Wireguard vs OpenVPN: which is better?
WireGuard and OpenVPN are names that any regular VPN user would recognise. Chances are, you yourself wake up everyday and choose whether you want your internet traffic to be encrypted by one VPN protocol or the other.
But what are the differences between OpenVPN and WireGuard? Which one is faster, and which one is more secure? Is there a point in choosing only one, or should you use them interchangeably?
These and many other questions answered in this WireGuard vs OpenVPN comparison review. We’ll look at their speed performance, encryption, security and privacy, auditability, and compatibility. Just keep on reading!
Wireguard vs OpenVPN
Here’s how WireGuard and OpenVPN compare to each other in terms of speed, encryption, security, auditability and compatibility:
|Encryption:||High||Low to high (configurable)|
What is Wireguard?
WireGuard is a modern VPN tunneling (communication) protocol that uses UDP (User Datagram Protocol) for data transferring. It is used for Virtual Private Networks (VPNs) and transferring regular data traffic, as it is generally very fast.
WireGuard, and any other tunneling protocol’s place in the network stack is in the transport layer. It also uses the TUN drivers by default - these drivers are responsible for correctly routing your traffic, encryption and logic such as split tunneling.
What is OpenVPN?
OpenVPN is a tunneling protocol mainly used for VPNs, and it transfers data with either UDP or TCP. It has been around for a long long time, and is the “tried and tested” protocol, which some may consider an advantage over other VPN protocols. It can be implemented on a variety of operating systems.
However, despite being widely popular and used virtually everywhere, OpenVPN is relatively slow by modern standards. This is mostly due to it not being designed with modern processors in mind.
Nevertheless, it is still very secure and preferred by many. For example, most obfuscated VPN servers use OpenVPN as their primary protocol, as well as more routers support it. OpenVPN, as mentioned, also can transfer data with TCP, which is important if you want very stable connections.
Most VPN’s on today’s market have OpenVPN as one of the tunneling protocol options.
Wireguard vs OpenVPN - a full comparison
Now that we’ve looked at what WireGuard and OpenVPN protocols actually are, it is time to make some comparisons and see how they stack up against each other in various categories such as speed, encryption, etc.
We did a speed test of both WireGuard and OpenVPN protocols using Surfshark VPN. Here’s what OpenVPN vs WireGuard performance looks like:
- Baseline: 300 Mbps download/300 Mbps upload
|Location/protocol||WireGuard download speed||WireGuard upload speed||OpenVPN UDP download speed||OpenVPN UDP upload speed||OpenVPN TCP download speed||OpenVPN TCP upload speed|
As is evident from the table, WireGuard is generally faster than OpenVPN by around 52% regarding download speeds, and by approximately 17% when it comes to upload speed.
If we look at individual protocol performance and how far they stray from the baseline speed, WireGuard retains close to half (45.2%) of the original 300 Mbps upload speed, and around 86% of the download speed.
On the other hand, OpenVPN UDP’s speeds see a 54% drop in the original upload speed. Download speeds go down even more, dropping by around 59%.
The OpenVPN TCP protocol is obviously very slow in both download and upload departments, but that is no surprise, as its primary function is stability, and not speed. So, there is really no point in comparing it to the WireGuard and OpenVPN UDP protocols.
All in all, the WireGuard protocol is definitely faster than the OpenVPN protocol, and the good news is that it doesn’t compromise the security to achieve that.
Encryption is what makes a VPN protocol suitable for, well, VPNs. Let’s take a look and compare the encryption of WireGuard and OpenVPN.
|Encryption:||ChaCha20||AES, Blowfish, Camellia, also supports ChaCha20|
OpenVPN has configurable encryption options, meaning that one can choose whether the encryption of transmitted data is stronger or weaker. Such configurable encryption also allows for either slower or faster speeds on devices or servers that are generally slower.
Currently, there are six supported encryption ciphers that a user can choose from, weakest to strongest: AES-128-CBC, AES-192-CBC, AES256-CBC, AES-128-GCM, and AES-256-GCM. Other ciphers were also previously available, but are no longer supported as of now. OpenVPN also uses a variety of hashing algorithms for authentication processing, ranging from very strong to very weak.
