Simplified Privacy

OpenVPN vs WireGuard: Which one should you use?

Many VPNs offer the same protocols and give the user the option to choose from which protocol to use. The two most popular choices are OpenVPN and Wireguard. Each of them have different advantages and use cases. And if you really want to learn how to become a ghost, subscribe for free to our new content by email, by Session messenger, RSS feed, or Nostr.

OpenVPN

OpenVPN has been around much longer than Wireguard. With an initial release in 2001 and over 5 million downloads worldwide, OpenVPN has been heavily penetration-tested and stood it’s ground.

The OpenVPN protocol is not only supported by nearly all major commercial VPN providers, but it also provides an open source framework for a random user to turn a cloud into their own private VPN more easily than other protocols.

The main advantage of OpenVPN is its long history of being secure and reliable, as well as being the most anonymous VPN. The disadvantage is that it’s slower than Wireguard.

Wireguard

Wireguard is a relatively new competitor to OpenVPN, having initially had experimental versions released in 2018. With funding from some of the top VPN providers, as well as (ironically) the US government via the Open Technology Fund, Wireguard is able to provide much faster internet traffic speeds compared to OpenVPN because of its multi thread approach.

Wireguard has less code

Wireguard has just 4,000 lines of code, which is significantly less than OpenVPN (with over 70,000). So some consider Wireguard more secure because it can be audited more easily. Also because Wireguard has less code, it has a lower attack surface for penetration.

Wireguard’s Anonymity Flaws

The Wireguard protocol does, however, have some requirements that, if not properly implemented by the VPN provider, could lead to it being less anonymous, and therefore less private.

Since these requirements/flaws place a larger responsibility on the VPN provider to correctly implement solutions to it, some criticize Wireguard for forcing VPN users to put even greater trust in the VPN provider.

Wireguard temporarily “logs” IP addresses

Wireguard requires the user’s IP address to be stored in the server’s memory while being used. Some consider this a form of IP address logging. Now each VPN provider handles this differently.

Some VPN providers like Mullvad and OVPN erase the map between IP addresses and encryption keys as soon as there has been no communication between the end user and the VPN server for 3 minutes. This is solving the problem by constantly “deleting the logs”.

Another approach is to assign users a fake 2nd internal IP address just to use Wireguard. This is the approach that NordVPN takes with its “double NAT” policy. NAT is the process of turning a public IP address private. So NordVPN claims they are doing this twice to avoid the Wireguard log issue.

There is heated debate over if Wireguard is anonymous and private enough. But everyone agrees, Wireguard requires more discretion on the part of the VPN provider to carefully deal with this data issue.

OpenVPN Beats Censorship

OpenVPN is better than Wireguard for situations in which either the website or the ISP block VPNs. To understand why OpenVPN can bypass these VPN restrictions more easily, let’s first learn how regular websites do encryption without a VPN.

Even without a VPN, a regular website is encrypted with HTTPS to prevent anyone in-between you and the website’s server from stealing data like passwords or credit card numbers. So WITHOUT a VPN, the ISP (internet service provider) can see which website you go to, but can NOT see what you actually do on that website.

Ports are like lanes on a highway for traffic. Different things take on different ports to avoid a conflict. (Think of the metaphor of a traffic jam.) Normal websites use Port 443 to send traffic and the TCP protocol.

Because OpenVPN can use the same port as regular websites (443 on TCP), it can sometimes trick a firewall or even a website into thinking this is just normal website traffic, where as Wireguard is clearly seen by firewalls as a VPN by only allowing UDP packets. But as we discussed earlier, UDP (and therefore Wireguard) is faster.

Conclusion & Summary

OpenVPN is more anonymous and private, but this comes at the price of slower speeds. Wireguard is newer and much faster, but requires more trust in the VPN providers in dealing with the temporary IP logging issue.

Because Wireguard is so much faster, it might be more appropriate to use in situations where anonymity is less important, such as for live video.

However, you should be aware that some live video platforms like Google Meet have vulnerabilities to leak your real IP address even when using a VPN. These are known as WebRTC leaks and Wireguard puts you more at risk for it as we will discuss in our future article.

OpenVPN is better for evading bans on VPNs and is also required for use if you first routed traffic through Tor:

You -> Tor -> OpenVPN -> Website

This is because Tor uses TCP packets, and Wireguard only does UDP.

Here at Simplified Privacy, we can help give custom tailored advice based on your needs. If you are feeling overwhelmed with the technical knowledge of trying to be private or having issues with a VPN or Tor being banned, reach out to us and chat anonymously. Get our newest content by subscribing for free to our new content by email, by Session messenger, RSS feed, or Nostr.

Related Articles

Privacy Checklist

Here’s some concrete steps you can take to aid you on your journey. Step 1. Learn Linux It’s easier than you think. You don’t need

Read More »