A comparison of Wireguard vs OpenVPN makes a lot of sense, as they are two of the most popular VPN protocols today, along with IPsec. However, Wireguard is only a few years old, while OpenVPN has been around for over 20 years. In this article, we’re going to take a look at the main differences between these protocols, to see which one is faster, more secure, more useful, and easier to install.
What is a VPN protocol and why does it matter?
Before analyzing the protocols, let’s briefly recall what a virtual private network or VPN is: roughly speaking, it is a way of extending a private (local) network to a public network (Internet) so that we can connect to said local network and send and receive data as if we were part of it, but doing it from outside.
This opens up a whole range of possibilities for two different bands:
- On the one hand, all the data that is transmitted through the VPN will be fully encrypted from our computer to the VPN server, so that neither our Internet Service Provider (ISP) nor any entity with access to our data traffic will be able to identify what there are in the connections to the VPN.
- On the other hand, by being connected to the local network of the VPN server, we will be able to connect to local resources such as an intranet or a NAS, without the need to expose them to the rest of the Internet.
Everything goes, as we see, around security, but also speed, reliability, etc. Let’s not forget that we are adding a middle ground to our Internet connections, so we should not have a slow VPN.
So, it is understood that the VPN protocol used is very important. These VPN protocols or systems provide us with the server to use, and also the client that allows us to connect to the server, or the way to establish a connection so that it is a component of our own operating system that provides the client functions.
Wireguard vs OpenVPN
First, a little history. WireGuard was born in 2016 with the aim of providing a VPN tunnel software and protocol especially oriented towards simplicity, with small and clean code that gives you greater ease of use, performance, and more security by having fewer potential attack points. For a couple of years, it has been becoming extremely popular, and more and more commercial VPN services and users are using it. For example, in the case of CloudFlare and its VPN Warp.
On the other hand, OpenVPN is quite a veteran: it was born in 2001, so we can use it with practically any device. Like WireGuard, it is totally free and open source (although it has a paid enterprise version), and over the years its security has been proven.
Now let’s see how they compare in different characteristics of great relevance.
WireGuard makes use of ChaCha20 (encryption) and Poly1035 (authentication) cryptographic algorithms. The former is very similar to the popular AES-256 and has the advantage that it works very well with “normal” CPU instructions, while AES requires specific instructions that some processors might not have. We will talk about this in the speed part. As for security, Google already uses them to encrypt traffic on Android, so imagine how secure it is.
As for OpenVPN, they opt for AES encryption and other algorithms like Blowfish or Camellia. It also supports ChaCha20-Poly1305 and more. The point is that there are no known vulnerabilities for both OpenVPN or WireGuard currently, so in both cases, the security is very high.
Note that OpenVPN uses OpenSSL, which is the reason that encryption algorithms can be selected, something that cannot be done in Wireguard, which allows for a simpler code. Fortunately, using such strong algorithms is something that should not worry us at all. In addition, the simplicity of the code also allows for better auditing: it is much easier to detect a problem in the WireGuard code, and not in the “horror” of OpenVPN and IPSec, as Linus Torvalds, the creator of Linux, put it.
Winner: It is a clear tie.
Usability and Privacy
At this point, by usability we mean the ability of the VPN to allow us to access censored content, and in privacy how good these VPN protocols are at guaranteeing our anonymity.
In terms of usability, OpenVPN is clearly better out of the box than WireGuard. There are two basic reasons:
- WireGuard works only under a UDP-type connection (see the differences between TCP and UDP ), these are much faster, but they pose difficulties when connecting from countries with strong censorship systems like China. With OpenVPN, we can choose between TCP and UDP.
- WireGuard does not provide traffic obfuscation, so it could be identified as coming from a VPN, and therefore be blocked by the server we want to access. Luckily this can be fixed with an additional software layer like
It could be said that OpenVPN provides more options to bypass both the censorship of countries and the blocking of certain services for use with VPN. However, one must remember the added difficulty of configuration and that WireGuard with an additional program on top of it could be more effective and easier to configure.
Regarding privacy, one of WireGuard’s weaknesses is that it has to keep a list of authorized IPs for the duration of the VPN’s working session. This is something that does not happen with OpenVPN. Fortunately, there are safe ways to get around this problem, masking IPs from WireGuard, but it makes clear that OpenVPN could be more interesting these days in environments where anonymity is especially necessary. We are talking, for example, of countries in which the mere use of a VPN can be penalized by law.
Winner: OpenVPN demonstrates better capabilities in terms of ensuring privacy, and bypassing censorship, but in environments that are not particularly sensitive to this, WireGuard also works well.
Speed, the big point where WireGuard vs OpenVPN wins
Thanks to its much simpler architecture and more optimized code, the use of UDP, and the cryptographic algorithms used, there is a broad consensus that WireGuard is faster than OpenVPN, especially if it is under TCP.
For example, we found numerous tests on the Internet where OpenVPN represents a clear reduction in speed compared to browsing without VPN. This is something that, by the way, should not happen with IPSec.
In this part, we conclude that OpenVPN is less suitable in environments where the loss of speed is one of the last priorities. We must also take into account that WireGuard usually supposes much less extra traffic, which gives us another advantage in speed and allows us to navigate more in case of having a data/traffic limit.
Winner: Landslide, WireGuard
Ease of installation
As a final point, there is also a widespread consensus that WireGuard is much easier to install than OpenVPN, at least on the server side, although there are some nuances to this.
If we compare the installation of the server “from scratch” and through the terminal, where we have all the control, WireGuard is infinitely easier to get up and running and configure. What perhaps benefits OpenVPN is that, as it is supported by more devices, we can find devices that allow us to configure it easily, through a simple graphical interface, for example in some routers. In any case, WireGuard is actually easier to install.
Another story can be the client side, where we return to the same thing: if there are more devices and systems that support OpenVPN natively, we will not have to install additional software to make it work. But this is very relative.
Conclusions: WireGuard vs OpenVPN, which one to choose?
In conclusion, we can see that this WireGuard vs OpenVPN fight is not as simple as it seems. The simplicity on which WireGuard is built has certain negative implications in environments where there is an exaggerated need for privacy, although there are usually simple ways around this. That is why we can reach the following conclusion:
- If we are going to set up a VPN on our own and we want it to be secure, reliable, and provide us with privacy, WireGuard is more than enough, and it will also give us speed and ease of installation. This is the best for 99% of users, and proof of this is the growing number of commercial VPNs that use WireGuard as their communication protocol.
- However, if we have a very special need to bypass censorship, or we live in a place where the use of VPN is penalized, OpenVPN may be a more interesting option.
- Finally, we must remember that some streaming services do their best to block traffic from VPNs, as is the case with Ahí, it is likely that we will have problems with both types of VPNs, as we have seen.
We recommend reading the best routers on the market.
Remember that both programs have proven security, although OpenVPN has a seniority that for some will give more reliability. We believe that WireGuard is the most suitable for a home installation. Also, as we say, more and more commercial VPNs use this protocol. They all work under OpenVPN, but of the 15 most popular VPNs, more than half offer the possibility of using WireGuard for the highest speed.