also open-sourced the core Lightway library, meaning other developers can technically implement it, though real-world adoption outside ExpressVPN's own products remains limited compared to universal protocols like WireGuard.

Lightway

Lightway: ExpressVPN's Custom-Built VPN Protocol

What It Is

Lightway is a VPN protocol created by ExpressVPN and released to the public as open source in 2021. Unlike protocols that were adapted from existing networking standards, Lightway was built from the ground up with one goal in mind: to make VPN connections faster, lighter, and more stable than what traditional protocols could offer.

Think of a VPN protocol as the set of rules that governs how your device talks to a VPN server — how it establishes a connection, how it wraps your data in encryption, and how it handles interruptions. Lightway was designed to do all of this with as little overhead as possible.

How It Works

At the heart of Lightway is wolfSSL, a lightweight cryptographic library commonly used in embedded systems and Internet of Things (IoT) devices. This is a deliberate design choice — wolfSSL is lean, audited, and optimized for performance, making Lightway's codebase significantly smaller than protocols like OpenVPN.

Lightway supports both UDP and TCP transport. UDP is the default and preferred option because it's faster and has lower latency. TCP is available as a fallback when network conditions are restrictive or when UDP traffic is blocked.

One of Lightway's standout features is session resumption. When your internet connection drops — switching from Wi-Fi to mobile data, for example — Lightway can reconnect almost instantly without needing to re-establish the full handshake from scratch. This is a meaningful improvement over older protocols that treat every reconnection as a brand-new session.

Lightway uses ChaCha20 and AES-256-GCM for data encryption, depending on your device's hardware capabilities. Devices without hardware-accelerated AES (common in older smartphones) can benefit from ChaCha20, which performs well in software. This adaptive approach keeps the protocol fast across a wide range of hardware.

The entire Lightway core is available on GitHub, allowing independent security researchers to review and audit the code — something that increases trust in any security tool.

Why It Matters for VPN Users

Speed and reliability are two things VPN users consistently care about, and Lightway was engineered to address both.

Faster connections mean you spend less time waiting for the VPN to connect and more time actually using it. Lightway's lightweight design means the handshake that initiates your encrypted session completes in a fraction of the time it takes with OpenVPN.

Lower battery drain is a genuine advantage for mobile users. Because Lightway does less computational work to maintain your connection, your phone's battery lasts longer during extended VPN use — a noticeable benefit if you keep a VPN running all day.

Better handling of network changes matters more than most people realize. If you commute, work from coffee shops, or frequently switch between networks, older protocols can leave you temporarily exposed or force you to manually reconnect. Lightway's session resumption handles this gracefully in the background.

Practical Use Cases

Mobile users who need an always-on VPN without draining their battery will find Lightway particularly well-suited to their needs.
Travelers moving between hotel Wi-Fi, mobile data, and airport networks benefit from Lightway's fast reconnection after network switches.
Streamers who want low latency and consistent throughput can take advantage of Lightway's speed optimizations.
Security-conscious users who want a protocol with a small, auditable codebase — meaning fewer places for vulnerabilities to hide — will appreciate its open-source design.

Lightway is currently exclusive to ExpressVPN's apps, so it's not available as a standalone option the way OpenVPN or WireGuard is. If you're comparing VPN providers and speed with reliability is a priority, Lightway is one of the stronger proprietary options available today.

LightwayIntermediate

Lightway: ExpressVPN's Custom-Built VPN Protocol

What It Is

How It Works

Why It Matters for VPN Users

Practical Use Cases

// FAQ