OpenVPN vs WireGuard: Which one should you use?

Each of them have different advantages and use cases.

OpenVPN vs WireGuard: Which one should you use?

Two Protocols


Many VPNs offer the same protocols and give the user the option to choose from which protocol to use. The two most popular choices are OpenVPN and Wireguard. Each of them have different advantages and use cases. And if you really want to learn how to become a ghost, subscribe for free to our new content by email, by Session messenger, RSS feed, or Nostr.

OpenVPN


2001

OpenVPN has been around much longer than Wireguard. With an initial release in 2001 and over 5 million downloads worldwide, OpenVPN has been heavily penetration-tested and stood it’s ground.

Wide Support

The OpenVPN protocol is not only supported by nearly all major commercial VPN providers, but it also provides an open source framework for a random user to turn a cloud into their own private VPN more easily than other protocols.

Long History

The main advantage of OpenVPN is its long history of being secure and reliable, as well as being the most anonymous VPN. The disadvantage is that it’s slower than Wireguard.

Wireguard


Newer

Wireguard is a relatively new competitor to OpenVPN, having initially had experimental versions released in 2018. With funding from some of the top VPN providers, as well as (ironically) the US government via the Open Technology Fund, Wireguard is able to provide much faster internet traffic speeds compared to OpenVPN because of its multi thread approach.

Wireguard has less code

Wireguard has just 4,000 lines of code, which is significantly less than OpenVPN (with over 70,000). So some consider Wireguard more secure because it can be audited more easily. Also because Wireguard has less code, it has a lower attack surface for penetration.

Potential

The Wireguard protocol does, however, have some requirements that, if not properly implemented by the VPN provider, could lead to it being less anonymous, and therefore less private.

Responsibility

Since these requirements/flaws place a larger responsibility on the VPN provider to correctly implement solutions to it, some criticize Wireguard for forcing VPN users to put even greater trust in the VPN provider.

Minor Risk: temporarily “logs” IP addresses

Wireguard requires the user’s IP address to be stored in the server’s memory while being used. Some consider this a form of IP address logging. Now each VPN provider handles this differently.

Mullvad & OVPN

Some VPN providers like Mullvad and OVPN erase the map between IP addresses and encryption keys as soon as there has been no communication between the end user and the VPN server for 3 minutes. This is solving the problem by constantly “deleting the logs”.

Double NAT

Another approach is to assign users a fake 2nd internal IP address just to use Wireguard. This is the approach that NordVPN takes with its “double NAT” policy. NAT is the process of turning a public IP address private. So NordVPN claims they are doing this twice to avoid the Wireguard log issue.

Debate

There is heated debate over if Wireguard is anonymous and private enough. But everyone agrees, Wireguard requires more discretion on the part of the VPN provider to carefully deal with this data issue.

OpenVPN Beats Censorship


OpenVPN is better than Wireguard for situations in which either the website or the ISP block VPNs. To understand why OpenVPN can bypass these VPN restrictions more easily, let’s first learn how regular websites do encryption without a VPN.

Even without a VPN, a regular website is encrypted with HTTPS to prevent anyone in-between you and the website’s server from stealing data like passwords or credit card numbers. So WITHOUT a VPN, the ISP (internet service provider) can see which website you go to, but can NOT see what you actually do on that website.

Ports

Ports are like lanes on a highway for traffic. Different things take on different ports to avoid a conflict. (Think of the metaphor of a traffic jam.) Normal websites use Port 443 to send traffic and the TCP protocol.

443 TCP

Because OpenVPN can use the same port as regular websites (443 on TCP), it can sometimes trick a firewall or even a website into thinking this is just normal website traffic, where as Wireguard is clearly seen by firewalls as a VPN by only allowing UDP packets. But as we discussed earlier, UDP (and therefore Wireguard) is faster.

Conclusion & Summary


OpenVPN is more anonymous and private, but this comes at the price of slower speeds. Wireguard is newer and much faster, but requires more trust in the VPN providers in dealing with the temporary IP logging issue.

Faster

Because Wireguard is so much faster, it might be more appropriate to use in situations where anonymity is less important, such as for live video.

WebRTC Leaks

However, you should be aware that some live video platforms like Google Meet have vulnerabilities to leak your real IP address even when using a VPN. These are known as WebRTC leaks and Wireguard puts you more at risk for it as we will discuss in our future article.

Tor?

OpenVPN is better for evading bans on VPNs and is also required for use if you first routed traffic through Tor:

You -> Tor -> OpenVPN -> Website  

This is because Tor uses TCP packets, and Wireguard only does UDP.

Here at Simplified Privacy, we can help give custom tailored advice based on your needs. If you are feeling overwhelmed with the technical knowledge of trying to be private or having issues with a VPN or Tor being banned, reach out to us and chat anonymously.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push

Related Posts

How this VPN works

How this VPN works

Simplified Privacy's New Original VPN.

[SP]

Nov 15, 2024

Big News

Big News

VPN Announcement of Alpha Test

[SP]

Nov 13, 2024

VPN Announcement

VPN Announcement

We're doing an original VPN

[SP]

Nov 13, 2024

Decloaking VPN traffic: New critical vulnerability

Decloaking VPN traffic: New critical vulnerability

This allows the ISP or local router to see the VPN traffic by abusing your router

[SP]

May 7, 2024