The WireGuard protocol uses ChaCha20 encryption, which is kind of similar to AES-256-GCM in terms of security strength, and thus is the strongest level of encryption as of now. For authentication processing, WireGuard employs the Poly1305 Hashing function, which is probably the most universal, and very secure.
In summary, while OpenVPN allows for variety in encryption levels, and WireGuard doesn’t, they both use the latest technology to encrypt the transmitted data.
In terms of privacy, there is not a lot to say when it comes to specific VPN protocols, because they are just components that make up Virtual Private Networks as services. This more so comes down to specific providers and their view towards user data, anonymity, and privacy.
That said, in the humble beginnings of WireGuard, there was an instance of storing IP addresses on the server. However, this issue has since been fixed. Besides, if OpenVPN is configured incorrectly, it can have the same problem, so there is no real point in comparing the protocols to one another in this regard.
VPN tunneling protocols need to be audited from time to time to make sure they are reliable and don’t contain any malicious code or vulnerabilities that could be exploited for the greater bad. This is done by inspecting the code.
The amount of data which needs to be checked is what determines higher or lower auditability - the more lines the code has, the lower the auditability.
|Code length:||~4,000 lines||~70,000 lines|
When it comes to WireGuard vs OpenVPN, it is nice to know that both protocols are open-source. However, that doesn’t mean that it is equally easy to audit them.
WireGuard is more auditable than OpenVPN. Its current version has just around 4000 lines of code, which is approximately five times less than the OpenVPN files and codelines. Thus, OpenVPN has low auditability, because it would require a team of experts and a lot of time to conduct a thorough inspection of the code.
Despite that, both protocols have been audited and their bugs and vulnerabilities have been fixed and patched, so as of now, there is no need to worry.
A VPN protocol must be compatible with various operating systems and not too difficult to implement for it to be widely recognized and used.
One advantage OpenVPN has over WireGuard is that it has been around for much longer, and many experts and VPN makers have already familiarized themselves with it quite closely. They know how it works, the implementation process, and other peculiarities.
Besides, OpenVPN is compatible with basically any operating system, which makes it extremely versatile. And if you'll want to set up a VPN on your router, OpenVPN would be the best for that.
WireGuard, on the other hand, was primarily designed for Linux, specifically with the intention of integrating it into the Linux kernel. Versions for other operating systems followed only some time later after the initial release. On top of that, a very small number of routers support WireGuard.
Also, because it is still a relatively new protocol, it is far less widely spread than OpenVPN, and not every “IT expert” on the face of the earth knows the workings of it. However, it is becoming increasingly popular with VPN providers due to its easy auditability and speed.
Both OpenVPN and WireGuard are really secure open-source VPN protocols, if properly implemented. However, WireGuard is newer and faster than OpenVPN, because it was designed with modern devices and processors in mind. It is also easier to maintain.
Nevertheless, OpenVPN has been around for a very long time, and is therefore compatible with many operating systems and overall very versatile. A lot of people actually know how it works, and thus it is more popular, and in some cases more useful than WireGuard.
Can WireGuard replace OpenVPN?
No, it is not likely that WireGuard will completely replace OpenVPN. OpenVPN is supported by more routers than WireGuard, and it also can operate with TCP, which offers more stable connections than UDP, and is generally better for remote connections as well. Thus, there are areas where OpenVPN cannot be replaced by WireGuard.
Is WireGuard safe in 2022?
Yes, WireGuard is still safe to use in 2022. There were concerns regarding the security of WireGuard because a vulnerability was discovered in Q1 of 2022, but it is not something uncommon. By contrast, OpenVPN has had 83 vulnerabilities found and fixed during its lifetime, whereas WireGuard has had only two.
Is OpenVPN more secure than WireGuard?
No. OpenVPN and WireGuard use AES-256-GCM and ChaCha20 encryption, respectively, which offer similar levels of security. The only really important difference is that OpenVPN’s encryption is configurable and can be set to be lower. In addition, both WireGuard and OpenVPN use hash functions for message authentication processes.
Is WireGuard the fastest VPN protocol?
No, there are faster VPN protocols than WireGuard, however, they usually don’t have any encryption, or use basic TLS encryption. That said, WireGuard is the fastest secure VPN protocol on the market right now.